CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
97.8%
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
mit | kerberos_5 | 1.4 | cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.1 | cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.2 | cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.3 | cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.4 | cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.5 | cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.5.1 | cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 6.06 | cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 6.10 | cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* |
docs.info.apple.com/article.html?artnum=305391
fedoranews.org/cms/node/2375
fedoranews.org/cms/node/2376
lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html
osvdb.org/31281
secunia.com/advisories/23667
secunia.com/advisories/23696
secunia.com/advisories/23701
secunia.com/advisories/23706
secunia.com/advisories/23707
secunia.com/advisories/23772
secunia.com/advisories/23903
secunia.com/advisories/24966
security.gentoo.org/glsa/glsa-200701-21.xml
securitytracker.com/id?1017493
web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
www.kb.cert.org/vuls/id/481564
www.mandriva.com/security/advisories?name=MDKSA-2007:008
www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html
www.securityfocus.com/archive/1/456406/100/0/threaded
www.securityfocus.com/bid/21970
www.ubuntu.com/usn/usn-408-1
www.us-cert.gov/cas/techalerts/TA07-009B.html
www.us-cert.gov/cas/techalerts/TA07-109A.html
www.vupen.com/english/advisories/2007/0111
www.vupen.com/english/advisories/2007/1470
exchange.xforce.ibmcloud.com/vulnerabilities/31422
issues.rpath.com/browse/RPL-925