National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-2442 Detail

Description

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

Source:  MITRE      Last Modified:  06/26/2007

Quick Info

CVE Dictionary Entry:
CVE-2007-2442
Original release date:
06/26/2007
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
9.3 HIGH
Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc External Source SGI 20070602-01-P
http://docs.info.apple.com/article.html?artnum=306172 External Source CONFIRM http://docs.info.apple.com/article.html?artnum=306172
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 External Source HP HPSBUX02544
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html External Source APPLE APPLE-SA-2007-07-31
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html External Source FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
http://security.gentoo.org/glsa/glsa-200707-11.xml External Source GENTOO GLSA-200707-11
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1 External Source SUNALERT 102914
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt External Source CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt Patch; Vendor Advisory External Source CONFIRM http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt
http://www.debian.org/security/2007/dsa-1323 External Source DEBIAN DSA-1323
http://www.kb.cert.org/vuls/id/356961 Patch; US Government Resource External Source CERT-VN VU#356961
http://www.mandriva.com/security/advisories?name=MDKSA-2007:137 External Source MANDRIVA MDKSA-2007:137
http://www.novell.com/linux/security/advisories/2007_38_krb5.html External Source SUSE SUSE-SA:2007:038
http://www.redhat.com/support/errata/RHSA-2007-0384.html External Source REDHAT RHSA-2007:0384
http://www.redhat.com/support/errata/RHSA-2007-0562.html External Source REDHAT RHSA-2007:0562
http://www.securityfocus.com/archive/1/archive/1/472288/100/0/threaded External Source BUGTRAQ 20070626 MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities
http://www.securityfocus.com/archive/1/archive/1/472432/100/0/threaded External Source BUGTRAQ 20070628 FLEA-2007-0029-1: krb5 krb5-workstation
http://www.securityfocus.com/archive/1/archive/1/472507/30/5970/threaded External Source BUGTRAQ 20070629 TSLSA-2007-0021 - kerberos5
http://www.securityfocus.com/bid/24655 External Source BID 24655
http://www.securityfocus.com/bid/25159 External Source BID 25159
http://www.securitytracker.com/id?1018293 External Source SECTRACK 1018293
http://www.trustix.org/errata/2007/0021/ External Source TRUSTIX 2007-0021
http://www.ubuntu.com/usn/usn-477-1 External Source UBUNTU USN-477-1
http://www.us-cert.gov/cas/techalerts/TA07-177A.html Patch; US Government Resource External Source CERT TA07-177A
http://www.vupen.com/english/advisories/2007/2337 External Source VUPEN ADV-2007-2337
http://www.vupen.com/english/advisories/2007/2354 External Source VUPEN ADV-2007-2354
http://www.vupen.com/english/advisories/2007/2491 External Source VUPEN ADV-2007-2491
http://www.vupen.com/english/advisories/2007/2732 External Source VUPEN ADV-2007-2732
http://www.vupen.com/english/advisories/2007/3229 External Source VUPEN ADV-2007-3229
http://www.vupen.com/english/advisories/2010/1574 External Source VUPEN ADV-2010-1574
https://exchange.xforce.ibmcloud.com/vulnerabilities/35082 External Source XF kerberos-gssrpcsvcauthgssapi-code-execution(35082)
https://issues.rpath.com/browse/RPL-1499 External Source CONFIRM https://issues.rpath.com/browse/RPL-1499
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10631 External Source OVAL oval:org.mitre.oval:def:10631
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7344 External Source OVAL oval:org.mitre.oval:def:7344
https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html External Source CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html

References to Check Content

Identifier:
oval:org.mitre.oval:def:10631
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10631
Identifier:
oval:org.mitre.oval:def:7344
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7344

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*    versions up to (including) 5-1.6.1

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 4 change records found - show changes