Vulnerability Note VU#704024
MIT Kerberos 5 administration daemon stack overflow in krb5_klog_syslog()
The Kerberos administration daemon contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service.
A vulnerability exists in the way the krb5_klog_syslog() function used by the Kerberos administration daemon handles specially crafted strings. This vulnerability may cause a buffer overflow that could allow a remote, authenticated user to execute arbitrary code. According to MIT krb5 Security Advisory MITKRB5-SA-2007-002:
krb5_klog_syslog() uses vsprintf() to format text into a fixed-length stack buffer. Format specifiers such as "%s" used in calls to krb5_klog_syslog() may allow formatting of strings of sufficient length to overwrite memory past the end of the stack buffer.
This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system.
A remote, authenticated user may be able to execute arbitrary code on an affected system or cause the affected program to crash, resulting in a denial of service. Secondary impacts of code execution include complete compromise of the Kerberos key database.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||04 Apr 2007||20 Apr 2007|
|Debian GNU/Linux||Affected||-||04 Apr 2007|
|Gentoo Linux||Affected||21 Mar 2007||04 Apr 2007|
|Mandriva, Inc.||Affected||04 Apr 2007||05 Apr 2007|
|MIT Kerberos Development Team||Affected||-||03 Apr 2007|
|Novell, Inc.||Affected||04 Apr 2007||05 Apr 2007|
|Red Hat, Inc.||Affected||-||02 Apr 2007|
|rPath||Affected||-||05 Apr 2007|
|SUSE Linux||Affected||04 Apr 2007||05 Apr 2007|
|Trustix Secure Linux||Affected||04 Apr 2007||06 Apr 2007|
|Ubuntu||Affected||21 Mar 2007||04 Apr 2007|
|AttachmateWRQ, Inc.||Not Affected||21 Mar 2007||04 Apr 2007|
|Cisco Systems, Inc.||Not Affected||-||02 Apr 2007|
|CyberSafe, Inc.||Not Affected||21 Mar 2007||04 Apr 2007|
|Force10 Networks, Inc.||Not Affected||21 Mar 2007||04 Apr 2007|
CVSS Metrics (Learn More)
This issue was reported in MIT krb5 Security Advisory MITKRB5-SA-2007-002. The MIT Kerberos Development Team credits iDefense Labs for reporting this issue.
This document was written by Chris Taschner.
- CVE IDs: CVE-2007-0957
- Date Public: 03 Apr 2007
- Date First Published: 03 Apr 2007
- Date Last Updated: 30 May 2007
- Severity Metric: 16.96
- Document Revision: 55
If you have feedback, comments, or additional information about this vulnerability, please send us email.