Overview
The Kerberos administration daemon contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service.
Description
A vulnerability exists in the way the krb5_klog_syslog() function used by the Kerberos administration daemon handles specially crafted strings. This vulnerability may cause a buffer overflow that could allow a remote, authenticated user to execute arbitrary code. According to MIT krb5 Security Advisory MITKRB5-SA-2007-002: krb5_klog_syslog() uses vsprintf() to format text into a fixed-length stack buffer. Format specifiers such as "%s" used in calls to krb5_klog_syslog() may allow formatting of strings of sufficient length to overwrite memory past the end of the stack buffer. |
Impact
A remote, authenticated user may be able to execute arbitrary code on an affected system or cause the affected program to crash, resulting in a denial of service. Secondary impacts of code execution include complete compromise of the Kerberos key database. |
Solution
Apply Patch |
Vendor Information
Apple Computer, Inc. Affected
Notified: April 04, 2007 Updated: April 20, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to Apple Security Update 2007-004.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MIT Kerberos Development Team Affected
Updated: April 03, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to MITKRB5-SA-2007-002.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc. Affected
Notified: April 04, 2007 Updated: April 05, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to MDKSA-2007:077.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Novell, Inc. Affected
Notified: April 04, 2007 Updated: April 05, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to Novell Security Advisory 3618705.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat, Inc. Affected
Updated: April 02, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to RHSA-2007-0095.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SUSE Linux Affected
Notified: April 04, 2007 Updated: April 05, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to SUSE-SA:2007:025.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Trustix Secure Linux Affected
Notified: April 04, 2007 Updated: April 06, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to Trustix Secure Linux Security Advisory #2007-0012.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
rPath Affected
Updated: April 05, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to rPSA-2007-0063-1.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cisco Systems, Inc. Not Affected
Updated: April 02, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hitachi Not Affected
Updated: April 02, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation Not Affected
Updated: April 04, 2007
Status
Not Affected
Vendor Statement
Kerberos is available for the AIX Operating System via Network Authentication Services for AIX. Network Authentication Services for AIX is not affected by the issues addressed in MITKRB5-SA-2007-002 [CVE-2007-0957, CERT/CC VU#704024].
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NEC Corporation Not Affected
Notified: April 04, 2007 Updated: April 06, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Openwall GNU/*/Linux Not Affected
Notified: April 04, 2007 Updated: April 04, 2007
Status
Not Affected
Vendor Statement
Openwall GNU/*/Linux is not vulnerable. We don't provide Kerberos.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Symantec, Inc. Not Affected
Notified: April 04, 2007 Updated: April 05, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
3com, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
AT&T Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Alcatel Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Avici Systems, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Borderware Technologies Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Charlotte's Web Networks Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Check Point Software Technologies Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Chiaro Networks, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Clavister Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Computer Associates Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cray Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Data Connection, Ltd. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
EMC, Inc. (formerly Data General Corporation) Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ericsson Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Extreme Networks Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fedora Project Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fortinet, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Foundry Networks, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fujitsu Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Global Technology Associates Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hyperchip Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM eServer Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IP Filter Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Immunix Communications, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ingrian Networks, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Intel Corporation Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Internet Security Systems, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
KTH Kerberos Team Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Linksys (A division of Cisco Systems) Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Lucent Technologies Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Luminous Networks Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Multinet (owned Process Software Corporation) Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Multitech, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NetBSD Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Network Appliance, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NextHop Technologies, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nokia Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nortel Networks, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
OpenBSD Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
QNX, Software Systems, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Redback Networks, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Riverstone Networks, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Secure Computing Network Security Division Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Secureworx, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sony Corporation Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Stonesoft Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
The SCO Group Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Turbolinux Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Unisys Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Watchguard Technologies, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
ZyXEL Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
eSoft, Inc. Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
netfilter Unknown
Notified: April 04, 2007 Updated: April 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
- http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
- http://web.mit.edu/kerberos/advisories/2007-002-patch.txt
- http://web.mit.edu/kerberos/advisories/2007-002-patch.txt.asc
- http://secunia.com/advisories/24757/
- http://secunia.com/advisories/24735/
- http://secunia.com/advisories/24750/
- http://secunia.com/advisories/24740/
- https://secure-support.novell.com/KanisaPlatform/Publishing/150/3618705_f.SAL_Public.html
- http://securitytracker.com/alerts/2007/Apr/1017849.html
- http://docs.info.apple.com/article.html?artnum=305391
- http://secunia.com/advisories/24966/
- http://secunia.com/advisories/25464/
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1
Acknowledgements
This issue was reported in MIT krb5 Security Advisory MITKRB5-SA-2007-002. The MIT Kerberos Development Team credits iDefense Labs for reporting this issue.
This document was written by Chris Taschner.
Other Information
CVE IDs: | CVE-2007-0957 |
Severity Metric: | 16.96 |
Date Public: | 2007-04-03 |
Date First Published: | 2007-04-03 |
Date Last Updated: | 2007-05-30 17:35 UTC |
Document Revision: | 56 |