iDefense Security Advisory 04.03.07 - Remote exploitation of a buffer overflow vulnerability in the Kerberos kadmind server, as included in various vendors' operating system distributions, could allow attackers to execute arbitrary code on a targeted host. The vulnerability exists within the server's logging function, klog_vsyslog(). A call is made to vsprintf(), with the destination buffer passed as a fixed size stack buffer. User input is not properly validated before being passed to this function, and a stack based buffer overflow can occur. iDefense has confirmed the existence of this vulnerability with Kerberos version 1.5.1 on Fedora CORE 5. It is likely that all distributions that contain this version of Kerberos are vulnerable.
89da317f87ae2213d94288ef79b00b18ea8b94aa62f931ccae0c56fdcd9f3b68Kerberos version 1.5.1 kadmind remote root buffer overflow exploit.
e8db9a1943cc4ec249fdac17fbfedb8363cfeb66696583954fa18de60266c597
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed