SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
Kerberos kadmin/KDC Stack Overflow in krb5_klog_syslog() Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017849
SecurityTracker URL:  http://securitytracker.com/id/1017849
CVE Reference:   CVE-2007-0957   (Links to External Site)
Date:  Apr 3 2007
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): krb5 prior to krb5-1.6.1
Description:   A vulnerability was reported in Kerberos in the administration daemon and the KDC. A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can send specially crafted data to trigger a stack overflow in the krb5_klog_syslog() function and execute arbitrary code on the target system. The code will run with the privileges of the target service, which typically runs with root privileges. This can compromise the Kerberos key database.

The vulnerability resides in the kadm5 library. As a result, third party applications that use the library may be affected.

The vendor credits iDefense with reporting this vulnerability.

Impact:   A remote authenticated user can execute arbitrary code on the target system, typically with root level privileges.
Solution:   The vendor has issued a patch, available at:

http://web.mit.edu/kerberos/advisories/2007-002-patch.txt

The pending krb5-1.6.1 release will include this fix.

The MIT advisory is available at:

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002.txt

Vendor URL:  web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 3 2007 (Red Hat Issues Fix) Kerberos kadmin/KDC Stack Overflow in krb5_klog_syslog() Lets Remote Authenticated Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
Apr 3 2007 (IBM Issues Fix for AIX) Kerberos kadmin/KDC Stack Overflow in krb5_klog_syslog() Lets Remote Authenticated Users Execute Arbitrary Code
IBM has issued a fix for Network Authentication Service on IBM AIX 5.2 and 5.3.
Apr 5 2007 (Novell Issues Fix) Kerberos kadmin/KDC Stack Overflow in krb5_klog_syslog() Lets Remote Authenticated Users Execute Arbitrary Code
Novell has issued a fix for Novel Kerberos KDC.
Apr 19 2007 (Apple Issues Fix) Kerberos kadmin/KDC Stack Overflow in krb5_klog_syslog() Lets Remote Authenticated Users Execute Arbitrary Code
Apple has released a fix for Mac OS X.
May 29 2007 (Sun Issues Fix) Kerberos kadmin/KDC Stack Overflow in krb5_klog_syslog() Lets Remote Authenticated Users Execute Arbitrary Code
Sun has issued a fix for Solaris 8, 9, and 10.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC