CVE-2007-2442

Severity

93%

Complexity

86%

Confidentiality

165%

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 18 years ago

2007-06-26 22:30:00

Last updated 6 years ago

2018-10-16 16:43:00

Affected Software

MIT Kerberos

References

20070602-01-P

http://docs.info.apple.com/article.html?artnum=306172

SSRT100107

APPLE-SA-2007-07-31

20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

36596

25800

25801

25814

25821

25841

25870

25888

25890

25894

25911

26033

26228

26235

26909

27706

40346

GLSA-200707-11

102914

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt

Patch, Vendor Advisory

DSA-1323

VU#356961

Patch, US Government Resource

MDKSA-2007:137

SUSE-SA:2007:038

RHSA-2007:0384

RHSA-2007:0562

20070626 MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities

20070628 FLEA-2007-0029-1: krb5 krb5-workstation

20070629 TSLSA-2007-0021 - kerberos5

24655

25159

1018293

2007-0021

USN-477-1

TA07-177A

Patch, US Government Resource

ADV-2007-2337

ADV-2007-2354

ADV-2007-2491

ADV-2007-2732

ADV-2007-3229

ADV-2010-1574

kerberos-gssrpcsvcauthgssapi-code-execution(35082)

https://issues.rpath.com/browse/RPL-1499

oval:org.mitre.oval:def:10631

oval:org.mitre.oval:def:7344

https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.