9

CVE-2007-0957

EPSS 13.22%
Published 06.04.2007 01:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

Affected products Warnungen 0 Metrics 2 CWE 1 References 40

Data is provided by the National Vulnerability Database (NVD)

Mit ≫ Kerberos 5 Version < 1.6.1

Debian ≫ Debian Linux Version3.1

Debian ≫ Debian Linux Version4.0

Canonical ≫ Ubuntu Linux Version5.10

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version6.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.22%	0.935

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://docs.info.apple.com/article.html?artnum=305391

Broken Link

http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/24966

Third Party Advisory

http://www.us-cert.gov/cas/techalerts/TA07-109A.html

Third Party Advisory

US Government Resource

http://www.vupen.com/english/advisories/2007/1470

Third Party Advisory

ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc

Broken Link

http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html

Broken Link

http://secunia.com/advisories/24706

Third Party Advisory

http://secunia.com/advisories/24735

Third Party Advisory

http://secunia.com/advisories/24736

Third Party Advisory

http://secunia.com/advisories/24740

Third Party Advisory

http://secunia.com/advisories/24750

Third Party Advisory

http://secunia.com/advisories/24757

Third Party Advisory

http://secunia.com/advisories/24785

Third Party Advisory

http://secunia.com/advisories/24786

Third Party Advisory

http://secunia.com/advisories/24817

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200704-02.xml

Third Party Advisory

http://www.debian.org/security/2007/dsa-1276

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:077

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0095.html

Third Party Advisory

http://www.securityfocus.com/archive/1/464666/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/464814/30/7170/threaded

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-449-1

Third Party Advisory

http://www.us-cert.gov/cas/techalerts/TA07-093B.html

Third Party Advisory

US Government Resource

http://www.vupen.com/english/advisories/2007/1218

Third Party Advisory

http://secunia.com/advisories/24798

Third Party Advisory

http://secunia.com/advisories/25464

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1

Broken Link

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/704024

Third Party Advisory

US Government Resource

http://www.securityfocus.com/archive/1/464592/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/23285

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1017849

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2007/1250

Third Party Advisory

http://www.vupen.com/english/advisories/2007/1983

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/33411

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757

Third Party Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2007-0957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0957

EUVD