CVE-2007-2442

 

Published at: - 27-06-2007 12:30

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt
• VU#356961-Patch, Third Party Advisory, US Government Resource
• TA07-177A-Patch, Third Party Advisory, US Government Resource
• 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player-Third Party Advisory
• http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt
• https://issues.rpath.com/browse/RPL-1499
• https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html
• http://docs.info.apple.com/article.html?artnum=306172
• APPLE-SA-2007-07-31-Mailing List, Third Party Advisory
• DSA-1323-Third Party Advisory
• GLSA-200707-11-Third Party Advisory
• MDKSA-2007:137-Third Party Advisory
• RHSA-2007:0384-Third Party Advisory
• RHSA-2007:0562-Third Party Advisory
• 20070602-01-P-Broken Link
• 102914-Broken Link
• SUSE-SA:2007:038-Broken Link
• 2007-0021-Broken Link
• USN-477-1-Third Party Advisory
• 24655-Third Party Advisory, VDB Entry
• 25159-Third Party Advisory, VDB Entry
• 1018293-Third Party Advisory, VDB Entry
• 25821-Third Party Advisory
• 25870-Third Party Advisory
• 25890-Third Party Advisory
• 25894-Third Party Advisory
• 25800-Third Party Advisory
• 25801-Third Party Advisory
• 25814-Third Party Advisory
• 25841-Third Party Advisory
• 25888-Third Party Advisory
• 25911-Third Party Advisory
• 26228-Third Party Advisory
• 26235-Third Party Advisory
• 26033-Third Party Advisory
• 26909-Third Party Advisory
• 27706-Third Party Advisory
• ADV-2010-1574-Third Party Advisory
• 40346-Third Party Advisory
• SSRT100107-Broken Link
• ADV-2007-3229-Third Party Advisory
• ADV-2007-2354-Third Party Advisory
• ADV-2007-2491-Third Party Advisory
• ADV-2007-2732-Third Party Advisory
• ADV-2007-2337-Third Party Advisory
• 36596-Broken Link
• kerberos-gssrpcsvcauthgssapi-code-execution(35082)-Third Party Advisory, VDB Entry
• oval:org.mitre.oval:def:7344-Broken Link, Third Party Advisory
• oval:org.mitre.oval:def:10631-Broken Link, Third Party Advisory
• 20070629 TSLSA-2007-0021 - kerberos5-Third Party Advisory, VDB Entry
• 20070628 FLEA-2007-0029-1: krb5 krb5-workstation-Third Party Advisory, VDB Entry
• 20070626 MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities-Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2007-2442

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures