CVE-2007-2442 — HIGH (10.0)

Q: How severe is CVE-2007-2442?

CVE-2007-2442 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-2442?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Mit	Kerberos 5	<= 1.6.1
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-824

References

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.ascBroken Link
http://docs.info.apple.com/article.html?artnum=306172Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427Broken Link
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlMailing ListThird Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlThird Party Advisory
http://osvdb.org/36596Broken Link
http://secunia.com/advisories/25800Broken LinkThird Party Advisory
http://secunia.com/advisories/25801Broken LinkThird Party Advisory
http://secunia.com/advisories/25814Broken LinkThird Party Advisory
http://secunia.com/advisories/25821Broken LinkThird Party Advisory
http://secunia.com/advisories/25841Broken LinkThird Party Advisory
http://secunia.com/advisories/25870Broken LinkThird Party Advisory
http://secunia.com/advisories/25888Broken LinkThird Party Advisory
http://secunia.com/advisories/25890Broken LinkThird Party Advisory
http://secunia.com/advisories/25894Broken LinkThird Party Advisory

FAQ

What is CVE-2007-2442?

CVE-2007-2442 is a vulnerability with a CVSS score of 10.0 (HIGH). The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes ...

How severe is CVE-2007-2442?

CVE-2007-2442 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-2442?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Debian Debian Linux, Canonical Ubuntu Linux.