Lucene search

K
cve[email protected]CVE-2007-1216
HistoryApr 06, 2007 - 1:19 a.m.

CVE-2007-1216

2007-04-0601:19:00
CWE-415
web.nvd.nist.gov
46
cve-2007-1216
gss-api
kerberos
remote code execution
database modification
security vulnerability

6.9 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.15 Low

EPSS

Percentile

95.7%

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an “an invalid direction encoding”.

References

6.9 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.15 Low

EPSS

Percentile

95.7%