| ID |
CVE-2007-5901
|
| Summary |
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Information from Apple: http://docs.info.apple.com/article.html?artnum=307562 |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 6.9 (as of 29-09-2017 - 01:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2013-04-29T04:14:08.176-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | | oval | oval:org.mitre.oval:def:11414 |
| comment | The operating system installed on the system is CentOS Linux 5.x | | oval | oval:org.mitre.oval:def:15802 |
| comment | Oracle Linux 5.x | | oval | oval:org.mitre.oval:def:15459 |
| | description | Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. | | family | unix | | id | oval:org.mitre.oval:def:11451 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. | | version | 18 |
|
| redhat
via4
|
| advisories | | | rpms | - krb5-devel-0:1.6.1-17.el5_1.1
- krb5-libs-0:1.6.1-17.el5_1.1
- krb5-server-0:1.6.1-17.el5_1.1
- krb5-workstation-0:1.6.1-17.el5_1.1
|
|
| refmap
via4
|
| apple | APPLE-SA-2008-03-18 | | bid | 26750 | | confirm | | | fedora | - FEDORA-2008-2637
- FEDORA-2008-2647
| | fulldisc | - 20071208 MIT Kerberos 5: Multiple vulnerabilities
- 20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]
| | gentoo | GLSA-200803-31 | | mandriva | MDVSA-2008:069 | | misc | http://bugs.gentoo.org/show_bug.cgi?id=199214 | | osvdb | 43346 | | secunia | | | ubuntu | USN-924-1 | | vupen | ADV-2008-0924 |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2007-12-14 | | organization | Red Hat | | statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5901
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
|
| Last major update |
29-09-2017 - 01:29 |
| Published |
06-12-2007 - 02:46 |
