CVE-2007-0957

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
References
Link Resource
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt Patch Vendor Advisory
http://www.debian.org/security/2007/dsa-1276 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0095.html Third Party Advisory
http://www.ubuntu.com/usn/usn-449-1 Third Party Advisory
http://www.kb.cert.org/vuls/id/704024 Third Party Advisory US Government Resource
http://secunia.com/advisories/24706 Third Party Advisory
http://secunia.com/advisories/24736 Third Party Advisory
http://secunia.com/advisories/24757 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200704-02.xml Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html Broken Link
http://www.securityfocus.com/bid/23285 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017849 Third Party Advisory VDB Entry
http://secunia.com/advisories/24740 Third Party Advisory
http://secunia.com/advisories/24750 Third Party Advisory
http://secunia.com/advisories/24785 Third Party Advisory
http://secunia.com/advisories/24786 Third Party Advisory
http://secunia.com/advisories/24798 Third Party Advisory
http://secunia.com/advisories/24817 Third Party Advisory
http://secunia.com/advisories/24735 Third Party Advisory
http://docs.info.apple.com/article.html?artnum=305391 Broken Link
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html Mailing List Third Party Advisory
http://secunia.com/advisories/24966 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1 Broken Link
http://www.us-cert.gov/cas/techalerts/TA07-093B.html Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA07-109A.html Third Party Advisory US Government Resource
http://secunia.com/advisories/25464 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1218 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1470 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1250 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1983 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33411 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757 Broken Link Third Party Advisory
http://www.securityfocus.com/archive/1/464814/30/7170/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/464666/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/464592/100/0/threaded Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

Information

Published : 2007-04-06 01:19

Updated : 2021-02-02 06:24


NVD link : CVE-2007-0957

Mitre link : CVE-2007-0957

Products Affected
No products.
CWE