Vulnerability Details : CVE-2007-5901
Potential exploit
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
Vulnerability category: Memory Corruption
Products affected by CVE-2007-5901
- cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5901
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5901
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2007-5901
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-5901
-
Red Hat 2007-12-14Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5901 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
References for CVE-2007-5901
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
[SECURITY] Fedora 7 Update: krb5-1.6.1-9.fc7
-
http://seclists.org/fulldisclosure/2007/Dec/0321.html
Full Disclosure: Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]
-
http://www.securityfocus.com/bid/26750
Patch
-
http://osvdb.org/43346
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
Advisories | Mandriva
-
http://secunia.com/advisories/29451
About Secunia Research | Flexera
-
https://issues.rpath.com/browse/RPL-2012
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
[SECURITY] Fedora 8 Update: krb5-1.6.2-14.fc8
-
http://security.gentoo.org/glsa/glsa-200803-31.xml
MIT Kerberos 5: Multiple vulnerabilities (GLSA 200803-31) — Gentoo security
-
http://secunia.com/advisories/29516
About Secunia Research | Flexera
-
http://bugs.gentoo.org/show_bug.cgi?id=199214
199214 – mit-krb5 lib vulnerabilityExploit
-
http://seclists.org/fulldisclosure/2007/Dec/0176.html
Full Disclosure: MIT Kerberos 5: Multiple vulnerabilities
-
http://secunia.com/advisories/39290
Sign in
-
http://docs.info.apple.com/article.html?artnum=307562
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11451
404 Not Found
-
http://secunia.com/advisories/29464
About Secunia Research | Flexera
-
http://ubuntu.com/usn/usn-924-1
USN-924-1: Kerberos vulnerabilities | Ubuntu security notices
-
http://www.redhat.com/support/errata/RHSA-2008-0164.html
Support
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Jump to