Lucene search

K

[email protected]NVD:CVE-2007-0957

HistoryApr 06, 2007 - 1:19 a.m.

CVE-2007-0957

2007-04-0601:19:00

CWE-787

[email protected]

web.nvd.nist.gov

2

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.967

Percentile

99.7%

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

Affected configurations

NVD

Node

mitkerberos_5Range<1.6.1

Node

debiandebian_linuxMatch3.1

OR

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch5.10

OR

canonicalubuntu_linuxMatch6.06

OR

canonicalubuntu_linuxMatch6.10

References

ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc

docs.info.apple.com/article.html?artnum=305391

lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html

secunia.com/advisories/24706

secunia.com/advisories/24735

secunia.com/advisories/24736

secunia.com/advisories/24740

secunia.com/advisories/24750

secunia.com/advisories/24757

secunia.com/advisories/24785

secunia.com/advisories/24786

secunia.com/advisories/24798

secunia.com/advisories/24817

secunia.com/advisories/24966

secunia.com/advisories/25464

security.gentoo.org/glsa/glsa-200704-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1

web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt

www.debian.org/security/2007/dsa-1276

www.kb.cert.org/vuls/id/704024

www.mandriva.com/security/advisories?name=MDKSA-2007:077

www.redhat.com/support/errata/RHSA-2007-0095.html

www.securityfocus.com/archive/1/464592/100/0/threaded

www.securityfocus.com/archive/1/464666/100/0/threaded

www.securityfocus.com/archive/1/464814/30/7170/threaded

www.securityfocus.com/bid/23285

www.securitytracker.com/id?1017849

www.ubuntu.com/usn/usn-449-1

www.us-cert.gov/cas/techalerts/TA07-093B.html

www.us-cert.gov/cas/techalerts/TA07-109A.html

www.vupen.com/english/advisories/2007/1218

www.vupen.com/english/advisories/2007/1250

www.vupen.com/english/advisories/2007/1470

www.vupen.com/english/advisories/2007/1983

exchange.xforce.ibmcloud.com/vulnerabilities/33411

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.967

Percentile

99.7%

Related for NVD:CVE-2007-0957

checkpoint_advisories1 openvas51 prion1 nessus15 debiancve1 ubuntucve1 cve1 cert1 securityvulns3 packetstorm1 cvelist1 centos2 fedora7 debian1 suse1 gentoo1 ubuntu1 redhat1 osv1 oraclelinux1 vmware1