CVE-2007-5901 : Use-after-free vulnerability in the gss_indicate

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.

Published 2007-12-06 02:46:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2007-5901

MIT » Kerberos 5
Versions up to, including, (<=) 1.6.3_kdc
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: 10.4.11
When used together with: Apple » Mac Os X » Version: 10.5.2
When used together with: Apple » Mac Os X Server » Version: 10.4.11
When used together with: Apple » Mac Os X Server » Version: 10.5.2

Exploit prediction scoring system (EPSS) score for CVE-2007-5901

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-5901

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-5901

CWE-399

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2007-5901

Red Hat 2007-12-14

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5901 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

References for CVE-2007-5901

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html

[SECURITY] Fedora 7 Update: krb5-1.6.1-9.fc7

CVEs referencing this url
http://seclists.org/fulldisclosure/2007/Dec/0321.html

Full Disclosure: Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]

CVEs referencing this url
http://www.securityfocus.com/bid/26750

Patch

CVEs referencing this url
http://osvdb.org/43346
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069

Advisories | Mandriva

CVEs referencing this url
http://secunia.com/advisories/29451

About Secunia Research | Flexera

CVEs referencing this url
https://issues.rpath.com/browse/RPL-2012

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html

[SECURITY] Fedora 8 Update: krb5-1.6.2-14.fc8

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200803-31.xml

MIT Kerberos 5: Multiple vulnerabilities (GLSA 200803-31) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/29516

About Secunia Research | Flexera

CVEs referencing this url
http://bugs.gentoo.org/show_bug.cgi?id=199214

199214 – mit-krb5 lib vulnerability
Exploit

CVEs referencing this url
http://seclists.org/fulldisclosure/2007/Dec/0176.html

Full Disclosure: MIT Kerberos 5: Multiple vulnerabilities

CVEs referencing this url
http://secunia.com/advisories/39290

Sign in

CVEs referencing this url
http://docs.info.apple.com/article.html?artnum=307562

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11451

404 Not Found
http://secunia.com/advisories/29464

About Secunia Research | Flexera

CVEs referencing this url
http://ubuntu.com/usn/usn-924-1

USN-924-1: Kerberos vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0164.html

Support

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0924/references

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url