CVE-2007-5471

4 documents4 sources

Severity

7.8HIGH

EPSS

0.8%

top 25.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Suse Linux

Timeline

PublishedOct 16

Latest updateMay 1

Description

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDsuse/suse_linux10

Patches

Patch: www.securityfocus.com ↗Patch: secure-support.novell.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mcgr-4jxq-p7jr: libgssapi before 0↗2022-05-01

▶

CVEList

CVE-2007-5471: libgssapi before 0↗2007-10-16

▶

📋Vendor Advisories

Red Hat

CVE-2007-5471: libgssapi before 0↗

▶