(Novell Issues Fix) Kerberos kadmin/KDC Stack Overflow in krb5_klog_syslog() Lets Remote Authenticated Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1017880 |
|
SecurityTracker URL: http://securitytracker.com/id/1017880
|
|
CVE Reference:
CVE-2007-0957
(Links to External Site)
|
Date: Apr 5 2007
|
Impact:
Execution of arbitrary code via network, Root access via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Kerberos in the administration daemon and the KDC. A remote authenticated user can execute arbitrary code on the target system.
A remote authenticated user can send specially crafted data to trigger a stack overflow in the krb5_klog_syslog() function and execute arbitrary code on the target system. The code will run with the privileges of the target service, which typically runs with root privileges. This can compromise the Kerberos key database.
The vulnerability resides in the kadm5 library. As a result, third party applications that use the library may be affected.
The vendor credits iDefense with reporting this vulnerability.
|
Impact:
A remote authenticated user can execute arbitrary code on the target system, typically with root level privileges.
|
Solution:
Novell has issued a fix (Novell Kerberos KDC 1.0.2), available at:
http://download.novell.com
The Novell advisory is available at:
https://secure-support.novell.com/KanisaPlatform/Publishing/150/3618705_f.SAL_Public.html
|
Vendor URL: web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 5 Apr 2007 11:56:53 -0400
Subject: Novell
|
https://secure-support.novell.com/KanisaPlatform/Publishing/150/3618705_f.SAL_Public.html
CVE-2007-0957
|
|
