what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2007-5901

Status Candidate

Overview

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.

Related Files

Ubuntu Security Notice 924-1
Posted Apr 7, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 924-1 - Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. It was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629, CVE-2007-5971
SHA-256 | bc9bb711c2b8a35f6d930697ac516ed74fe77679f83777bc8331d5e84ba5e977
Gentoo Linux Security Advisory 200803-31
Posted Mar 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200803-31 - Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply. Versions less than 1.6.3-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063, CVE-2008-0947
SHA-256 | 687a1a18cfdf1045b45102f44dfce14c62dc95331cc6d0cad7c2e5ba130147ae
Mandriva Linux Security Advisory 2008-069
Posted Mar 19, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple memory management flaws, a Kerberos v4 protocol packet handling issue, and various other vulnerabilities relating to krb5 are addressed in this advisory.

tags | advisory, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063, CVE-2008-0947
SHA-256 | b9c93daed1f0633ea2aa214260c2d51bcb53b668537703dd134574d341ceca5f
mitkerb-multi.txt
Posted Dec 8, 2007
Authored by Venustech AD-LAB | Site venustech.com.cn

MIT Kerberos 5 suffers from multiple vulnerabilities including an integer overflow and some double-free flaws.

tags | advisory, overflow, vulnerability
advisories | CVE-2007-5894, CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972
SHA-256 | d412d721c9d589618860fd3f0f92f51298792b44d1eb88d7790031200454c494
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close