Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.
6a6d99a418acc8305f4de65a97346cfbfc444a7240458f96d1bbc4da290014aeKerberos version 1.5.1 kadmind remote root buffer overflow exploit.
e8db9a1943cc4ec249fdac17fbfedb8363cfeb66696583954fa18de60266c597Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.
4c85472c6c076fc42ea60fe1902ed6ac8df4cba85d66cc80bb7857e1689352c5Ubuntu Security Notice 449-1 - The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. The krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted message and execute arbitrary code with root privileges. The krb5 administration service was vulnerable to a double-free in the GSS RPC library. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.
62e02dc1561b3f4f516800fab53dc51b4243752824d8b67f8137c364ff72c23bGentoo Linux Security Advisory GLSA 200704-02 - The Kerberos telnet daemon fails to properly handle usernames allowing unauthorized access to any account (CVE-2007-0956). The Kerberos administration daemon, the KDC and possibly other applications using the MIT Kerberos libraries are vulnerable to the following issues. The krb5_klog_syslog function from the kadm5 library fails to properly validate input leading to a stack overflow (CVE-2007-0957). The GSS-API library is vulnerable to a double-free attack (CVE-2007-1216). Versions less than 1.5.2-r1 are affected.
92a43eb6ea21be6558b53054410890884d4a477782e2eaa9d2963e6bae48d971Debian Security Advisory 1276-1 - Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.
49909edfcb50870cc25f61bafbdef1cd2f38181b0590d72865beb8d02d6af72diDefense Security Advisory 04.03.07 - Remote exploitation of a buffer overflow vulnerability in the Kerberos kadmind server, as included in various vendors' operating system distributions, could allow attackers to execute arbitrary code on a targeted host. The vulnerability exists within the server's logging function, klog_vsyslog(). A call is made to vsprintf(), with the destination buffer passed as a fixed size stack buffer. User input is not properly validated before being passed to this function, and a stack based buffer overflow can occur. iDefense has confirmed the existence of this vulnerability with Kerberos version 1.5.1 on Fedora CORE 5. It is likely that all distributions that contain this version of Kerberos are vulnerable.
89da317f87ae2213d94288ef79b00b18ea8b94aa62f931ccae0c56fdcd9f3b68MIT krb5 Security Advisory 2007-002 - The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. Exploitation of this vulnerability is probably simple. This is a vulnerability in the the kadm5 library, which is used by the KDC and kadmind, and possibly by some third-party applications. It is not a bug in the MIT krb5 protocol libraries or in the Kerberos protocol.
245649e1ac34647dc9b3ba7ed654bd1c43c69789f15fc8639c40e411278935ec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed