CVE-2007-0957

Source
https://nvd.nist.gov/vuln/detail/CVE-2007-0957
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-0957.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2007-0957
Related
Published
2007-04-06T01:19:00Z
Modified
2024-06-30T12:00:03Z
Summary
[none]
Details

Stack-based buffer overflow in the krb5klogsyslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

References

Affected packages

Debian:11 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.4-8

Ecosystem specific

{
    "urgency": "high"
}

Debian:12 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.4-8

Ecosystem specific

{
    "urgency": "high"
}

Debian:13 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.4-8

Ecosystem specific

{
    "urgency": "high"
}