Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2007-AVI-158
Vulnerability from certfr_avis
Plusieurs vulnérabilités de Kerberos permettraient à des utilisateurs malveillants de provoquer un déni de service à distance, de contourner la politique de sécurité ou d'exécuter du code arbitraire à distance.
Description
Plusieurs vulnérabilités sont présentes dans Kerberos :
- une vulnérabilité du démon Telnet (telnetd) permet de se connecter avec un compte utilisateur quelconque. Si la configuration du démon exige l'authentification préalable, alors l'exploitation de cette vulnérabilité n'est possible que pour les utilisateurs authentifiés.
- une vulnérabilité dans l'utilisation de la fonction krb5_klog_syslog() permettrait à utilisateur malveillant authentifié d'exécuter du code arbitraire ou de provoquer un déni de service à distance. Les applications tierces utilisant cette fonction peuvent être vulnérables.
- une vulnérabilité du démon d'administration (kadmind) permettrait à un utilisateur authentifié d'exécuter du code arbitraire ou de provoquer un déni de service à distance. La source de la vulnérabilité est dans la bibliothèque de programmes GSS-API livrée avec MIT krb5. Par conséquent, les applications tierces utilisant cette bibliothèque peuvent être vulnérables.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Kerberos 5.x.
Il n'est pas exclu que des produits tiers, utilisant Kerberos, soient affectés.
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eKerberos 5.x\u003c/SPAN\u003e.\u003c/P\u003e \u003cP\u003e\u003cBR\u003e \u003cBR\u003e\u003c/P\u003e \u003cP\u003eIl n\u0027est pas exclu que des produits tiers, utilisant \u003cSPAN class=\"textit\"\u003eKerberos\u003c/SPAN\u003e, soient affect\u00e9s.\u003c/P\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Kerberos :\n\n- une vuln\u00e9rabilit\u00e9 du d\u00e9mon Telnet (telnetd) permet de se connecter\n avec un compte utilisateur quelconque. Si la configuration du d\u00e9mon\n exige l\u0027authentification pr\u00e9alable, alors l\u0027exploitation de cette\n vuln\u00e9rabilit\u00e9 n\u0027est possible que pour les utilisateurs authentifi\u00e9s.\n- une vuln\u00e9rabilit\u00e9 dans l\u0027utilisation de la fonction\n krb5_klog_syslog() permettrait \u00e0 utilisateur malveillant authentifi\u00e9\n d\u0027ex\u00e9cuter du code arbitraire ou de provoquer un d\u00e9ni de service \u00e0\n distance. Les applications tierces utilisant cette fonction peuvent\n \u00eatre vuln\u00e9rables.\n- une vuln\u00e9rabilit\u00e9 du d\u00e9mon d\u0027administration (kadmind) permettrait \u00e0\n un utilisateur authentifi\u00e9 d\u0027ex\u00e9cuter du code arbitraire ou de\n provoquer un d\u00e9ni de service \u00e0 distance. La source de la\n vuln\u00e9rabilit\u00e9 est dans la biblioth\u00e8que de programmes GSS-API livr\u00e9e\n avec MIT krb5. Par cons\u00e9quent, les applications tierces utilisant\n cette biblioth\u00e8que peuvent \u00eatre vuln\u00e9rables.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-0957",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0957"
},
{
"name": "CVE-2007-1216",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1216"
},
{
"name": "CVE-2007-0956",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0956"
}
],
"initial_release_date": "2007-04-04T00:00:00",
"last_revision_date": "2007-05-30T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Kerberos 2007-002 du 04 avril 2007 :",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslogd.txt"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:077 du 04 avril 2007 :",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP #c01056923 du 15 mai 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026objectID=c01056923"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1276 du 03 avril 2007 :",
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0095 du 03 avril 2007 :",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0095.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-449-1 du 04 avril 2007 :",
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Kerberos 2007-003 du 04 avril 2007 :",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:025 du 05 avril 2007 :",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Kerberos 2007-001 du 04 avril 2007 :",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200704-02 du 03 avril 2007 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-02.xml"
}
],
"reference": "CERTA-2007-AVI-158",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-04-04T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 HP, Gentoo, Debian, Mandriva, Red Hat, Ubuntu, SuSE.",
"revision_date": "2007-05-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eKerberos\u003c/span\u003e\npermettraient \u00e0 des utilisateurs malveillants de provoquer un d\u00e9ni de\nservice \u00e0 distance, de contourner la politique de s\u00e9curit\u00e9 ou d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s de Kerberos",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Kerberos du 03 avril 2007",
"url": null
}
]
}
CVE-2007-1216 (GCVE-0-2007-1216)
Vulnerability from cvelistv5
Published
2007-04-06 01:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:34.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23282"
},
{
"name": "ADV-2007-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"name": "20070401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc"
},
{
"name": "HPSBUX02217",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056923"
},
{
"name": "24966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24966"
},
{
"name": "24706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24706"
},
{
"name": "oval:org.mitre.oval:def:11135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11135"
},
{
"name": "24740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24740"
},
{
"name": "1017852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017852"
},
{
"name": "RHSA-2007:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"name": "25388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25388"
},
{
"name": "24786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305391"
},
{
"name": "TA07-093B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"name": "20070405 FLEA-2007-0008-1: krb5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"name": "DSA-1276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"name": "24735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24735"
},
{
"name": "TA07-109A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
},
{
"name": "24750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24750"
},
{
"name": "SSRT071337",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056923"
},
{
"name": "kerberos-kadmind-code-execution(33413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33413"
},
{
"name": "24817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24817"
},
{
"name": "24757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24757"
},
{
"name": "20070403 MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464591/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt"
},
{
"name": "ADV-2007-1916",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1916"
},
{
"name": "VU#419344",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/419344"
},
{
"name": "SUSE-SA:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"name": "24785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24785"
},
{
"name": "MDKSA-2007:077",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"name": "USN-449-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"name": "APPLE-SA-2007-04-19",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
},
{
"name": "ADV-2007-1470",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1470"
},
{
"name": "24736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24736"
},
{
"name": "20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"name": "GLSA-200704-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23282"
},
{
"name": "ADV-2007-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"name": "20070401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc"
},
{
"name": "HPSBUX02217",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056923"
},
{
"name": "24966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24966"
},
{
"name": "24706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24706"
},
{
"name": "oval:org.mitre.oval:def:11135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11135"
},
{
"name": "24740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24740"
},
{
"name": "1017852",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017852"
},
{
"name": "RHSA-2007:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"name": "25388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25388"
},
{
"name": "24786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305391"
},
{
"name": "TA07-093B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"name": "20070405 FLEA-2007-0008-1: krb5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"name": "DSA-1276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"name": "24735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24735"
},
{
"name": "TA07-109A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
},
{
"name": "24750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24750"
},
{
"name": "SSRT071337",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056923"
},
{
"name": "kerberos-kadmind-code-execution(33413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33413"
},
{
"name": "24817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24817"
},
{
"name": "24757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24757"
},
{
"name": "20070403 MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464591/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt"
},
{
"name": "ADV-2007-1916",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1916"
},
{
"name": "VU#419344",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/419344"
},
{
"name": "SUSE-SA:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"name": "24785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24785"
},
{
"name": "MDKSA-2007:077",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"name": "USN-449-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"name": "APPLE-SA-2007-04-19",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
},
{
"name": "ADV-2007-1470",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1470"
},
{
"name": "24736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24736"
},
{
"name": "20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"name": "GLSA-200704-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23282"
},
{
"name": "ADV-2007-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"name": "20070401-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc"
},
{
"name": "HPSBUX02217",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056923"
},
{
"name": "24966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24966"
},
{
"name": "24706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24706"
},
{
"name": "oval:org.mitre.oval:def:11135",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11135"
},
{
"name": "24740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24740"
},
{
"name": "1017852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017852"
},
{
"name": "RHSA-2007:0095",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"name": "25388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25388"
},
{
"name": "24786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24786"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305391",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305391"
},
{
"name": "TA07-093B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"name": "20070405 FLEA-2007-0008-1: krb5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"name": "DSA-1276",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"name": "24735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24735"
},
{
"name": "TA07-109A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
},
{
"name": "24750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24750"
},
{
"name": "SSRT071337",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056923"
},
{
"name": "kerberos-kadmind-code-execution(33413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33413"
},
{
"name": "24817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24817"
},
{
"name": "24757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24757"
},
{
"name": "20070403 MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464591/100/0/threaded"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt"
},
{
"name": "ADV-2007-1916",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1916"
},
{
"name": "VU#419344",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/419344"
},
{
"name": "SUSE-SA:2007:025",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"name": "24785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24785"
},
{
"name": "MDKSA-2007:077",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"name": "USN-449-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"name": "APPLE-SA-2007-04-19",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
},
{
"name": "ADV-2007-1470",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1470"
},
{
"name": "24736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24736"
},
{
"name": "20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"name": "GLSA-200704-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1216",
"datePublished": "2007-04-06T01:00:00",
"dateReserved": "2007-03-02T00:00:00",
"dateUpdated": "2024-08-07T12:50:34.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0956 (GCVE-0-2007-0956)
Vulnerability from cvelistv5
Published
2007-04-06 01:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"name": "oval:org.mitre.oval:def:10046",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046"
},
{
"name": "20070401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc"
},
{
"name": "20070403 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464590/100/0/threaded"
},
{
"name": "24706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24706"
},
{
"name": "24740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24740"
},
{
"name": "RHSA-2007:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"name": "VU#220816",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/220816"
},
{
"name": "24786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24786"
},
{
"name": "TA07-093B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"name": "20070405 FLEA-2007-0008-1: krb5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"name": "DSA-1276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"name": "24735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24735"
},
{
"name": "kerberos-telnet-security-bypass(33414)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt"
},
{
"name": "1017848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017848"
},
{
"name": "23281",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23281"
},
{
"name": "24750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24750"
},
{
"name": "24817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24817"
},
{
"name": "24757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24757"
},
{
"name": "24755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24755"
},
{
"name": "ADV-2007-1249",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1249"
},
{
"name": "102867",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1"
},
{
"name": "SUSE-SA:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"name": "24785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24785"
},
{
"name": "MDKSA-2007:077",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"name": "USN-449-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"name": "24736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24736"
},
{
"name": "20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"name": "GLSA-200704-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a \u0027-\u0027 character, a similar issue to CVE-2007-0882."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"name": "oval:org.mitre.oval:def:10046",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046"
},
{
"name": "20070401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc"
},
{
"name": "20070403 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464590/100/0/threaded"
},
{
"name": "24706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24706"
},
{
"name": "24740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24740"
},
{
"name": "RHSA-2007:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"name": "VU#220816",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/220816"
},
{
"name": "24786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24786"
},
{
"name": "TA07-093B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"name": "20070405 FLEA-2007-0008-1: krb5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"name": "DSA-1276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"name": "24735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24735"
},
{
"name": "kerberos-telnet-security-bypass(33414)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt"
},
{
"name": "1017848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017848"
},
{
"name": "23281",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23281"
},
{
"name": "24750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24750"
},
{
"name": "24817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24817"
},
{
"name": "24757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24757"
},
{
"name": "24755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24755"
},
{
"name": "ADV-2007-1249",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1249"
},
{
"name": "102867",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1"
},
{
"name": "SUSE-SA:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"name": "24785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24785"
},
{
"name": "MDKSA-2007:077",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"name": "USN-449-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"name": "24736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24736"
},
{
"name": "20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"name": "GLSA-200704-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a \u0027-\u0027 character, a similar issue to CVE-2007-0882."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"name": "oval:org.mitre.oval:def:10046",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046"
},
{
"name": "20070401-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc"
},
{
"name": "20070403 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464590/100/0/threaded"
},
{
"name": "24706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24706"
},
{
"name": "24740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24740"
},
{
"name": "RHSA-2007:0095",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"name": "VU#220816",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/220816"
},
{
"name": "24786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24786"
},
{
"name": "TA07-093B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"name": "20070405 FLEA-2007-0008-1: krb5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"name": "DSA-1276",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"name": "24735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24735"
},
{
"name": "kerberos-telnet-security-bypass(33414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33414"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt"
},
{
"name": "1017848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017848"
},
{
"name": "23281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23281"
},
{
"name": "24750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24750"
},
{
"name": "24817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24817"
},
{
"name": "24757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24757"
},
{
"name": "24755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24755"
},
{
"name": "ADV-2007-1249",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1249"
},
{
"name": "102867",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1"
},
{
"name": "SUSE-SA:2007:025",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"name": "24785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24785"
},
{
"name": "MDKSA-2007:077",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"name": "USN-449-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"name": "24736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24736"
},
{
"name": "20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"name": "GLSA-200704-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0956",
"datePublished": "2007-04-06T01:00:00",
"dateReserved": "2007-02-14T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0957 (GCVE-0-2007-0957)
Vulnerability from cvelistv5
Published
2007-04-06 01:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10757",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757"
},
{
"name": "ADV-2007-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt"
},
{
"name": "20070403 MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464592/100/0/threaded"
},
{
"name": "20070401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc"
},
{
"name": "24966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24966"
},
{
"name": "24706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24706"
},
{
"name": "24798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24798"
},
{
"name": "24740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24740"
},
{
"name": "RHSA-2007:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"name": "ADV-2007-1983",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1983"
},
{
"name": "24786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24786"
},
{
"name": "102930",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305391"
},
{
"name": "TA07-093B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"name": "20070405 FLEA-2007-0008-1: krb5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"name": "DSA-1276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"name": "24735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24735"
},
{
"name": "23285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23285"
},
{
"name": "TA07-109A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
},
{
"name": "24750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24750"
},
{
"name": "ADV-2007-1250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1250"
},
{
"name": "24817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24817"
},
{
"name": "24757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24757"
},
{
"name": "kerberos-krb5klogsyslog-bo(33411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33411"
},
{
"name": "VU#704024",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/704024"
},
{
"name": "1017849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017849"
},
{
"name": "SUSE-SA:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"name": "24785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24785"
},
{
"name": "25464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25464"
},
{
"name": "MDKSA-2007:077",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"name": "USN-449-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"name": "APPLE-SA-2007-04-19",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
},
{
"name": "ADV-2007-1470",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1470"
},
{
"name": "24736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24736"
},
{
"name": "20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"name": "GLSA-200704-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10757",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757"
},
{
"name": "ADV-2007-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt"
},
{
"name": "20070403 MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464592/100/0/threaded"
},
{
"name": "20070401-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc"
},
{
"name": "24966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24966"
},
{
"name": "24706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24706"
},
{
"name": "24798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24798"
},
{
"name": "24740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24740"
},
{
"name": "RHSA-2007:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"name": "ADV-2007-1983",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1983"
},
{
"name": "24786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24786"
},
{
"name": "102930",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305391"
},
{
"name": "TA07-093B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"name": "20070405 FLEA-2007-0008-1: krb5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"name": "DSA-1276",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"name": "24735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24735"
},
{
"name": "23285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23285"
},
{
"name": "TA07-109A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
},
{
"name": "24750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24750"
},
{
"name": "ADV-2007-1250",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1250"
},
{
"name": "24817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24817"
},
{
"name": "24757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24757"
},
{
"name": "kerberos-krb5klogsyslog-bo(33411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33411"
},
{
"name": "VU#704024",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/704024"
},
{
"name": "1017849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017849"
},
{
"name": "SUSE-SA:2007:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"name": "24785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24785"
},
{
"name": "25464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25464"
},
{
"name": "MDKSA-2007:077",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"name": "USN-449-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"name": "APPLE-SA-2007-04-19",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
},
{
"name": "ADV-2007-1470",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1470"
},
{
"name": "24736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24736"
},
{
"name": "20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"name": "GLSA-200704-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10757",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757"
},
{
"name": "ADV-2007-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1218"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt"
},
{
"name": "20070403 MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464592/100/0/threaded"
},
{
"name": "20070401-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc"
},
{
"name": "24966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24966"
},
{
"name": "24706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24706"
},
{
"name": "24798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24798"
},
{
"name": "24740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24740"
},
{
"name": "RHSA-2007:0095",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0095.html"
},
{
"name": "ADV-2007-1983",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1983"
},
{
"name": "24786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24786"
},
{
"name": "102930",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305391",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305391"
},
{
"name": "TA07-093B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-093B.html"
},
{
"name": "20070405 FLEA-2007-0008-1: krb5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464814/30/7170/threaded"
},
{
"name": "DSA-1276",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1276"
},
{
"name": "24735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24735"
},
{
"name": "23285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23285"
},
{
"name": "TA07-109A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-109A.html"
},
{
"name": "24750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24750"
},
{
"name": "ADV-2007-1250",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1250"
},
{
"name": "24817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24817"
},
{
"name": "24757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24757"
},
{
"name": "kerberos-krb5klogsyslog-bo(33411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33411"
},
{
"name": "VU#704024",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/704024"
},
{
"name": "1017849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017849"
},
{
"name": "SUSE-SA:2007:025",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html"
},
{
"name": "24785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24785"
},
{
"name": "25464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25464"
},
{
"name": "MDKSA-2007:077",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:077"
},
{
"name": "USN-449-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-449-1"
},
{
"name": "APPLE-SA-2007-04-19",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html"
},
{
"name": "ADV-2007-1470",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1470"
},
{
"name": "24736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24736"
},
{
"name": "20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464666/100/0/threaded"
},
{
"name": "GLSA-200704-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-02.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0957",
"datePublished": "2007-04-06T01:00:00",
"dateReserved": "2007-02-14T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…