[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0957Date: (C)2007-04-05   (M)2023-12-22


Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.0
Exploit Score: 8.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017849
SUNALERT-102930
20070401-01-P
20070403
http://www.securityfocus.com/archive/1/464592/100/0/threaded
http://www.securityfocus.com/archive/1/464666/100/0/threaded
http://www.securityfocus.com/archive/1/464814/30/7170/threaded
BID-23285
SECUNIA-24706
SECUNIA-24735
SECUNIA-24736
SECUNIA-24740
SECUNIA-24750
SECUNIA-24757
SECUNIA-24785
SECUNIA-24786
SECUNIA-24798
SECUNIA-24817
SECUNIA-24966
SECUNIA-25464
ADV-2007-1218
ADV-2007-1250
ADV-2007-1470
ADV-2007-1983
APPLE-SA-2007-04-19
DSA-1276
GLSA-200704-02
MDKSA-2007:077
RHSA-2007:0095
SUSE-SA:2007:025
TA07-093B
TA07-109A
USN-449-1
VU#704024
http://docs.info.apple.com/article.html?artnum=305391
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt
kerberos-krb5klogsyslog-bo(33411)
oval:org.mitre.oval:def:10757

CPE    5
cpe:/o:canonical:ubuntu_linux:5.10
cpe:/o:canonical:ubuntu_linux:6.06
cpe:/o:debian:debian_linux:3.1
cpe:/o:debian:debian_linux:4.0
...
CWE    1
CWE-787

© SecPod Technologies