9

CVE-2007-0957

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version < 1.6.1
DebianDebian Linux Version3.1
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version5.10
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.33% 0.951
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://docs.info.apple.com/article.html?artnum=305391
Broken Link
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/24966
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2007/1470
Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc
Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html
Broken Link
http://secunia.com/advisories/24706
Third Party Advisory
http://secunia.com/advisories/24735
Third Party Advisory
http://secunia.com/advisories/24736
Third Party Advisory
http://secunia.com/advisories/24740
Third Party Advisory
http://secunia.com/advisories/24750
Third Party Advisory
http://secunia.com/advisories/24757
Third Party Advisory
http://secunia.com/advisories/24785
Third Party Advisory
http://secunia.com/advisories/24786
Third Party Advisory
http://secunia.com/advisories/24817
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200704-02.xml
Third Party Advisory
http://www.debian.org/security/2007/dsa-1276
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0095.html
Third Party Advisory
http://www.securityfocus.com/archive/1/464666/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/464814/30/7170/threaded
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-449-1
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-093B.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2007/1218
Third Party Advisory
http://secunia.com/advisories/24798
Third Party Advisory
http://secunia.com/advisories/25464
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1
Broken Link
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/704024
Third Party Advisory
US Government Resource
http://www.securityfocus.com/archive/1/464592/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/23285
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1017849
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/1250
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1983
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33411
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757
Third Party Advisory
Broken Link