Back to search
CVE-2007-1216
Published: Apr 6, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
23282
vdb-entry
x_refsource_BID
ADV-2007-1218
vdb-entry
x_refsource_VUPEN
HPSBUX02217
vendor-advisory
x_refsource_HP
24966
third-party-advisory
x_refsource_SECUNIA
24706
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:11135
vdb-entry
signature
x_refsource_OVAL
24740
third-party-advisory
x_refsource_SECUNIA
1017852
vdb-entry
x_refsource_SECTRACK
RHSA-2007:0095
vendor-advisory
x_refsource_REDHAT
25388
third-party-advisory
x_refsource_SECUNIA
24786
third-party-advisory
x_refsource_SECUNIA
http://docs.info.apple.com/article.html?artnum=305391
x_refsource_CONFIRM
TA07-093B
third-party-advisory
x_refsource_CERT
20070405 FLEA-2007-0008-1: krb5
mailing-list
x_refsource_BUGTRAQ
DSA-1276
vendor-advisory
x_refsource_DEBIAN
24735
third-party-advisory
x_refsource_SECUNIA
TA07-109A
third-party-advisory
x_refsource_CERT
24750
third-party-advisory
x_refsource_SECUNIA
SSRT071337
vendor-advisory
x_refsource_HP
kerberos-kadmind-code-execution(33413)
vdb-entry
x_refsource_XF
24817
third-party-advisory
x_refsource_SECUNIA
24757
third-party-advisory
x_refsource_SECUNIA
20070403 MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216]
mailing-list
x_refsource_BUGTRAQ
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt
x_refsource_CONFIRM
ADV-2007-1916
vdb-entry
x_refsource_VUPEN
VU#419344
third-party-advisory
x_refsource_CERT-VN
SUSE-SA:2007:025
vendor-advisory
x_refsource_SUSE
24785
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:077
vendor-advisory
x_refsource_MANDRIVA
USN-449-1
vendor-advisory
x_refsource_UBUNTU
APPLE-SA-2007-04-19
vendor-advisory
x_refsource_APPLE
ADV-2007-1470
vdb-entry
x_refsource_VUPEN
24736
third-party-advisory
x_refsource_SECUNIA
20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
mailing-list
x_refsource_BUGTRAQ
GLSA-200704-02
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now