CVE-2007-5901

 

Published at: - 06-12-2007 03:46

Last modified: - 19-10-2022 04:59

Total changes: - 2

Description

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• http://bugs.gentoo.org/show_bug.cgi?id=199214
• 26750-Patch
• APPLE-SA-2008-03-18-
• 20071208 MIT Kerberos 5: Multiple vulnerabilities-
• 20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]-
• https://issues.rpath.com/browse/RPL-2012
• FEDORA-2008-2637-
• FEDORA-2008-2647-
• GLSA-200803-31-
• MDVSA-2008:069-
• RHSA-2008:0164-
• 29451-
• 29464-
• 29516-
• 43346-
• 39290-
• USN-924-1-
• ADV-2008-0924-
• http://docs.info.apple.com/article.html?artnum=307562
• oval:org.mitre.oval:def:11451-

 

Keywords

NVD

 

CVE-2007-5901

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures