The Kerberos administration daemon contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service.
A vulnerability exists in the way the krb5_klog_syslog() function used by the Kerberos administration daemon handles specially crafted strings. This vulnerability may cause a buffer overflow that could allow a remote, authenticated user to execute arbitrary code. According to MIT krb5 Security Advisory MITKRB5-SA-2007-002:
krb5_klog_syslog() uses vsprintf() to format text into a fixed-length stack buffer. Format specifiers such as "%s" used in calls to krb5_klog_syslog() may allow formatting of strings of sufficient length to overwrite memory past the end of the stack buffer.
A remote, authenticated user may be able to execute arbitrary code on an affected system or cause the affected program to crash, resulting in a denial of service. Secondary impacts of code execution include complete compromise of the Kerberos key database.
This issue was reported in MIT krb5 Security Advisory MITKRB5-SA-2007-002 . The MIT Kerberos Development Team credits iDefense Labs for reporting this issue.
|Date First Published:||2007-04-03|
|Date Last Updated:||2007-05-30 17:35 UTC|