Lucene search

K

[email protected]CVE-2007-0957

HistoryApr 06, 2007 - 1:19 a.m.

CVE-2007-0957

2007-04-0601:19:00

CWE-787

[email protected]

web.nvd.nist.gov

44

2

cve-2007-0957

buffer overflow

krb5_klog_syslog

remote authentication

arbitrary code execution

kerberos

key database

mit krb5

7.3 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.7%

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5lt1.6.1
debian:debian_linuxdebian debian linuxeq3.1
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq5.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06

References

ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc

docs.info.apple.com/article.html?artnum=305391

lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html

secunia.com/advisories/24706

secunia.com/advisories/24735

secunia.com/advisories/24736

secunia.com/advisories/24740

secunia.com/advisories/24750

secunia.com/advisories/24757

secunia.com/advisories/24785

secunia.com/advisories/24786

secunia.com/advisories/24798

secunia.com/advisories/24817

secunia.com/advisories/24966

secunia.com/advisories/25464

security.gentoo.org/glsa/glsa-200704-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1

web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt

www.debian.org/security/2007/dsa-1276

www.kb.cert.org/vuls/id/704024

www.mandriva.com/security/advisories?name=MDKSA-2007:077

www.redhat.com/support/errata/RHSA-2007-0095.html

www.securityfocus.com/archive/1/464592/100/0/threaded

www.securityfocus.com/archive/1/464666/100/0/threaded

www.securityfocus.com/archive/1/464814/30/7170/threaded

www.securityfocus.com/bid/23285

www.securitytracker.com/id?1017849

www.ubuntu.com/usn/usn-449-1

www.us-cert.gov/cas/techalerts/TA07-093B.html

www.us-cert.gov/cas/techalerts/TA07-109A.html

www.vupen.com/english/advisories/2007/1218

www.vupen.com/english/advisories/2007/1250

www.vupen.com/english/advisories/2007/1470

www.vupen.com/english/advisories/2007/1983

exchange.xforce.ibmcloud.com/vulnerabilities/33411

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757

Social References

More

7.3 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.7%

Related for CVE-2007-0957

checkpoint_advisories1 prion1 openvas51 nessus15 debiancve1 ubuntucve1 packetstorm1 securityvulns3 cert1 debian1 gentoo1 fedora7 centos2 suse1 osv1 redhat1 ubuntu1 oraclelinux1 vmware1