CVE-2007-0957

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-04-2007 03:19

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.0

Base score

8.0

10.0

Exploitability score

Impact score

Verification logic

Reference

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt
DSA-1276-Third Party Advisory
RHSA-2007:0095-Third Party Advisory
USN-449-1-Third Party Advisory
VU#704024-Third Party Advisory, US Government Resource
24706-Third Party Advisory
24736-Third Party Advisory
24757-Third Party Advisory
GLSA-200704-02-Third Party Advisory
20070401-01-P-Broken Link
SUSE-SA:2007:025-Broken Link
23285-Third Party Advisory, VDB Entry
1017849-Third Party Advisory, VDB Entry
24740-Third Party Advisory
24750-Third Party Advisory
24785-Third Party Advisory
24786-Third Party Advisory
24798-Third Party Advisory
24817-Third Party Advisory
24735-Third Party Advisory
http://docs.info.apple.com/article.html?artnum=305391
APPLE-SA-2007-04-19-Mailing List, Third Party Advisory
24966-Third Party Advisory
MDKSA-2007:077-Third Party Advisory
102930-Broken Link
TA07-093B-Third Party Advisory, US Government Resource
TA07-109A-Third Party Advisory, US Government Resource
25464-Third Party Advisory
ADV-2007-1218-Third Party Advisory
ADV-2007-1470-Third Party Advisory
ADV-2007-1250-Third Party Advisory
ADV-2007-1983-Third Party Advisory
kerberos-krb5klogsyslog-bo(33411)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:10757-Broken Link, Third Party Advisory
20070405 FLEA-2007-0008-1: krb5-Third Party Advisory, VDB Entry
20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation-Third Party Advisory, VDB Entry
20070403 MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]-Third Party Advisory, VDB Entry

Keywords

CVE-2007-0957

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-0957

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures