Description
The krb5 telnet service did not appropriately verify user names. A
remote attacker could log in as the root user by requesting a specially
crafted user name. (CVE-2007-0956)
The krb5 syslog library did not correctly verify the size of log
messages. A remote attacker could send a specially crafted message and
execute arbitrary code with root privileges. (CVE-2007-0957)
The krb5 administration service was vulnerable to a double-free in the
GSS RPC library. A remote attacker could send a specially crafted
request and execute arbitrary code with root privileges. (CVE-2007-1216)