9
CVE-2007-0957
- EPSS 10.33%
- Veröffentlicht 06.04.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:36:38
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mit ≫ Kerberos 5 Version < 1.6.1
Debian ≫ Debian Linux Version3.1
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version5.10
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version6.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.33% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
http://docs.info.apple.com/article.html?artnum=305391
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
http://secunia.com/advisories/24966
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
http://www.vupen.com/english/advisories/2007/1470
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html
http://secunia.com/advisories/24706
http://secunia.com/advisories/24735
http://secunia.com/advisories/24736
http://secunia.com/advisories/24740
http://secunia.com/advisories/24750
http://secunia.com/advisories/24757
http://secunia.com/advisories/24785
http://secunia.com/advisories/24786
http://secunia.com/advisories/24817
http://security.gentoo.org/glsa/glsa-200704-02.xml
http://www.debian.org/security/2007/dsa-1276
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077
http://www.redhat.com/support/errata/RHSA-2007-0095.html
http://www.securityfocus.com/archive/1/464666/100/0/threaded
http://www.securityfocus.com/archive/1/464814/30/7170/threaded
http://www.ubuntu.com/usn/usn-449-1
http://www.us-cert.gov/cas/techalerts/TA07-093B.html
http://www.vupen.com/english/advisories/2007/1218
http://secunia.com/advisories/24798
http://secunia.com/advisories/25464
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt
http://www.kb.cert.org/vuls/id/704024
http://www.securityfocus.com/archive/1/464592/100/0/threaded
http://www.securityfocus.com/bid/23285
http://www.securitytracker.com/id?1017849
http://www.vupen.com/english/advisories/2007/1250
http://www.vupen.com/english/advisories/2007/1983
https://exchange.xforce.ibmcloud.com/vulnerabilities/33411
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757