CVE-2007-0957

Severity

90%

Complexity

80%

Confidentiality

165%

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

CVSS 2.0 Base Score 9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C).

Overview

First reported 17 years ago

2007-04-06 01:19:00

Last updated 6 years ago

2018-10-16 16:35:00

Affected Software

MIT Kerberos

References

20070401-01-P

http://docs.info.apple.com/article.html?artnum=305391

APPLE-SA-2007-04-19

SUSE-SA:2007:025

24706

Patch, Vendor Advisory

24735

24736

Patch, Vendor Advisory

24740

24750

24757

Patch, Vendor Advisory

24785

24786

24798

24817

24966

25464

GLSA-200704-02

102930

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt

Patch, Vendor Advisory

DSA-1276

Patch, Vendor Advisory

VU#704024

Patch, Third Party Advisory, US Government Resource

MDKSA-2007:077

RHSA-2007:0095

Patch, Vendor Advisory

20070403 MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]

20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

20070405 FLEA-2007-0008-1: krb5

23285

1017849

USN-449-1

Patch, Vendor Advisory

TA07-093B

US Government Resource

TA07-109A

US Government Resource

ADV-2007-1218

ADV-2007-1250

ADV-2007-1470

ADV-2007-1983

kerberos-krb5klogsyslog-bo(33411)

oval:org.mitre.oval:def:10757

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.