Back to search
CVE-2007-5939
Published: Dec 6, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1019057
vdb-entry
x_refsource_SECTRACK
44750
vdb-entry
x_refsource_OSVDB
26758
vdb-entry
x_refsource_BID
http://bugs.gentoo.org/show_bug.cgi?id=199207
x_refsource_CONFIRM
MDKSA-2007:239
vendor-advisory
x_refsource_MANDRIVA
20071207 Heimdal ftpd uninitialized vulnerability
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now