QwikSec

Security Database

CVE

CWE

Training

CVE-2007-2442

Published: Jun 26, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

mailing-list

x_refsource_FULLDISC

kerberos-gssrpcsvcauthgssapi-code-execution(35082)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:10631

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_VUPEN

20070629 TSLSA-2007-0021 - kerberos5

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_REDHAT

https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

APPLE-SA-2007-07-31

vendor-advisory

x_refsource_APPLE

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

oval:org.mitre.oval:def:7344

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_TRUSTIX

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT

SUSE-SA:2007:038

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

https://issues.rpath.com/browse/RPL-1499

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

http://docs.info.apple.com/article.html?artnum=306172

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_HP

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt

x_refsource_CONFIRM

vendor-advisory

x_refsource_SUNALERT

20070628 FLEA-2007-0029-1: krb5 krb5-workstation

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

20070626 MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.