- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200704-02 (MIT Kerberos 5: Arbitrary remote code execution)
The Kerberos telnet daemon fails to properly handle usernames allowing unauthorized access to any account (CVE-2007-0956). The Kerberos administration daemon, the KDC and possibly other applications using the MIT Kerberos libraries are vulnerable to the following issues. The krb5_klog_syslog function from the kadm5 library fails to properly validate input leading to a stack overflow (CVE-2007-0957). The GSS-API library is vulnerable to a double-free attack (CVE-2007-1216).
Impact :
By exploiting the telnet vulnerability a remote attacker may obtain access with root privileges. The remaining vulnerabilities may allow an authenticated remote attacker to execute arbitrary code with root privileges.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top