what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2007-5972

Status Candidate

Overview

Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.

Related Files

Ubuntu Security Notice 940-1
Posted May 20, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 940-1 - It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-1320, CVE-2010-1321
SHA-256 | 3a1b15d7feb5baa1e9ef51b23ea5560f739645a55f3ec4b92a3235d5043a3820
Ubuntu Security Notice 924-1
Posted Apr 7, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 924-1 - Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. It was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629, CVE-2007-5971
SHA-256 | bc9bb711c2b8a35f6d930697ac516ed74fe77679f83777bc8331d5e84ba5e977
mitkerb-multi.txt
Posted Dec 8, 2007
Authored by Venustech AD-LAB | Site venustech.com.cn

MIT Kerberos 5 suffers from multiple vulnerabilities including an integer overflow and some double-free flaws.

tags | advisory, overflow, vulnerability
advisories | CVE-2007-5894, CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972
SHA-256 | d412d721c9d589618860fd3f0f92f51298792b44d1eb88d7790031200454c494
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close