CVE-2007-0957

MIT Kerberos 5 < 1.6.1 - Authenticated Remote Code Execution via krb5_klog_syslog Buffer Overflow

Title source: manual

Description

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

References (37)

Core 37

Core References

Broken Link x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=305391

Broken Link, Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1218

Patch, Vendor Advisory x_refsource_confirm

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/464592/100/0/threaded

Broken Link vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24966

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24706

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24798

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24740

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0095.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1983

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24786

Broken Link vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA07-093B.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/464814/30/7170/threaded

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1276

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24735

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23285

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA07-109A.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24750

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1250

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24817

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24757

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/33411

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/704024

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1017849

Broken Link vendor-advisory x_refsource_suse

http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24785

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25464

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:077

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-449-1

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1470

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24736

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/464666/100/0/threaded

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200704-02.xml

Scores

EPSS 0.2612

EPSS Percentile 96.4%

Details

CWE

CWE-787

Status published

Products (6)

canonical/ubuntu_linux 5.10

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 6.10

debian/debian_linux 3.1

debian/debian_linux 4.0

mit/kerberos_5 < 1.6.1

Published Apr 06, 2007

Tracked Since Feb 18, 2026