exploits , vulnerabilities , articles , MIT Kerberos5 kadmind Excessive File Descriptors Multiple Remote Code Execution Vulnerabilities

Title	MIT Kerberos5 kadmind Excessive File Descriptors Multiple Remote Code Execution Vulnerabilities
Published	2008-03-18-12:00AM
Updated	2008-03-24-08:40PM
Class	Boundary Condition Error
CVE	CVE-2008-0947 E-2008-0948
Remote	Yes
Local	No
Credit	Jeff Altman of Secure Endpoints discovered the issue in version 1.6.3 and the Red Hat Security Response Team reported relevant information about older versions.
Vulnerable	Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.1 rPath rPath Linux 1 rPath Appliance Platform Linux Service 1 RedHat Linux Advanced Workstation 2.1 for the Ita 2.1 IA64 RedHat Fedora 8 0 RedHat Fedora 7 0 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 3.0 MIT Kerberos 5 1.6.3 MIT Kerberos 5 1.6.2 MIT Kerberos 5 1.6.1 MIT Kerberos 5 1.6 MIT Kerberos 5 1.5.5 MIT Kerberos 5 1.5.4 MIT Kerberos 5 1.5.3 MIT Kerberos 5 1.5.2 MIT Kerberos 5 1.5.1 MIT Kerberos 5 1.5 MIT Kerberos 5 1.4.3 MIT Kerberos 5 1.4.2 MIT Kerberos 5 1.4.1 MIT Kerberos 5 1.4 MIT Kerberos 5 1.3 alpha1 MIT Kerberos 5 1.3 MandrakeSoft Linux Mandrake 10.0 AMD64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 MIT Kerberos 5 1.2.8 MIT Kerberos 5 1.2.7 MandrakeSoft Linux Mandrake 9.1 ppc MandrakeSoft Linux Mandrake 9.1 RedHat Linux 9.0 i386 MIT Kerberos 5 1.2.6 MIT Kerberos 5 1.2.5 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 MandrakeSoft Linux Mandrake 9.0 RedHat Linux 8.0 i386 RedHat Linux 8.0 Turbolinux Home Turbolinux Turbolinux 10 F... Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux Server 8.0 Wirex Immunix OS 7 MIT Kerberos 5 1.2.4 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 RedHat Linux 7.3 i386 RedHat Linux 7.3 MIT Kerberos 5 1.2.3 MIT Kerberos 5 1.2.2 beta1 MIT Kerberos 5 1.2.2 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia64 Debian Linux 4.0 ia32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable	MIT Kerberos 5 1.6.4
Code	Attackers can use readily available tools to launch attacks.Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: content@securitydot.net.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Drupal Sections Module HTML Injection Vulnerability
• 2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability
• 2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
• 2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 12:38:36 +0000