CVE-2007-2442
published 2007-06-26CVE-2007-2442: The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a…
PriorityP347critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
11.38%
95.4th percentile
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.6.dfsg.1-5 (bookworm) | krb5 1.6.dfsg.1-5 (bookworm) |
| mit | kerberos_5 | <= 1.6.1 | — |
| mit | krb5 | >= 0 < 1.6.dfsg.1-5 | 1.6.dfsg.1-5 |
| mit | krb5 | >= 0 < 1.6.dfsg.1-5 | 1.6.dfsg.1-5 |
| mit | krb5 | >= 0 < 1.6.dfsg.1-5 | 1.6.dfsg.1-5 |
| mit | krb5 | >= 0 < 1.6.dfsg.1-5 | 1.6.dfsg.1-5 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0HIGH
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
krb5 vulnerabilities
vendor_ubuntu·2007-06-27·CVSS 10.0
CVE-2007-2442 [CRITICAL] krb5 vulnerabilities
Title: krb5 vulnerabilities
Summary: krb5 vulnerabilities
Wei Wang discovered that the krb5 RPC library did not correctly handle
certain error conditions. A remote attacker could cause kadmind to free
an uninitialized pointer, leading to a denial of service or possibly
execution of arbitrary code with root privileges. (CVE-2007-2442)
Wei Wang discovered that the krb5 RPC library did not correctly check
the size of certain communications. A remote attacker could send a
specially crafted request to kadmind and execute arbitrary code with
root privileges. (CVE-2007-2443)
It was discovered that the kadmind service could be made to overflow its
stack. A remote attacker could send a specially crafted request and
execute arbitrary code with root privileges. (CVE-2007-2798)
Instructions: In g
Red Hat
krb5 RPC library unitialized pointer free
vendor_redhat·2007-06-26·CVSS 10.0
CVE-2007-2442 [CRITICAL] krb5 RPC library unitialized pointer free
krb5 RPC library unitialized pointer free
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
Debian
CVE-2007-2442: krb5 - The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) ...
vendor_debian·2007·CVSS 10.0
CVE-2007-2442 [CRITICAL] CVE-2007-2442: krb5 - The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) ...
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
Scope: local
bookworm: resolved (fixed in 1.6.dfsg.1-5)
bullseye: resolved (fixed in 1.6.dfsg.1-5)
forky: resolved (fixed in 1.6.dfsg.1-5)
sid: resolved (fixed in 1.6.dfsg.1-5)
trixie: resolved (fixed in 1.6.dfsg.1-5)
GHSA
GHSA-6hfh-4j58-7r89: The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1
ghsa_unreviewed·2022-05-03
CVE-2007-2442 [HIGH] GHSA-6hfh-4j58-7r89: The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
OSV
CVE-2007-2442: The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1
osv·2007-06-26·CVSS 10.0
CVE-2007-2442 [CRITICAL] CVE-2007-2442: The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
No detection rules found.
No public exploits indexed.
CWE
Improper Input Validation
mitre_cwe
CWE-20 Improper Input Validation
CWE-20: Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
Input validation is a frequently-used technique
for checking potentially dangerous inputs in order to
ensure that the inputs are safe for processing within the
code, or when communicating with other components. Input can consist of: raw data - strings, numbers, parameters, file contents, etc. metadata - information about the raw data, such as headers or size Data can be simple or structured. Structured data
can be composed of many nested layers, composed of
combinations of metadata and raw data, with other simple or
structured data. Many properties of raw data or metadata may n
CWE
Access of Uninitialized Pointer
mitre_cwe
CWE-824 Access of Uninitialized Pointer
CWE-824: Access of Uninitialized Pointer
The product accesses or uses a pointer that has not been initialized.
If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks. Depending on memory layout, associated memory management behaviors, and product operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://docs.info.apple.com/article.html?artnum=306172http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlhttp://osvdb.org/36596http://secunia.com/advisories/25800http://secunia.com/advisories/25801http://secunia.com/advisories/25814http://secunia.com/advisories/25821http://secunia.com/advisories/25841http://secunia.com/advisories/25870http://secunia.com/advisories/25888http://secunia.com/advisories/25890http://secunia.com/advisories/25894http://secunia.com/advisories/25911http://secunia.com/advisories/26033http://secunia.com/advisories/26228http://secunia.com/advisories/26235http://secunia.com/advisories/26909http://secunia.com/advisories/27706http://secunia.com/advisories/40346http://security.gentoo.org/glsa/glsa-200707-11.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txthttp://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txthttp://www.debian.org/security/2007/dsa-1323http://www.kb.cert.org/vuls/id/356961http://www.mandriva.com/security/advisories?name=MDKSA-2007:137http://www.novell.com/linux/security/advisories/2007_38_krb5.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0384.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0562.htmlhttp://www.securityfocus.com/archive/1/472288/100/0/threadedhttp://www.securityfocus.com/archive/1/472432/100/0/threadedhttp://www.securityfocus.com/archive/1/472507/30/5970/threadedhttp://www.securityfocus.com/bid/24655http://www.securityfocus.com/bid/25159http://www.securitytracker.com/id?1018293http://www.trustix.org/errata/2007/0021/http://www.ubuntu.com/usn/usn-477-1http://www.us-cert.gov/cas/techalerts/TA07-177A.htmlhttp://www.vupen.com/english/advisories/2007/2337http://www.vupen.com/english/advisories/2007/2354http://www.vupen.com/english/advisories/2007/2491http://www.vupen.com/english/advisories/2007/2732http://www.vupen.com/english/advisories/2007/3229http://www.vupen.com/english/advisories/2010/1574https://exchange.xforce.ibmcloud.com/vulnerabilities/35082https://issues.rpath.com/browse/RPL-1499https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10631https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7344https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.htmlftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://docs.info.apple.com/article.html?artnum=306172http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlhttp://osvdb.org/36596http://secunia.com/advisories/25800http://secunia.com/advisories/25801http://secunia.com/advisories/25814http://secunia.com/advisories/25821http://secunia.com/advisories/25841http://secunia.com/advisories/25870http://secunia.com/advisories/25888http://secunia.com/advisories/25890http://secunia.com/advisories/25894http://secunia.com/advisories/25911http://secunia.com/advisories/26033http://secunia.com/advisories/26228http://secunia.com/advisories/26235http://secunia.com/advisories/26909http://secunia.com/advisories/27706http://secunia.com/advisories/40346http://security.gentoo.org/glsa/glsa-200707-11.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txthttp://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txthttp://www.debian.org/security/2007/dsa-1323http://www.kb.cert.org/vuls/id/356961http://www.mandriva.com/security/advisories?name=MDKSA-2007:137http://www.novell.com/linux/security/advisories/2007_38_krb5.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0384.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0562.htmlhttp://www.securityfocus.com/archive/1/472288/100/0/threadedhttp://www.securityfocus.com/archive/1/472432/100/0/threadedhttp://www.securityfocus.com/archive/1/472507/30/5970/threadedhttp://www.securityfocus.com/bid/24655http://www.securityfocus.com/bid/25159http://www.securitytracker.com/id?1018293http://www.trustix.org/errata/2007/0021/http://www.ubuntu.com/usn/usn-477-1http://www.us-cert.gov/cas/techalerts/TA07-177A.htmlhttp://www.vupen.com/english/advisories/2007/2337http://www.vupen.com/english/advisories/2007/2354http://www.vupen.com/english/advisories/2007/2491http://www.vupen.com/english/advisories/2007/2732http://www.vupen.com/english/advisories/2007/3229http://www.vupen.com/english/advisories/2010/1574https://exchange.xforce.ibmcloud.com/vulnerabilities/35082
+ 4 more references
2007-06-26
Published