MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability

BID:23285

Info

MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability

Bugtraq ID: 23285
Class: Boundary Condition Error
CVE: CVE-2007-0957
Remote: Yes
Local: No
Published: Apr 03 2007 12:00AM
Updated: Mar 19 2015 09:10AM
Credit: The discoverer of this vulnerability wishes to remain anonymous.
Vulnerable: Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server 2.0
Trustix Secure Linux 3.0.5
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Operating System Enterprise Server 2.0
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10_x86
SGI ProPack 3.0 SP6
S.u.S.E. openSUSE 10.2
S.u.S.E. Linux 9.3 x86-64
S.u.S.E. Linux 9.3 x86
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
rPath rPath Linux 1
RedHat Linux Advanced Work Station 2.1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1
Pardus Linux 2007.1
Novell KDC (Key Distribution Center) 1.0
MIT Kerberos 5 5.0 -1.4.1
MIT Kerberos 5 5.0 -1.4
MIT Kerberos 5 5.0 -1.3.6
MIT Kerberos 5 5.0 -1.3.5
MIT Kerberos 5 5.0 -1.3.4
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
MIT Kerberos 5 5.0 -1.3.3
MIT Kerberos 5 5.0 -1.2beta2
MIT Kerberos 5 5.0 -1.2beta1
MIT Kerberos 5 5.0 -1.1.1
MIT Kerberos 5 5.0 -1.1
MIT Kerberos 5 5.0 -1.0.x
MIT Kerberos 5 1.6
MIT Kerberos 5 1.5.1
MIT Kerberos 5 1.5
MIT Kerberos 5 1.4.3
MIT Kerberos 5 1.4.2
MIT Kerberos 5 1.4.1
MIT Kerberos 5 1.4
MIT Kerberos 5 1.3.6
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
MIT Kerberos 5 1.3.5
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
MIT Kerberos 5 1.3.4
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Turbolinux Turbolinux Server 10.0
MIT Kerberos 5 1.3.3
MIT Kerberos 5 1.3.2
MIT Kerberos 5 1.3.1
MIT Kerberos 5 1.3 -alpha1
MIT Kerberos 5 1.3
MIT Kerberos 5 1.2.8
MIT Kerberos 5 1.2.7
MIT Kerberos 5 1.2.6
MIT Kerberos 5 1.2.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Wirex Immunix OS 7+
MIT Kerberos 5 1.2.4
MIT Kerberos 5 1.2.3
MIT Kerberos 5 1.2.2 -beta1
MIT Kerberos 5 1.2.2
MIT Kerberos 5 1.2.1
MIT Kerberos 5 1.2
MIT Kerberos 5 1.1.1
+ Red Hat Linux 6.2
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
MIT Kerberos 5 1.1
MIT Kerberos 5 1.0.8
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
MIT Kerberos 5 1.0.6
MIT Kerberos 5 1.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2007.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.9
Apple Mac OS X 10.3.9
Not Vulnerable: Novell KDC (Key Distribution Center) 1.0.2
MIT Kerberos 5 1.6.1

Discussion

MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability

Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6 and prior versions are vulnerable.

Exploit / POC

MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability

The following exploit is available:

Solution / Fix

MIT Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability

Solution:
The vendor has released fixes to address this issue. Please see the references for more information.


Sun Solaris 8_sparc

MIT Kerberos 5 1.3.6

MIT Kerberos 5 1.4.1

MIT Kerberos 5 1.5.1

Turbolinux Turbolinux Server 10.0

Apple Mac OS X Server 10.3.9

Apple Mac OS X 10.3.9

Apple Mac OS X Server 10.4.9

SGI ProPack 3.0 SP6

Trustix Secure Linux 3.0

Trustix Secure Linux 3.0.5

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report