Lucene search

[email protected]CVE-2007-5939

HistoryDec 06, 2007 - 3:46 p.m.

CVE-2007-5939

2007-12-0615:46:00

CWE-119

[email protected]

web.nvd.nist.gov

gss_userok

heimdal 0.7.2

remote attack

vulnerability

nvd

cve-2007-5939

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.3%

JSON

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.

CPENameOperatorVersion
heimdal:heimdalheimdaleq0.7.2

CPE	Name	Operator	Version
heimdal:heimdal	heimdal	eq	0.7.2

References

bugs.gentoo.org/show_bug.cgi?id=199207

marc.info/?l=full-disclosure&m=119704362903699&w=2

osvdb.org/44750

securitytracker.com/id?1019057

www.mandriva.com/security/advisories?name=MDKSA-2007:239

www.securityfocus.com/bid/26758

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.3%

JSON

Related for CVE-2007-5939

openvas2 securityvulns2 nessus1 debiancve1 prion1 ubuntucve1