CVE-2007-1216
published 2007-04-06CVE-2007-1216: Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before…
PriorityP346critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
9.88%
95.0th percentile
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.4.4-8 (bookworm) | krb5 1.4.4-8 (bookworm) |
| mit | kerberos_5 | < 1.6.1 | 1.6.1 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
| mit | krb5 | >= 0 < 1.4.4-8 | 1.4.4-8 |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL
vendor_ubuntu10.0CRITICAL
vendor_debian9.0HIGH
vendor_redhat9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5j9h-62w2-p327: Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal
ghsa_unreviewed·2022-05-03
CVE-2007-1216 [HIGH] CWE-415 GHSA-5j9h-62w2-p327: Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
OSV
CVE-2007-1216: Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal
osv·2007-04-06·CVSS 9.0
CVE-2007-1216 [CRITICAL] CVE-2007-1216: Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Ubuntu
krb5 vulnerabilities
vendor_ubuntu·2007-04-04·CVSS 10.0
CVE-2007-0956 [CRITICAL] krb5 vulnerabilities
Title: krb5 vulnerabilities
Summary: krb5 vulnerabilities
The krb5 telnet service did not appropriately verify user names. A
remote attacker could log in as the root user by requesting a specially
crafted user name. (CVE-2007-0956)
The krb5 syslog library did not correctly verify the size of log
messages. A remote attacker could send a specially crafted message and
execute arbitrary code with root privileges. (CVE-2007-0957)
The krb5 administration service was vulnerable to a double-free in the
GSS RPC library. A remote attacker could send a specially crafted
request and execute arbitrary code with root privileges. (CVE-2007-1216)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
krb5 double free flaw
vendor_redhat·2007-04-03·CVSS 9.0
CVE-2007-1216 [CRITICAL] krb5 double free flaw
krb5 double free flaw
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Debian
CVE-2007-1216: krb5 - Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), a...
vendor_debian·2007·CVSS 9.0
CVE-2007-1216 [CRITICAL] CVE-2007-1216: krb5 - Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), a...
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Scope: local
bookworm: resolved (fixed in 1.4.4-8)
bullseye: resolved (fixed in 1.4.4-8)
forky: resolved (fixed in 1.4.4-8)
sid: resolved (fixed in 1.4.4-8)
trixie: resolved (fixed in 1.4.4-8)
No detection rules found.
No public exploits indexed.
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.aschttp://docs.info.apple.com/article.html?artnum=305391http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056923http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlhttp://secunia.com/advisories/24706http://secunia.com/advisories/24735http://secunia.com/advisories/24736http://secunia.com/advisories/24740http://secunia.com/advisories/24750http://secunia.com/advisories/24757http://secunia.com/advisories/24785http://secunia.com/advisories/24786http://secunia.com/advisories/24817http://secunia.com/advisories/24966http://secunia.com/advisories/25388http://security.gentoo.org/glsa/glsa-200704-02.xmlhttp://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txthttp://www.debian.org/security/2007/dsa-1276http://www.kb.cert.org/vuls/id/419344http://www.mandriva.com/security/advisories?name=MDKSA-2007:077http://www.redhat.com/support/errata/RHSA-2007-0095.htmlhttp://www.securityfocus.com/archive/1/464591/100/0/threadedhttp://www.securityfocus.com/archive/1/464666/100/0/threadedhttp://www.securityfocus.com/archive/1/464814/30/7170/threadedhttp://www.securityfocus.com/bid/23282http://www.securitytracker.com/id?1017852http://www.ubuntu.com/usn/usn-449-1http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-109A.htmlhttp://www.vupen.com/english/advisories/2007/1218http://www.vupen.com/english/advisories/2007/1470http://www.vupen.com/english/advisories/2007/1916https://exchange.xforce.ibmcloud.com/vulnerabilities/33413https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11135ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.aschttp://docs.info.apple.com/article.html?artnum=305391http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056923http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.htmlhttp://secunia.com/advisories/24706http://secunia.com/advisories/24735http://secunia.com/advisories/24736http://secunia.com/advisories/24740http://secunia.com/advisories/24750http://secunia.com/advisories/24757http://secunia.com/advisories/24785http://secunia.com/advisories/24786http://secunia.com/advisories/24817http://secunia.com/advisories/24966http://secunia.com/advisories/25388http://security.gentoo.org/glsa/glsa-200704-02.xmlhttp://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txthttp://www.debian.org/security/2007/dsa-1276http://www.kb.cert.org/vuls/id/419344http://www.mandriva.com/security/advisories?name=MDKSA-2007:077http://www.redhat.com/support/errata/RHSA-2007-0095.htmlhttp://www.securityfocus.com/archive/1/464591/100/0/threadedhttp://www.securityfocus.com/archive/1/464666/100/0/threadedhttp://www.securityfocus.com/archive/1/464814/30/7170/threadedhttp://www.securityfocus.com/bid/23282http://www.securitytracker.com/id?1017852http://www.ubuntu.com/usn/usn-449-1http://www.us-cert.gov/cas/techalerts/TA07-093B.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-109A.htmlhttp://www.vupen.com/english/advisories/2007/1218http://www.vupen.com/english/advisories/2007/1470http://www.vupen.com/english/advisories/2007/1916https://exchange.xforce.ibmcloud.com/vulnerabilities/33413https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11135
2007-04-06
Published