ID CVE-2007-5971
Summary Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Information from Apple: http://docs.info.apple.com/article.html?artnum=307562
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 15-10-2018 - 21:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:04:23.426-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
family unix
id oval:org.mitre.oval:def:10296
status accepted
submitted 2010-07-09T03:56:16-04:00
title Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2008:0164
  • rhsa
    id RHSA-2008:0180
rpms
  • krb5-devel-0:1.6.1-17.el5_1.1
  • krb5-libs-0:1.6.1-17.el5_1.1
  • krb5-server-0:1.6.1-17.el5_1.1
  • krb5-workstation-0:1.6.1-17.el5_1.1
  • krb5-devel-0:1.3.4-54.el4_6.1
  • krb5-libs-0:1.3.4-54.el4_6.1
  • krb5-server-0:1.3.4-54.el4_6.1
  • krb5-workstation-0:1.3.4-54.el4_6.1
refmap via4
apple APPLE-SA-2008-03-18
bid 26750
bugtraq 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
confirm
fedora
  • FEDORA-2008-2637
  • FEDORA-2008-2647
fulldisc
  • 20071208 MIT Kerberos 5: Multiple vulnerabilities
  • 20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]
gentoo GLSA-200803-31
mandriva
  • MDVSA-2008:069
  • MDVSA-2008:070
misc http://bugs.gentoo.org/show_bug.cgi?id=199212
osvdb 43345
secunia
  • 28636
  • 29420
  • 29450
  • 29451
  • 29457
  • 29462
  • 29464
  • 29516
  • 39290
  • 39784
suse SUSE-SR:2008:002
ubuntu
  • USN-924-1
  • USN-940-1
vupen
  • ADV-2008-0924
  • ADV-2010-1192
statements via4
contributor Mark J Cox
lastmodified 2007-12-14
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. See http://marc.info/?m=119743235325151
Last major update 15-10-2018 - 21:48
Published 06-12-2007 - 02:46
Back to Top