search menu icon-carat-right cmu-wordmark

CERT Coordination Center

MIT Kerberos 5 administration daemon stack overflow in krb5_klog_syslog()

Vulnerability Note VU#704024

Original Release Date: 2007-04-03 | Last Revised: 2007-05-30

Overview

The Kerberos administration daemon contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service.

Description

A vulnerability exists in the way the krb5_klog_syslog() function used by the Kerberos administration daemon handles specially crafted strings. This vulnerability may cause a buffer overflow that could allow a remote, authenticated user to execute arbitrary code. According to MIT krb5 Security Advisory MITKRB5-SA-2007-002:

krb5_klog_syslog() uses vsprintf() to format text into a fixed-length stack buffer. Format specifiers such as "%s" used in calls to krb5_klog_syslog() may allow formatting of strings of sufficient length to overwrite memory past the end of the stack buffer.

Certain strings received from the client by the kadmin daemon are not truncated prior to logging. Among these strings is the target principal for the kadmin operation.

The KDC truncates most client-originated strings prior to logging. One sort of string which is not truncated is a transited-realms string. A malicious KDC sharing a key with the target realm may issue tickets with specially-crafted transited-realms strings to exploit this vulnerability. There are other places where an authenticated user may cause the KDC to log a string which triggers the vulnerability.


Note that this issue affects all releases of MIT krb5 up to and including krb5-1.6. Other server applications that call the krb5_klog_syslog()function provided with MIT krb5 may also be affected.

This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system.

Impact

A remote, authenticated user may be able to execute arbitrary code on an affected system or cause the affected program to crash, resulting in a denial of service. Secondary impacts of code execution include complete compromise of the Kerberos key database.

Solution

Apply Patch


A patch can be obtained from MIT krb5 Security Advisory MITKRB5-SA-2007-002. MIT also states that this will be addressed in the upcoming krb5-1.6.1 release.

Vendor Information

704024
 
Affected   Unknown   Unaffected

Apple Computer, Inc.

Notified:  April 04, 2007 Updated:  April 20, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Apple Security Update 2007-004.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian GNU/Linux

Updated:  April 04, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Debian Security Advisory DSA 1276-1.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to GLSA 200704-02.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MIT Kerberos Development Team

Updated:  April 03, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to MITKRB5-SA-2007-002.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc.

Notified:  April 04, 2007 Updated:  April 05, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to MDKSA-2007:077.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc.

Notified:  April 04, 2007 Updated:  April 05, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Novell Security Advisory 3618705.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc.

Updated:  April 02, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to RHSA-2007-0095.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Notified:  April 04, 2007 Updated:  April 05, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to SUSE-SA:2007:025.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux

Notified:  April 04, 2007 Updated:  April 06, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Trustix Secure Linux Security Advisory #2007-0012.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ubuntu

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Ubuntu Security Notice USN-449-1.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

rPath

Updated:  April 05, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to rPSA-2007-0063-1.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AttachmateWRQ, Inc.

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cisco Systems, Inc.

Updated:  April 02, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CyberSafe, Inc.

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

The vulnerabilities references by VU#220816 do not apply to any CyberSafe products, including all versions of TrustBroker and Challenger.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Force10 Networks, Inc.

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Heimdal Kerberos Project

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi

Updated:  April 02, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation

Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

Kerberos is available for the AIX Operating System via Network Authentication Services for AIX. Network Authentication Services for AIX is not affected by the issues addressed in MITKRB5-SA-2007-002 [CVE-2007-0957, CERT/CC VU#704024].

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intoto

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

Intoto products are not vulnerable to the potential buffer overflow attacks on MIT Kerberos documented in this vulnerability note, as this component is not used in Intoto products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Juniper Networks, Inc.

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

Juniper Networks products are not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation

Notified:  April 04, 2007 Updated:  April 06, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

Openwall GNU/*/Linux is not vulnerable. We don't provide Kerberos.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Symantec, Inc.

Notified:  April 04, 2007 Updated:  April 05, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

3com, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

AT&T

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Alcatel

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avaya, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avici Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Borderware Technologies

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Charlotte's Web Networks

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Check Point Software Technologies

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Chiaro Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Clavister

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Data Connection, Ltd.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation)

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ericsson

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Extreme Networks

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fortinet, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Foundry Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Global Technology Associates

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hyperchip

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IP Filter

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intel Corporation

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Security Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

KTH Kerberos Team

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Linksys (A division of Cisco Systems)

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lucent Technologies

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Luminous Networks

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multinet (owned Process Software Corporation)

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multitech, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Network Appliance, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NextHop Technologies, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nortel Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Redback Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Riverstone Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secure Computing Network Security Division

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secureworx, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sony Corporation

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Stonesoft

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Watchguard Technologies, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

ZyXEL

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

eSoft, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 91 vendors View less vendors


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This issue was reported in MIT krb5 Security Advisory MITKRB5-SA-2007-002 . The MIT Kerberos Development Team credits iDefense Labs for reporting this issue.

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2007-0957
Severity Metric: 16.96
Date Public: 2007-04-03
Date First Published: 2007-04-03
Date Last Updated: 2007-05-30 17:35 UTC
Document Revision: 55

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.