A security vulnerability in the implementation of the RPCSEC_GSS API, which impacts applications utilizing this API (rpcsec_gss(3NSL)) such as the kadmind(1M) daemon, may allow execution of arbitrary commands. In the case of Kerberos Key Distribution Centers(KDC) (which run kadmind(1M)) an unprivileged and unauthenticated remote user may be able to execute arbitrary commands on the system with the privileges of the kadmind(1M) daemon (usually 'root').

In addition, on KDC systems this issue may allow the remote user to compromise the Kerberos key database or cause the affected program to crash, which is a form of Denial of Service (DoS).

This issue is referenced in the following documents:

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt

CVE-2007-2442 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442