CVE-2007-0957 Information
Description
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC) in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments possibly involving certain format string specifiers.
Reference
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html http://secunia.com/advisories/24706 http://secunia.com/advisories/24735 http://secunia.com/advisories/24736 http://secunia.com/advisories/24740 http://secunia.com/advisories/24750 http://secunia.com/advisories/24757 http://secunia.com/advisories/24785 http://secunia.com/advisories/24786 http://secunia.com/advisories/24798 http://secunia.com/advisories/24817 http://secunia.com/advisories/24966 http://secunia.com/advisories/25464 http://security.gentoo.org/glsa/glsa-200704-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt http://www.debian.org/security/2007/dsa-1276 http://www.kb.cert.org/vuls/id/704024 http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 http://www.redhat.com/support/errata/RHSA-2007-0095.html http://www.securityfocus.com/archive/1/464592/100/0/threaded http://www.securityfocus.com/archive/1/464666/100/0/threaded http://www.securityfocus.com/archive/1/464814/30/7170/threaded http://www.securityfocus.com/bid/23285 http://www.securitytracker.com/id?1017849 http://www.ubuntu.com/usn/usn-449-1 http://www.us-cert.gov/cas/techalerts/TA07-093B.html http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1218 http://www.vupen.com/english/advisories/2007/1250 http://www.vupen.com/english/advisories/2007/1470 http://www.vupen.com/english/advisories/2007/1983 https://exchange.xforce.ibmcloud.com/vulnerabilities/33411 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10757
Share on: