The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 103060 Security Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

A stack overflow vulnerability in the RPCSEC_GSS (see rpcsec_gss(3NSL)) security flavor used to access the Generic Security Services Application Programming Interface (GSS-API) affects the Kerberos administration daemon (kadmind(1M)). This vulnerability may allow an unauthorized remote user the ability to execute arbitrary commands on Kerberos Key Distribution Center(KDC) systems with the privileges of the kadmind(1M) daemon (usually root). This may also allow the remote user to compromise the Kerberos key database or cause the kadmind(1M) daemon to crash, which is a type of Denial of Service (DoS).

Note: Third-party applications which utilize RPCSEC_GSS may also be affected.

This issue is also referenced in the following documents:

MITKRB5-SA-2007-006 at:

CVE-2007-3999 at:

Note: Solaris is not affected by CVE-2007-4000 mentioned in MITKRB5-SA-2007-006.

Avoidance: Patch
State: Resolved
First released: 05-Sep-2007

Join the discussion

Comments ( 2 )
  • River Tarnell Sunday, September 30, 2007

    Could you clarify which patches resolve this issue for Solaris 10 x86? The listed IDR (IDR127647-03) conflicts with patch 126662-01, which seems to resolve a related but distinct security issue with rpc_gss. Is another patch required to fix this issue as well?

  • Paul Roberts Monday, October 1, 2007

    It's true that this IDR isn't compatible with 126662-01. We should have a t-patch available soon which will resolve this.

    However, the only fix that is delivered in patch 126662-01 is 6554841, which is \*also\* delivered in patch 126837-01 (this doubling of patch fixes is related to the way we currently develop update and patch releases as separate strains, with the patch fixes being replicated into the update patches which eventually supersede the patch releases once the update is published; 126662-01 is an update patch and the only fix that happened to that patch was a security fix which meant it appeared in both the update and patch strains).

    Patch 126837-01 is compatible with IDR127647-03 (in fact it's a dependency for that IDR) so with patch 126837-01 and IDR127647-03 installed you would have the same fixes as if you had 126662-01 and the IDR installed.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.