CVE-2007-5471 - libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 S

CVE-2007-5471

Summary

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.

References

Vulnerable Configurations

cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_server:*:*:*:*:*

CVSS

Base:	7.8 (as of 29-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	26076
confirm	https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html
osvdb	40935
secunia	27189
xf	libgssapi-bind-suse-gsstsig-dos(37233)

statements via4

contributor	Mark J Cox
lastmodified	2007-10-23
organization	Red Hat
statement	Not vulnerable. The versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 do not support GSS-TSIG and are not linked with libgssapi library.

Last major update

29-07-2017 - 01:33

Published

16-10-2007 - 00:17

Last modified

29-07-2017 - 01:33