ID |
CVE-2007-5901
|
Summary |
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Information from Apple: http://docs.info.apple.com/article.html?artnum=307562 |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
-
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
|
CVSS |
Base: | 6.9 (as of 29-09-2017 - 01:29) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
oval
via4
|
accepted | 2013-04-29T04:14:08.176-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. | family | unix | id | oval:org.mitre.oval:def:11451 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. | version | 18 |
|
redhat
via4
|
advisories | | rpms | - krb5-devel-0:1.6.1-17.el5_1.1
- krb5-libs-0:1.6.1-17.el5_1.1
- krb5-server-0:1.6.1-17.el5_1.1
- krb5-workstation-0:1.6.1-17.el5_1.1
|
|
refmap
via4
|
apple | APPLE-SA-2008-03-18 | bid | 26750 | confirm | | fedora | - FEDORA-2008-2637
- FEDORA-2008-2647
| fulldisc | - 20071208 MIT Kerberos 5: Multiple vulnerabilities
- 20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]
| gentoo | GLSA-200803-31 | mandriva | MDVSA-2008:069 | misc | http://bugs.gentoo.org/show_bug.cgi?id=199214 | osvdb | 43346 | secunia | | ubuntu | USN-924-1 | vupen | ADV-2008-0924 |
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2007-12-14 | organization | Red Hat | statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5901
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
|
Last major update |
29-09-2017 - 01:29 |
Published |
06-12-2007 - 02:46 |