MitreCVELIST:CVE-2007-0957CVE-2007-0957
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
References
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc
docs.info.apple.com/article.html?artnum=305391
lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html
secunia.com/advisories/24706
secunia.com/advisories/24735
secunia.com/advisories/24736
secunia.com/advisories/24740
secunia.com/advisories/24750
secunia.com/advisories/24757
secunia.com/advisories/24785
secunia.com/advisories/24786
secunia.com/advisories/24798
secunia.com/advisories/24817
secunia.com/advisories/24966
secunia.com/advisories/25464
security.gentoo.org/glsa/glsa-200704-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1
web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt
www.debian.org/security/2007/dsa-1276
www.kb.cert.org/vuls/id/704024
www.mandriva.com/security/advisories?name=MDKSA-2007:077
www.redhat.com/support/errata/RHSA-2007-0095.html
www.securityfocus.com/archive/1/464592/100/0/threaded
www.securityfocus.com/archive/1/464666/100/0/threaded
www.securityfocus.com/archive/1/464814/30/7170/threaded
www.securityfocus.com/bid/23285
www.securitytracker.com/id?1017849
www.ubuntu.com/usn/usn-449-1
www.us-cert.gov/cas/techalerts/TA07-093B.html
www.us-cert.gov/cas/techalerts/TA07-109A.html
www.vupen.com/english/advisories/2007/1218
www.vupen.com/english/advisories/2007/1250
www.vupen.com/english/advisories/2007/1470
www.vupen.com/english/advisories/2007/1983
exchange.xforce.ibmcloud.com/vulnerabilities/33411
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757
Related
