CVE-2007-0957

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

• CWE-787

• ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.ascBroken Link
• http://docs.info.apple.com/article.html?artnum=305391Broken Link
• http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.htmlMailing List, Third Party Advisory
• http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlBroken Link
• http://secunia.com/advisories/24706Third Party Advisory
• http://secunia.com/advisories/24735Third Party Advisory
• http://secunia.com/advisories/24736Third Party Advisory
• http://secunia.com/advisories/24740Third Party Advisory
• http://secunia.com/advisories/24750Third Party Advisory
• http://secunia.com/advisories/24757Third Party Advisory
• http://secunia.com/advisories/24785Third Party Advisory
• http://secunia.com/advisories/24786Third Party Advisory
• http://secunia.com/advisories/24798Third Party Advisory
• http://secunia.com/advisories/24817Third Party Advisory
• http://secunia.com/advisories/24966Third Party Advisory
• http://secunia.com/advisories/25464Third Party Advisory
• http://security.gentoo.org/glsa/glsa-200704-02.xmlThird Party Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1Broken Link
• http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txtPatch, Vendor Advisory
• http://www.debian.org/security/2007/dsa-1276Third Party Advisory
• http://www.kb.cert.org/vuls/id/704024Third Party Advisory, US Government Resource
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:077Third Party Advisory
• http://www.redhat.com/support/errata/RHSA-2007-0095.htmlThird Party Advisory
• http://www.securityfocus.com/archive/1/464592/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/464666/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/464814/30/7170/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/23285Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1017849Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/usn-449-1Third Party Advisory
• http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlThird Party Advisory, US Government Resource
• http://www.us-cert.gov/cas/techalerts/TA07-109A.htmlThird Party Advisory, US Government Resource
• http://www.vupen.com/english/advisories/2007/1218Third Party Advisory
• http://www.vupen.com/english/advisories/2007/1250Third Party Advisory
• http://www.vupen.com/english/advisories/2007/1470Third Party Advisory
• http://www.vupen.com/english/advisories/2007/1983Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/33411Third Party Advisory, VDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757Broken Link, Third Party Advisory
• ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.ascBroken Link
• http://docs.info.apple.com/article.html?artnum=305391Broken Link
• http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.htmlMailing List, Third Party Advisory
• http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlBroken Link
• http://secunia.com/advisories/24706Third Party Advisory
• http://secunia.com/advisories/24735Third Party Advisory
• http://secunia.com/advisories/24736Third Party Advisory
• http://secunia.com/advisories/24740Third Party Advisory
• http://secunia.com/advisories/24750Third Party Advisory
• http://secunia.com/advisories/24757Third Party Advisory
• http://secunia.com/advisories/24785Third Party Advisory
• http://secunia.com/advisories/24786Third Party Advisory
• http://secunia.com/advisories/24798Third Party Advisory
• http://secunia.com/advisories/24817Third Party Advisory
• http://secunia.com/advisories/24966Third Party Advisory
• http://secunia.com/advisories/25464Third Party Advisory
• http://security.gentoo.org/glsa/glsa-200704-02.xmlThird Party Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1Broken Link
• http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txtPatch, Vendor Advisory
• http://www.debian.org/security/2007/dsa-1276Third Party Advisory
• http://www.kb.cert.org/vuls/id/704024Third Party Advisory, US Government Resource
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:077Third Party Advisory
• http://www.redhat.com/support/errata/RHSA-2007-0095.htmlThird Party Advisory
• http://www.securityfocus.com/archive/1/464592/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/464666/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/464814/30/7170/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/23285Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1017849Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/usn-449-1Third Party Advisory
• http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlThird Party Advisory, US Government Resource
• http://www.us-cert.gov/cas/techalerts/TA07-109A.htmlThird Party Advisory, US Government Resource
• http://www.vupen.com/english/advisories/2007/1218Third Party Advisory
• http://www.vupen.com/english/advisories/2007/1250Third Party Advisory
• http://www.vupen.com/english/advisories/2007/1470Third Party Advisory
• http://www.vupen.com/english/advisories/2007/1983Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/33411Third Party Advisory, VDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757Broken Link, Third Party Advisory

Published

Apr 6, 2007

Last Modified

Jun 16, 2026

Status

Modified