Environment
Novell KDC (Key Distribution Center) 1.0
Situation
An authenticated user may be able to execute arbitrary code on a
host running kadmind.
An authenticated user may be able to execute arbitrary code on KDC host. Also, a user controlling a Kerberos realm sharing a key with the target realm may be able to execute arbitrary code on a KDC host.
Successful exploitation can compromise the Kerberos key database and host security on the host running these programs. (kadmin and the KDC typically runs as root.)
Unsuccessful exploitation attempts will likely result in the affected program crashing.
An authenticated user may be able to execute arbitrary code on KDC host. Also, a user controlling a Kerberos realm sharing a key with the target realm may be able to execute arbitrary code on a KDC host.
Successful exploitation can compromise the Kerberos key database and host security on the host running these programs. (kadmin and the KDC typically runs as root.)
Unsuccessful exploitation attempts will likely result in the affected program crashing.
Resolution
Apply Novell Kerberos KDC 1.0.2 or newer available at https://download.novell.com
Status
Security AlertAdditional Information
MIT Kerberos Advisory http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
CVE: CVE-2007-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
CERT: VU#704024 http://www.kb.cert.org/vuls/id/704024
Vulnerability was reported through iDefense.
CVE: CVE-2007-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
CERT: VU#704024 http://www.kb.cert.org/vuls/id/704024
Vulnerability was reported through iDefense.