Note: This page is part of the archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact if you have any questions about the US-CERT website archive.

Alert (TA07-177A)

MIT Kerberos Vulnerabilities

Systems Affected

  • MIT Kerberos

Other products that use the RPC library provided with MIT Kerberos or other RPC libraries derived from SunRPC may also be affected.


The MIT Kerberos 5 implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.


There are three vulnerabilities that affect MIT Kerberos 5:

  • VU#356961 - MIT Kerberos RPC library gssrpc__svcauth_gssapi() uninitialized pointer free vulnerability
    A vulnerability in the MIT Kerberos administration daemon (kadmind) may allow an uninitialized pointer to be freed, which may allow a remote, unauthenticated user to execute arbitrary code. This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system. (CVE-2007-2442)

  • VU#365313 - MIT Kerberos kadmind RPC library gssrpc__svcauth_unix() integer conversion error
    An integer conversion error vulnerability exists in the MIT Kerberos kadmind that may allow a remote, unauthenticated user to execute arbitrary code. (CVE-2007-2443)

  • VU#554257 - MIT Kerberos kadmind principal renaming stack buffer overflow
    A stack buffer overflow exists in the way the MIT Kerberos kadmind handles the principle renaming operation, which may allow a remote, authenticated user to execute arbitrary code. (CVE-2007-2798)


A remote, unauthenticated attacker may be able to execute arbitrary code on KDCs, systems running kadmind, and application servers that use the RPC library. An attacker could also cause a denial of service on any of these systems. These vulnerabilities could result in the compromise of both the KDC and an entire Kerberos realm.


Check with your vendors for patches or updates. For information about a vendor, please see the systems affected section in the individual vulnerability notes or contact your vendor directly.

Alternatively, apply the appropriate source code patches referenced in MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005 and recompile.

These vulnerabilities will also be addressed in the krb5-1.6.2 and krb5-1.5.4 releases.


Revision History

  • June 26, 2007: Initial release
    June 27, 2007: Added CVE identifiers

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No