ID CVE-2007-5894
Summary ** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code."
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos:5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:46)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 26750
bugtraq 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
confirm
fulldisc
  • 20071208 MIT Kerberos 5: Multiple vulnerabilities
  • 20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]
misc http://bugs.gentoo.org/show_bug.cgi?id=199205
osvdb 44333
secunia
  • 28636
  • 29457
suse SUSE-SR:2008:002
statements via4
contributor Mark J Cox
lastmodified 2007-12-14
organization Red Hat
statement This issue is not a vulnerability, for more information see http://marc.info/?m=119743235325151
Last major update 15-10-2018 - 21:46
Published 06-12-2007 - 02:46
Back to Top