SuSE Update For Krb5 SUSE-SA:2007:025 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

The krb5 telnet daemon allowed remote attackers to skip authentication and gain root access CVE-2007-0956 A bug in the function krb5_klog_syslog() leads to a buffer overflow which could be exploited to execute arbitrary code CVE-2007-0957. A double-free bug in the GSS-API library could crash kadmind. It's potentially also exploitable to execute arbitrary code CVE-2007-1216.

Affected

krb5 on SUSE LINUX 10.1, openSUSE 10.2, SUSE SLED 10, SUSE SLES 10

References

http://www.novell.com/linux/security/advisories/2007_25_krb5.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-0956, CVE-2007-0957, CVE-2007-1216
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for MozillaFirefox
SLES10: Security update for icu
SLES10: Security update for Apache 2
SLES10: Security update for Linux kernel
SLES10: Security update for Linux kernel

SuSE Update for krb5 SUSE-SA:2007:025

Take action and discover your vulnerabilities