exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2007-1216

Status Candidate

Overview

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".

Related Files

Mandriva Linux Security Advisory 2007.077
Posted Apr 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 6a6d99a418acc8305f4de65a97346cfbfc444a7240458f96d1bbc4da290014ae
Mandriva Linux Security Advisory 2007.077
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.

tags | advisory, remote, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 4c85472c6c076fc42ea60fe1902ed6ac8df4cba85d66cc80bb7857e1689352c5
Ubuntu Security Notice 449-1
Posted Apr 5, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 449-1 - The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. The krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted message and execute arbitrary code with root privileges. The krb5 administration service was vulnerable to a double-free in the GSS RPC library. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 62e02dc1561b3f4f516800fab53dc51b4243752824d8b67f8137c364ff72c23b
Gentoo Linux Security Advisory 200704-2
Posted Apr 5, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200704-02 - The Kerberos telnet daemon fails to properly handle usernames allowing unauthorized access to any account (CVE-2007-0956). The Kerberos administration daemon, the KDC and possibly other applications using the MIT Kerberos libraries are vulnerable to the following issues. The krb5_klog_syslog function from the kadm5 library fails to properly validate input leading to a stack overflow (CVE-2007-0957). The GSS-API library is vulnerable to a double-free attack (CVE-2007-1216). Versions less than 1.5.2-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 92a43eb6ea21be6558b53054410890884d4a477782e2eaa9d2963e6bae48d971
Debian Linux Security Advisory 1276-1
Posted Apr 5, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1276-1 - Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
SHA-256 | 49909edfcb50870cc25f61bafbdef1cd2f38181b0590d72865beb8d02d6af72d
MITKRB5-SA-2007-003.txt
Posted Apr 5, 2007
Site web.mit.edu

MIT krb5 Security Advisory 2007-003 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a double-free attack in the RPCSEC_GSS authentication flavor of the RPC library, which itself results from a bug in the GSS-API library. Under some error conditions, the krb5 GSS-API mechanism can free a buffer which an application may then free again. This may result in arbitrary code execution. Third-party applications using the GSS-API library provided with MIT krb5 may also be vulnerable. Exploitation of double-free bugs is believed to be difficult. This is a bug in the GSS-API library included with MIT krb5, which is used by kadmind and by some third-party applications. It is not a bug in the Kerberos protocol.

tags | advisory, arbitrary, code execution, protocol
advisories | CVE-2007-1216
SHA-256 | f291c6c286ffbc83b72ebf4adc2f6466780b590111a25542252892793da975a8
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close