CVE-2007-0957
published 2007-04-06CVE-2007-0957: Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution…
PriorityP347critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
10.33%
95.1th percentile
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.4.4-8 (bookworm) | krb5 1.4.4-8 (bookworm) |
| mit | kerberos_5 | < 1.6.1 | 1.6.1 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL
vendor_ubuntu10.0CRITICAL
vendor_debian9.0HIGH
vendor_redhat9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qhvp-f78p-g96p: Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Dis
ghsa_unreviewed·2022-05-03
CVE-2007-0957 [HIGH] CWE-787 GHSA-qhvp-f78p-g96p: Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Dis
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
OSV
CVE-2007-0957: Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Dis
osv·2007-04-06·CVSS 9.0
CVE-2007-0957 [CRITICAL] CVE-2007-0957: Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Dis
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
Ubuntu
krb5 vulnerabilities
vendor_ubuntu·2007-04-04·CVSS 10.0
CVE-2007-0956 [CRITICAL] krb5 vulnerabilities
Title: krb5 vulnerabilities
Summary: krb5 vulnerabilities
The krb5 telnet service did not appropriately verify user names. A
remote attacker could log in as the root user by requesting a specially
crafted user name. (CVE-2007-0956)
The krb5 syslog library did not correctly verify the size of log
messages. A remote attacker could send a specially crafted message and
execute arbitrary code with root privileges. (CVE-2007-0957)
The krb5 administration service was vulnerable to a double-free in the
GSS RPC library. A remote attacker could send a specially crafted
request and execute arbitrary code with root privileges. (CVE-2007-1216)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
krb5_klog_syslog() stack buffer overflow
vendor_redhat·2007-04-03·CVSS 9.0
CVE-2007-0957 [CRITICAL] krb5_klog_syslog() stack buffer overflow
krb5_klog_syslog() stack buffer overflow
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
Debian
CVE-2007-0957: krb5 - Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 librar...
vendor_debian·2007·CVSS 9.0
CVE-2007-0957 [CRITICAL] CVE-2007-0957: krb5 - Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 librar...
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
Scope: local
bookworm: resolved (fixed in 1.4.4-8)
bullseye: resolved (fixed in 1.4.4-8)
forky: resolved (fixed in 1.4.4-8)
sid: resolved (fixed in 1.4.4-8)
trixie: resolved (fixed in 1.4.4-8)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-4302 kernel: splice: fix bad unlock_page() in error case
bugzilla·2008-09-16·CVSS 5.5
CVE-2008-4302 [MEDIUM] CVE-2008-4302 kernel: splice: fix bad unlock_page() in error case
CVE-2008-4302 kernel: splice: fix bad unlock_page() in error case
Description of problem:
If add_to_page_cache_lru() fails, the page will not be locked. But splice jumps to an error path that does a page release and unlock, causing a BUG() in unlock_page().
Discussion:
Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6a860c979b35469e4d77da781a96bdb2ca05ae64
Reference:
http://lkml.org/lkml/2007/7/20/168
---
Created attachment 316823
Upstream patch for this issue
---
Reproducer:
https://bugzilla.redhat.com/show_bug.cgi?id=461082#c3
---
This was addressed via:
Red Hat Enterprise Linux version 5 (RHSA-2008:0957)
Bugzilla
CVE-2007-0957 krb5_klog_syslog() stack buffer overflow
bugzilla·2007-03-08·CVSS 9.0
CVE-2007-0957 [CRITICAL] CVE-2007-0957 krb5_klog_syslog() stack buffer overflow
CVE-2007-0957 krb5_klog_syslog() stack buffer overflow
The MIT Kerberos Team has informed us of a stack based buffer overflow flaw in
krb5. An authenticated user could leverage this flaw to execute arbitrary code
with the permissions the kadmind process.
Discussion:
Created attachment 149633
Proposed upstream patch
---
This flaw should also affect RHEL2.1, 3, and 5
---
now public, removing embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0095.html
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.aschttp://docs.info.apple.com/article.html?artnum=305391http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlhttp://secunia.com/advisories/24706http://secunia.com/advisories/24735http://secunia.com/advisories/24736http://secunia.com/advisories/24740http://secunia.com/advisories/24750http://secunia.com/advisories/24757http://secunia.com/advisories/24785http://secunia.com/advisories/24786http://secunia.com/advisories/24798http://secunia.com/advisories/24817http://secunia.com/advisories/24966http://secunia.com/advisories/25464http://security.gentoo.org/glsa/glsa-200704-02.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txthttp://www.debian.org/security/2007/dsa-1276http://www.kb.cert.org/vuls/id/704024http://www.mandriva.com/security/advisories?name=MDKSA-2007:077http://www.redhat.com/support/errata/RHSA-2007-0095.htmlhttp://www.securityfocus.com/archive/1/464592/100/0/threadedhttp://www.securityfocus.com/archive/1/464666/100/0/threadedhttp://www.securityfocus.com/archive/1/464814/30/7170/threadedhttp://www.securityfocus.com/bid/23285http://www.securitytracker.com/id?1017849http://www.ubuntu.com/usn/usn-449-1http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-109A.htmlhttp://www.vupen.com/english/advisories/2007/1218http://www.vupen.com/english/advisories/2007/1250http://www.vupen.com/english/advisories/2007/1470http://www.vupen.com/english/advisories/2007/1983https://exchange.xforce.ibmcloud.com/vulnerabilities/33411https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.aschttp://docs.info.apple.com/article.html?artnum=305391http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlhttp://secunia.com/advisories/24706http://secunia.com/advisories/24735http://secunia.com/advisories/24736http://secunia.com/advisories/24740http://secunia.com/advisories/24750http://secunia.com/advisories/24757http://secunia.com/advisories/24785http://secunia.com/advisories/24786http://secunia.com/advisories/24798http://secunia.com/advisories/24817http://secunia.com/advisories/24966http://secunia.com/advisories/25464http://security.gentoo.org/glsa/glsa-200704-02.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txthttp://www.debian.org/security/2007/dsa-1276http://www.kb.cert.org/vuls/id/704024http://www.mandriva.com/security/advisories?name=MDKSA-2007:077http://www.redhat.com/support/errata/RHSA-2007-0095.htmlhttp://www.securityfocus.com/archive/1/464592/100/0/threadedhttp://www.securityfocus.com/archive/1/464666/100/0/threadedhttp://www.securityfocus.com/archive/1/464814/30/7170/threadedhttp://www.securityfocus.com/bid/23285http://www.securitytracker.com/id?1017849http://www.ubuntu.com/usn/usn-449-1http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-109A.htmlhttp://www.vupen.com/english/advisories/2007/1218http://www.vupen.com/english/advisories/2007/1250http://www.vupen.com/english/advisories/2007/1470http://www.vupen.com/english/advisories/2007/1983https://exchange.xforce.ibmcloud.com/vulnerabilities/33411https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757
2007-04-06
Published