CVE-2007-5971 – krb5: double free in gssapi lib
https://notcve.org/view.php?id=CVE-2007-5971
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Una vulnerabilidad de doble liberación en la función gss_krb5int_make_seal_token_v3 en la biblioteca lib/gssapi/krb5/k5sealv3.c en MIT Kerberos 5 (krb5), presenta un impacto desconocido y vectores de ataques. • http://bugs.gentoo.org/show_bug.cgi?id=199212 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43345 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/28636 http://secunia.com/advisories/29420 http://secunia.com/advisories/29450 http://secunia.com/advisories/29451 http://secunia.com/advisories • CWE-399: Resource Management Errors •
CVE-2007-5901 – krb5: use-after-free in gssapi lib
https://notcve.org/view.php?id=CVE-2007-5901
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Vulnerabilidad de uso después de liberación (use-after-free) en la función gss_indicate_mechs de lib/gssapi/mechglue/g_initialize.c en MIT Kerberos 5 (krb5) tiene impacto y vectores de ataque desconocidos. NOTA: esto podría ser resultado de una errata en el código fuente. • http://bugs.gentoo.org/show_bug.cgi?id=199214 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43346 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/29451 http://secunia.com/advisories/29464 http://secunia.com/advisories/29516 http://secunia.com/advisories/39290 http://security.gentoo.org • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2007-5972
https://notcve.org/view.php?id=CVE-2007-5972
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key. Una vulnerabilidad de doble liberación en la función krb5_def_store_mkey en la biblioteca lib/kdb/kdb_default.c en MIT Kerberos 5 (krb5) versión 1.5 presenta un impacto desconocido y vectores de ataque autenticados remotos. NOTA: las operaciones de liberación se producen en el código que almacena la clave maestra krb5kdc, por lo que el atacante requiere privilegios para almacenar esta clave. • http://bugs.gentoo.org/show_bug.cgi?id=199211 http://osvdb.org/44747 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/28636 http://secunia.com/advisories/39290 http://secunia.com/advisories/39784 http://ubuntu.com/usn/usn-924-1 http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www.securityfocus.com/bid/26750 http://www.ubuntu.com/usn/USN& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4743 – krb5 incomplete fix for CVE-2007-3999
https://notcve.org/view.php?id=CVE-2007-4743
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. El parche original para la CVE-2007-3999 en el svc_auth_gss.c de la librería RPCSEC_GSS RPC en el MIT Kerberos 5 (krb5) 1.4 hasta el 1.6.2, como el utilizado en el demonio de administración del Kerberos (kadmind) y otras aplicaciones que utlizan el krb5, no verifica correctamente la longitud del búfer en algunos entornos y arquitecturas, lo que puede permitir a atacantes remotos llevar a cabo un ataque de desbordamiento de búfer. • http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/26699 http://secunia.com/advisories/26987 http://secunia.com/advisories/27643 http://www.debian.org/security/2007/dsa-1387 http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.redhat.com/support/errata/RHSA-2007-0892.html http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4000 – krb5 kadmind uninitialized pointer
https://notcve.org/view.php?id=CVE-2007-4000
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. La función kadm5_modify_policy_internal en lib/kadm5/srv/svr_policy.c del demonio de administración de Kerberos (kadmind) en MIT Kerberos 5 (krb5) 1.5 hasta 1.6.2 no comprueba adecuadamente los valores de retorno cuando no existe política, lo cual podría permitir a usuarios autenticados remotos con el privilegio de "modificar política" ejecutar código de su elección mediante vectores no especificados que provocan una escritura en un puntero no inicializado. • http://secunia.com/advisories/26676 http://secunia.com/advisories/26680 http://secunia.com/advisories/26700 http://secunia.com/advisories/26728 http://secunia.com/advisories/26783 http://secunia.com/advisories/26987 http://securityreason.com/securityalert/3092 http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://www.kb.cert.org/vuls/id/377544 http://www.mandriva.com/security/advisories?name=MDKSA • CWE-824: Access of Uninitialized Pointer •