CVE-2007-1216

2007-04-0600:00:00

ubuntu.com

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.15 Low

EPSS

Percentile

95.7%

JSON

Double free vulnerability in the GSS-API library
(lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon
(kadmind) in MIT krb5 before 1.6.1, when used with the authentication
method provided by the RPCSEC_GSS RPC library, allows remote authenticated
users to execute arbitrary code and modify the Kerberos key database via a
message with an “an invalid direction encoding”.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchkrb5< 1.4.3-5ubuntu0.6UNKNOWN
ubuntu6.10noarchkrb5< 1.4.3-9ubuntu1.5UNKNOWN
ubuntu7.04noarchkrb5< 1.4.4-5ubuntu3.3UNKNOWN