exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2007-0957

Status Candidate

Overview

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

Related Files

Mandriva Linux Security Advisory 2007.077
Posted Apr 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 6a6d99a418acc8305f4de65a97346cfbfc444a7240458f96d1bbc4da290014ae
kadmind-overflow.txt
Posted Apr 11, 2007
Authored by c0ntex | Site open-security.org

Kerberos version 1.5.1 kadmind remote root buffer overflow exploit.

tags | exploit, remote, overflow, root
advisories | CVE-2007-0957
SHA-256 | e8db9a1943cc4ec249fdac17fbfedb8363cfeb66696583954fa18de60266c597
Mandriva Linux Security Advisory 2007.077
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 4c85472c6c076fc42ea60fe1902ed6ac8df4cba85d66cc80bb7857e1689352c5
Ubuntu Security Notice 449-1
Posted Apr 5, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 449-1 - The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. The krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted message and execute arbitrary code with root privileges. The krb5 administration service was vulnerable to a double-free in the GSS RPC library. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 62e02dc1561b3f4f516800fab53dc51b4243752824d8b67f8137c364ff72c23b
Gentoo Linux Security Advisory 200704-2
Posted Apr 5, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200704-02 - The Kerberos telnet daemon fails to properly handle usernames allowing unauthorized access to any account (CVE-2007-0956). The Kerberos administration daemon, the KDC and possibly other applications using the MIT Kerberos libraries are vulnerable to the following issues. The krb5_klog_syslog function from the kadm5 library fails to properly validate input leading to a stack overflow (CVE-2007-0957). The GSS-API library is vulnerable to a double-free attack (CVE-2007-1216). Versions less than 1.5.2-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 92a43eb6ea21be6558b53054410890884d4a477782e2eaa9d2963e6bae48d971
Debian Linux Security Advisory 1276-1
Posted Apr 5, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1276-1 - Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 49909edfcb50870cc25f61bafbdef1cd2f38181b0590d72865beb8d02d6af72d
iDEFENSE Security Advisory 2007-04-03.2
Posted Apr 5, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.03.07 - Remote exploitation of a buffer overflow vulnerability in the Kerberos kadmind server, as included in various vendors' operating system distributions, could allow attackers to execute arbitrary code on a targeted host. The vulnerability exists within the server's logging function, klog_vsyslog(). A call is made to vsprintf(), with the destination buffer passed as a fixed size stack buffer. User input is not properly validated before being passed to this function, and a stack based buffer overflow can occur. iDefense has confirmed the existence of this vulnerability with Kerberos version 1.5.1 on Fedora CORE 5. It is likely that all distributions that contain this version of Kerberos are vulnerable.

tags | advisory, remote, overflow, arbitrary
systems | linux, fedora
advisories | CVE-2007-0957
SHA-256 | 89da317f87ae2213d94288ef79b00b18ea8b94aa62f931ccae0c56fdcd9f3b68
MITKRB5-SA-2007-002.txt
Posted Apr 5, 2007
Site web.mit.edu

MIT krb5 Security Advisory 2007-002 - The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. Exploitation of this vulnerability is probably simple. This is a vulnerability in the the kadm5 library, which is used by the KDC and kadmind, and possibly by some third-party applications. It is not a bug in the MIT krb5 protocol libraries or in the Kerberos protocol.

tags | advisory, protocol
advisories | CVE-2007-0957
SHA-256 | 245649e1ac34647dc9b3ba7ed654bd1c43c69789f15fc8639c40e411278935ec
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close