Debian Security Advisory DSA 1387-1 (librpcsecgss) Network Vulnerability

Summary

The remote host is missing an update to librpcsecgss announced via advisory DSA 1387-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201387-1

Insight

It has been discovered that the original patch for a buffer overflow in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (CVE-2007-3999, DSA-1368-1) was insufficient to protect from arbitrary code execution in some environments. The old stable distribution (sarge) does not contain a librpcseggss package. For the stable distribution (etch), this problem has been fixed in version 0.14-2etch3. For the unstable distribution (sid), this problem has been fixed in version 0.14-4. We recommend that you upgrade your librpcsecgss package.

Severity

Classification

CVE CVE-2007-3999, CVE-2007-4743
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 071-1 (fetchmail)
Debian Security Advisory DSA 078-1 (slrn)
Debian Security Advisory DSA 1019-1 (koffice)
Debian Security Advisory DSA 1049-1 (ethereal)
Debian Security Advisory DSA 028-1 (man-db)

Take action and discover your vulnerabilities