CVE-2007-0957

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc Broken Link
http://docs.info.apple.com/article.html?artnum=305391 Broken Link
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html Mailing List Third Party Advisory
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html Broken Link
http://secunia.com/advisories/24706 Third Party Advisory
http://secunia.com/advisories/24735 Third Party Advisory
http://secunia.com/advisories/24736 Third Party Advisory
http://secunia.com/advisories/24740 Third Party Advisory
http://secunia.com/advisories/24750 Third Party Advisory
http://secunia.com/advisories/24757 Third Party Advisory
http://secunia.com/advisories/24785 Third Party Advisory
http://secunia.com/advisories/24786 Third Party Advisory
http://secunia.com/advisories/24798 Third Party Advisory
http://secunia.com/advisories/24817 Third Party Advisory
http://secunia.com/advisories/24966 Third Party Advisory
http://secunia.com/advisories/25464 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200704-02.xml Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1 Broken Link
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt Patch Vendor Advisory
http://www.debian.org/security/2007/dsa-1276 Third Party Advisory
http://www.kb.cert.org/vuls/id/704024 Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0095.html Third Party Advisory
http://www.securityfocus.com/archive/1/464592/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/464666/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/464814/30/7170/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/23285 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017849 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-449-1 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-093B.html Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA07-109A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2007/1218 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1250 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1470 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1983 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33411 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757 Broken Link Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc Broken Link
http://docs.info.apple.com/article.html?artnum=305391 Broken Link
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html Mailing List Third Party Advisory
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html Broken Link
http://secunia.com/advisories/24706 Third Party Advisory
http://secunia.com/advisories/24735 Third Party Advisory
http://secunia.com/advisories/24736 Third Party Advisory
http://secunia.com/advisories/24740 Third Party Advisory
http://secunia.com/advisories/24750 Third Party Advisory
http://secunia.com/advisories/24757 Third Party Advisory
http://secunia.com/advisories/24785 Third Party Advisory
http://secunia.com/advisories/24786 Third Party Advisory
http://secunia.com/advisories/24798 Third Party Advisory
http://secunia.com/advisories/24817 Third Party Advisory
http://secunia.com/advisories/24966 Third Party Advisory
http://secunia.com/advisories/25464 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200704-02.xml Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1 Broken Link
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt Patch Vendor Advisory
http://www.debian.org/security/2007/dsa-1276 Third Party Advisory
http://www.kb.cert.org/vuls/id/704024 Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0095.html Third Party Advisory
http://www.securityfocus.com/archive/1/464592/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/464666/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/464814/30/7170/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/23285 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1017849 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-449-1 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-093B.html Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA07-109A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2007/1218 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1250 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1470 Third Party Advisory
http://www.vupen.com/english/advisories/2007/1983 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33411 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757 Broken Link Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

History

21 Nov 2024, 00:27

Type Values Removed Values Added
References () ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc - Broken Link () ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc - Broken Link
References () http://docs.info.apple.com/article.html?artnum=305391 - Broken Link () http://docs.info.apple.com/article.html?artnum=305391 - Broken Link
References () http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html - Mailing List, Third Party Advisory () http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html - Mailing List, Third Party Advisory
References () http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html - Broken Link () http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html - Broken Link
References () http://secunia.com/advisories/24706 - Third Party Advisory () http://secunia.com/advisories/24706 - Third Party Advisory
References () http://secunia.com/advisories/24735 - Third Party Advisory () http://secunia.com/advisories/24735 - Third Party Advisory
References () http://secunia.com/advisories/24736 - Third Party Advisory () http://secunia.com/advisories/24736 - Third Party Advisory
References () http://secunia.com/advisories/24740 - Third Party Advisory () http://secunia.com/advisories/24740 - Third Party Advisory
References () http://secunia.com/advisories/24750 - Third Party Advisory () http://secunia.com/advisories/24750 - Third Party Advisory
References () http://secunia.com/advisories/24757 - Third Party Advisory () http://secunia.com/advisories/24757 - Third Party Advisory
References () http://secunia.com/advisories/24785 - Third Party Advisory () http://secunia.com/advisories/24785 - Third Party Advisory
References () http://secunia.com/advisories/24786 - Third Party Advisory () http://secunia.com/advisories/24786 - Third Party Advisory
References () http://secunia.com/advisories/24798 - Third Party Advisory () http://secunia.com/advisories/24798 - Third Party Advisory
References () http://secunia.com/advisories/24817 - Third Party Advisory () http://secunia.com/advisories/24817 - Third Party Advisory
References () http://secunia.com/advisories/24966 - Third Party Advisory () http://secunia.com/advisories/24966 - Third Party Advisory
References () http://secunia.com/advisories/25464 - Third Party Advisory () http://secunia.com/advisories/25464 - Third Party Advisory
References () http://security.gentoo.org/glsa/glsa-200704-02.xml - Third Party Advisory () http://security.gentoo.org/glsa/glsa-200704-02.xml - Third Party Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1 - Broken Link () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1 - Broken Link
References () http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt - Patch, Vendor Advisory () http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt - Patch, Vendor Advisory
References () http://www.debian.org/security/2007/dsa-1276 - Third Party Advisory () http://www.debian.org/security/2007/dsa-1276 - Third Party Advisory
References () http://www.kb.cert.org/vuls/id/704024 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/704024 - Third Party Advisory, US Government Resource
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 - Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 - Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2007-0095.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2007-0095.html - Third Party Advisory
References () http://www.securityfocus.com/archive/1/464592/100/0/threaded - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/464592/100/0/threaded - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/464666/100/0/threaded - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/464666/100/0/threaded - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/464814/30/7170/threaded - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/464814/30/7170/threaded - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/23285 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/23285 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1017849 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1017849 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-449-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-449-1 - Third Party Advisory
References () http://www.us-cert.gov/cas/techalerts/TA07-093B.html - Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA07-093B.html - Third Party Advisory, US Government Resource
References () http://www.us-cert.gov/cas/techalerts/TA07-109A.html - Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA07-109A.html - Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2007/1218 - Third Party Advisory () http://www.vupen.com/english/advisories/2007/1218 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2007/1250 - Third Party Advisory () http://www.vupen.com/english/advisories/2007/1250 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2007/1470 - Third Party Advisory () http://www.vupen.com/english/advisories/2007/1470 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2007/1983 - Third Party Advisory () http://www.vupen.com/english/advisories/2007/1983 - Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/33411 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/33411 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757 - Broken Link, Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757 - Broken Link, Third Party Advisory

Information

Published : 2007-04-06 01:19

Updated : 2024-11-21 00:27


NVD link : CVE-2007-0957

Mitre link : CVE-2007-0957

CVE.ORG link : CVE-2007-0957


JSON object : View

Products Affected

canonical

  • ubuntu_linux

debian

  • debian_linux

mit

  • kerberos_5
CWE
CWE-787

Out-of-bounds Write