Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:419344
HistoryApr 03, 2007 - 12:00 a.m.

MIT Kerberos 5 GSS-API library double-free vulnerability

2007-04-0300:00:00
www.kb.cert.org
19

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.15 Low

EPSS

Percentile

95.7%

JSON

Overview

The GSS-API library provided with MIT krb5 contains a vulnerability that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service.

Description

A vulnerability in the way the GSS-API library provided with MIT krb5 handles messages with an invalid direction encoding may result in a double free. According to MIT krb5 Security Advisory MITKRB5-SA-2007-003:

The kg_unseal_v1() function in src/lib/gssapi/krb5/k5unseal.c frees memory allocated for the “message_buffer” gss_buffer_t when it detects an invalid direction encoding on the message. It does not set the pointer to NULL, nor does it set the length to zero. An application subsequently calling gss_release_buffer() on this gss_buffer_t will cause memory to be freed twice.

Much code provided with MIT krb5 does not attempt to call gss_release_buffer() when gss_unseal() or gss_unwrap() fails, even though the GSS-API C-bindings specification permits it to do so. The RPCSEC_GSS authentication flavor for the RPC library, introduced in krb5-1.4, does call gss_release_buffer() when gss_unwrap() fails. This allows an authenticated attacker to trigger a double-free situation.

Note that this issue affects all releases of MIT krb5 up to and including krb5-1.6. Other server applications that utilize the RPC library or the MIT GSS-API library provided with MIT krb5 may also be affected.

This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system.

Impact

A remote, authenticated user may be able to execute arbitrary code on an affected system or cause the affected program to crash, resulting in a denial of service. Secondary impacts of code execution include complete compromise of the Kerberos key database.

Solution

Apply Patch
A patch can be obtained from MIT krb5 Security Advisory MITKRB5-SA-2007-003. MIT also states that this will be addressed in the upcoming krb5-1.6.1 release.

Vendor Information

419344

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Notified: April 04, 2007 Updated: April 20, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Apple Security Update 2007-004.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23419344 Feedback>).

MIT Kerberos Development Team __ Affected

Updated: April 03, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to MITKRB5-SA-2007-003.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23419344 Feedback>).

Mandriva, Inc. __ Affected

Notified: April 04, 2007 Updated: April 05, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to MDKSA-2007:077.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23419344 Feedback>).

Red Hat, Inc. __ Affected

Updated: April 02, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to RHSA-2007-0095.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23419344 Feedback>).

SUSE Linux __ Affected

Notified: April 04, 2007 Updated: April 05, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to SUSE-SA:2007:025.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23419344 Feedback>).

Trustix Secure Linux __ Affected

Notified: April 04, 2007 Updated: April 06, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Trustix Secure Linux Security Advisory #2007-0012.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23419344 Feedback>).

rPath __ Affected

Updated: April 05, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to rPSA-2007-0063-1.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23419344 Feedback>).

Cisco Systems, Inc. Not Affected

Updated: April 02, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi Not Affected

Updated: April 02, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation Not Affected

Notified: April 04, 2007 Updated: April 06, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Symantec, Inc. Not Affected

Notified: April 04, 2007 Updated: April 05, 2007

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

3com, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

AT&T Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Alcatel Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avaya, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avici Systems, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Borderware Technologies Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Charlotte’s Web Networks Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Check Point Software Technologies Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Chiaro Networks, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Clavister Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Data Connection, Ltd. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation) Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ericsson Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Extreme Networks Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fortinet, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Foundry Networks, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Global Technology Associates Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hyperchip Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IP Filter Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intel Corporation Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Security Systems, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

KTH Kerberos Team Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Linksys (A division of Cisco Systems) Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lucent Technologies Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Luminous Networks Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multinet (owned Process Software Corporation) Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multitech, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Network Appliance, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NextHop Technologies, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nortel Networks, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Redback Networks, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Riverstone Networks, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secure Computing Network Security Division Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secureworx, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sony Corporation Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Stonesoft Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Watchguard Technologies, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

ZyXEL Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

eSoft, Inc. Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter Unknown

Notified: April 04, 2007 Updated: April 04, 2007

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 79 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base 0 AV:–/AC:–/Au:–/C:–/I:–/A:–
Temporal 0 E:ND/RL:ND/RC:ND
Environmental 0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

This issue is addressed in MIT krb5 Security Advisory MITKRB5-SA-2007-003.

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2007-1216
Severity Metric: 17.85 Date Public:

Related

nessus 13
securityvulns 2
openvas 17
cve 1
debiancve 1
ubuntucve 1
prion 1
suse 1
gentoo 1
debian 1
osv 1
redhat 1
ubuntu 1
fedora 3
centos 2
oraclelinux 1
vmware 1
nessus
nessus
HP-UX PHSS_36361 : HP-UX running Kerberos, Remote Arbitrary Code Execution (HPSBUX02217 SSRT071337 rev.2)
2007-09-25 00:00:00
HP-UX PHSS_36286 : HP-UX running Kerberos, Remote Arbitrary Code Execution (HPSBUX02217 SSRT071337 rev.2)
2007-09-25 00:00:00
HP-UX PHSS_34991 : HP-UX running Kerberos, Remote Arbitrary Code Execution (HPSBUX02217 SSRT071337 rev.2)
2007-09-25 00:00:00
securityvulns
securityvulns
MITKRB5-SA-2007-003: double-free vulnerability in kadmind &#40;via GSS-API library&#41; [CVE-2007-1216]
2007-04-04 00:00:00
Mltiple MIT Kerberos security vulnerabilities
2007-04-11 00:00:00
openvas
openvas
HP-UX Update for Kerberos HPSBUX02217
2009-05-05 00:00:00
HP-UX Update for Kerberos HPSBUX02217
2009-05-05 00:00:00
Mandriva Update for krb5 MDKSA-2007:077-1 (krb5)
2009-04-09 00:00:00
cve
cve
CVE-2007-1216
2007-04-06 01:19:00
debiancve
debiancve
CVE-2007-1216
2007-04-06 01:19:00
ubuntucve
ubuntucve
CVE-2007-1216
2007-04-06 00:00:00
prion
prion
Double free
2007-04-06 01:19:00
suse
suse
remote code execution in krb5
2007-04-05 12:20:17
gentoo
gentoo
MIT Kerberos 5: Arbitrary remote code execution
2007-04-03 00:00:00
debian
debian
[SECURITY] [DSA 1276-1] New krb5 packages fix several vulnerabilities
2007-04-03 21:15:24
osv
osv
krb5 - several vulnerabilities
2007-04-03 00:00:00
redhat
redhat
(RHSA-2007:0095) Critical: krb5 security update
2007-04-03 00:00:00
ubuntu
ubuntu
krb5 vulnerabilities
2007-04-04 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: krb5-1.5-21
2007-04-03 20:13:33
[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.4
2007-04-03 20:14:48
[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.5
2007-06-28 13:30:51
centos
centos
krb5 security update
2007-04-04 00:33:54
krb5 security update
2007-04-03 21:56:56
oraclelinux
oraclelinux
Critical: krb5 security update
2007-04-04 00:00:00
vmware
vmware
Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.
2007-07-05 00:00:00

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.15 Low

EPSS

Percentile

95.7%

JSON
Related for VU:419344
nessus13securityvulns2openvas17cve1debiancve1ubuntucve1prion1suse1gentoo1debian1osv1redhat1ubuntu1fedora3centos2oraclelinux1vmware1