| ID |
CVE-2007-5894
|
| Summary |
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 9.3 (as of 11-04-2024 - 00:43) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 26750 | | bugtraq | 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation | | confirm | | | fulldisc | - 20071208 MIT Kerberos 5: Multiple vulnerabilities
- 20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]
| | misc | http://bugs.gentoo.org/show_bug.cgi?id=199205 | | osvdb | 44333 | | secunia | | | suse | SUSE-SR:2008:002 |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2007-12-14 | | organization | Red Hat | | statement | This issue is not a vulnerability, for more information see http://marc.info/?m=119743235325151 |
|
| Last major update |
11-04-2024 - 00:43 |
| Published |
06-12-2007 - 02:46 |
| Last modified |
11-04-2024 - 00:43 |
