Vulnerability CVE-2007-5901

Vulnerability Name:

CVE-2007-5901 (CCN-38918)

Assigned:

2007-11-14

Published:

2007-11-14

Updated:

2017-09-29

Summary:

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
Note: this might be the result of a typo in the source code.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-399
CWE-416

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: Gentoo Bugzilla Bug 199214
mit-krb5 lib vulnerability

Source: MISC
Type: Exploit
http://bugs.gentoo.org/show_bug.cgi?id=199214

Source: MITRE
Type: CNA
CVE-2007-5901

Source: CCN
Type: Apple Web site
About Security Update 2008-002

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307562

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-03-18

Source: OSVDB
Type: UNKNOWN
43346

Source: CCN
Type: RHSA-2008-0164
Critical: krb5 security and bugfix update

Source: FULLDISC
Type: UNKNOWN
20071208 MIT Kerberos 5: Multiple vulnerabilities

Source: FULLDISC
Type: UNKNOWN
20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]

Source: SECUNIA
Type: UNKNOWN
29451

Source: SECUNIA
Type: UNKNOWN
29464

Source: SECUNIA
Type: UNKNOWN
29516

Source: SECUNIA
Type: UNKNOWN
39290

Source: GENTOO
Type: UNKNOWN
GLSA-200803-31

Source: UBUNTU
Type: UNKNOWN
USN-924-1

Source: CCN
Type: MIT Kerberos Web site
Kerberos 5

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:069

Source: CCN
Type: OSVDB ID: 43346
MIT Kerberos 5 lib/gssapi/mechglue/g_initialize.c gss_indicate_mechs Function User-after-free

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0164

Source: BID
Type: Patch
26750

Source: CCN
Type: BID-26750
MIT Kerberos Multiple Memory Corruption Vulnerabilities

Source: CCN
Type: USN-924-1
Kerberos vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2008-0924

Source: XF
Type: UNKNOWN
kerberos-gssindicatemechs-dos(38918)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-2012

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11451

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2637

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2647

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

AND

cpe:/a:mit:kerberos_5:*:*:*:*:*:*:*:* (Version <= 1.6.3_kdc)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.6:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:13507	P	USN-924-1 -- krb5 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:22707	P	ELSA-2008:0164: krb5 security and bugfix update (Critical)	2014-05-26
oval:org.mitre.oval:def:11451	V	Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.	2013-04-29
oval:com.redhat.rhsa:def:20080164	P	RHSA-2008:0164: krb5 security and bugfix update (Critical)	2008-03-18

BACK