=====================================================================
                                     CERT-Renater

                          Note d'Information No. 2007/VULN188
_____________________________________________________________________

DATE                      : 05/04/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Novell Kerberos KDC.

======================================================================

Security Update: KDC and kadmin stack overflow in krb5_klog_syslog

This document (3618705) is provided subject to the disclaimer at the end of this 
document.


environment
Novell KDC (Key Distribution Center) 1.0

situation
An authenticated user may be able to execute arbitrary code on a host running 
kadmind.

An authenticated user may be able to execute arbitrary code on KDC host.  Also, 
a user controlling a Kerberos realm sharing a key with the target realm may be 
able to execute arbitrary code on a KDC host.

Successful exploitation can compromise the Kerberos key database and host 
security on the host running these programs.  (kadmin and the KDC typically runs 
as root.)
Unsuccessful exploitation attempts will likely result in the affected program 
crashing.


resolution
Apply Novell Kerberos KDC 1.0.2 available at http://download.novell.com


status
Security Alert


additional notes
MIT Kerberos Advisory 
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt

CVE: CVE-2007-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957

CERT: VU#704024 http://www.kb.cert.org/vuls/id/704024

Vulnerability was reported through iDefense.


document
Document ID:	3618705
Creation Date:	2007-04-03 18:49:25.0
Modified Date:	2007-04-03 18:47:03.0
Novell Product:	Authentication Services


disclaimer

The Origin of this information may be internal or external to Novell. Novell 
makes all reasonable efforts to verify this information. However, the 
information provided in this document is for your information only. Novell makes 
no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective 
owners. Consult your product manuals for complete trademark information.

======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================