CVE-2007-5971 – krb5: double free in gssapi lib
https://notcve.org/view.php?id=CVE-2007-5971
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Una vulnerabilidad de doble liberación en la función gss_krb5int_make_seal_token_v3 en la biblioteca lib/gssapi/krb5/k5sealv3.c en MIT Kerberos 5 (krb5), presenta un impacto desconocido y vectores de ataques. • http://bugs.gentoo.org/show_bug.cgi?id=199212 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43345 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/28636 http://secunia.com/advisories/29420 http://secunia.com/advisories/29450 http://secunia.com/advisories/29451 http://secunia.com/advisories • CWE-399: Resource Management Errors •
CVE-2007-5901 – krb5: use-after-free in gssapi lib
https://notcve.org/view.php?id=CVE-2007-5901
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Vulnerabilidad de uso después de liberación (use-after-free) en la función gss_indicate_mechs de lib/gssapi/mechglue/g_initialize.c en MIT Kerberos 5 (krb5) tiene impacto y vectores de ataque desconocidos. NOTA: esto podría ser resultado de una errata en el código fuente. • http://bugs.gentoo.org/show_bug.cgi?id=199214 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43346 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/29451 http://secunia.com/advisories/29464 http://secunia.com/advisories/29516 http://secunia.com/advisories/39290 http://security.gentoo.org • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2007-2442 – krb5 RPC library unitialized pointer free
https://notcve.org/view.php?id=CVE-2007-2442
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. La función gssrpc__svcauth_gssapi en la librería RPC de MIT Kerberos 5 (krb5) 1.6.1 y anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante credenciales RPC de longitud cero, lo cual provoca que kadmind libere un puntero no inicializado durante la limpieza. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://osvdb.org/36596 http://secunia.com/advisories/25800 http://secunia.com/advisories/25801 http://secunia.com/advisories/258 • CWE-824: Access of Uninitialized Pointer •
CVE-2007-2443 – krb5 RPC library stack overflow
https://notcve.org/view.php?id=CVE-2007-2443
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. Error de entero sin signo en la función gssrpc__svcauth_unix de svc_auth_unix.c en la librería RPC de MIT Kerberos 5 (krb5) 1.6.1 y anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante un valor de longitud negativa. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://osvdb.org/36597 http://secunia.com/advisories/25800 http://secunia.com/advisories/25801 http://secunia.com/advisories/258 •
CVE-2007-2798 – krb5 kadmind buffer overflow
https://notcve.org/view.php?id=CVE-2007-2798
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. Un desbordamiento de búfer en la región Stack de la memoria en la función rename_principal_2_svc en kadmind para MIT Kerberos versiones 1.5.3, 1.6.1, y otras versiones, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de una petición creada para renombrar un principal. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=548 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://osvdb.org/36595 http://secunia.com/advisories/25800 htt • CWE-787: Out-of-bounds Write •