CVE-2007-5902
published 2007-12-06CVE-2007-5902: Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact…
PriorityP339critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.91%
92.3th percentile
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.6.dfsg.4~beta1-1 (bookworm) | krb5 1.6.dfsg.4~beta1-1 (bookworm) |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-1 | 1.6.dfsg.4~beta1-1 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-1 | 1.6.dfsg.4~beta1-1 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-1 | 1.6.dfsg.4~beta1-1 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-1 | 1.6.dfsg.4~beta1-1 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2010-05-19·CVSS 10.0
CVE-2007-5971 [CRITICAL] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Unauthenticated remote attackers could cause Kerberos servers to crash,
leading to a denial of service.
It was discovered that Kerberos did not correctly free memory in the
GSSAPI and kdb libraries. If a remote attacker were able to manipulate
an application using these libraries carefully, the service could
crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was
affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)
Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos
did not correctly verify certain packet structures. An unauthenticated
remote attacker could send specially crafted traffic to cause the KDC or
kadmind services to crash, leading to a denial of service. (CVE-2010-1320,
CVE-2010-1321)
Instructions: In ge
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2010-04-07·CVSS 6.9
CVE-2007-5901 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos vulnerabilities
Sol Jerome discovered that the Kerberos kadmind service did not correctly
free memory. An unauthenticated remote attacker could send specially
crafted traffic to crash the kadmind process, leading to a denial of
service. (CVE-2010-0629)
It was discovered that Kerberos did not correctly free memory in
the GSSAPI library. If a remote attacker were able to manipulate an
application using GSSAPI carefully, the service could crash, leading to
a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901,
CVE-2007-5971)
It was discovered that Kerberos did not correctly free memory in the
GSSAPI and kdb libraries. If a remote attacker were able to manipulate
an application using these libraries carefully, the service coul
Red Hat
krb5: integer overflow in rpc lib
vendor_redhat·2007-11-14·CVSS 10.0
CVE-2007-5902 [CRITICAL] CWE-190 krb5: integer overflow in rpc lib
krb5: integer overflow in rpc lib
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
Statement: This issue is not a practical vulnerability, for more information see https://marc.info/?m=119743235325151
Debian
CVE-2007-5902: krb5 - Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_g...
vendor_debian·2007·CVSS 10.0
CVE-2007-5902 [CRITICAL] CVE-2007-5902: krb5 - Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_g...
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
Scope: local
bookworm: resolved (fixed in 1.6.dfsg.4~beta1-1)
bullseye: resolved (fixed in 1.6.dfsg.4~beta1-1)
forky: resolved (fixed in 1.6.dfsg.4~beta1-1)
sid: resolved (fixed in 1.6.dfsg.4~beta1-1)
trixie: resolved (fixed in 1.6.dfsg.4~beta1-1)
GHSA
GHSA-p6m7-52v7-q7mq: Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss
ghsa_unreviewed·2022-05-01
CVE-2007-5902 [HIGH] GHSA-p6m7-52v7-q7mq: Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
OSV
CVE-2007-5902: Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss
osv·2007-12-06·CVSS 10.0
CVE-2007-5902 [CRITICAL] CVE-2007-5902: Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
No detection rules found.
No public exploits indexed.
http://bugs.gentoo.org/show_bug.cgi?id=199214http://osvdb.org/44748http://seclists.org/fulldisclosure/2007/Dec/0176.htmlhttp://seclists.org/fulldisclosure/2007/Dec/0321.htmlhttp://secunia.com/advisories/28636http://secunia.com/advisories/29457http://secunia.com/advisories/39290http://secunia.com/advisories/39784http://ubuntu.com/usn/usn-924-1http://wiki.rpath.com/Advisories:rPSA-2008-0112http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112http://www.novell.com/linux/security/advisories/suse_security_summary_report.htmlhttp://www.securityfocus.com/archive/1/489883/100/0/threadedhttp://www.securityfocus.com/bid/26750http://www.ubuntu.com/usn/USN-940-1http://www.vupen.com/english/advisories/2010/1192https://issues.rpath.com/browse/RPL-2012http://bugs.gentoo.org/show_bug.cgi?id=199214http://osvdb.org/44748http://seclists.org/fulldisclosure/2007/Dec/0176.htmlhttp://seclists.org/fulldisclosure/2007/Dec/0321.htmlhttp://secunia.com/advisories/28636http://secunia.com/advisories/29457http://secunia.com/advisories/39290http://secunia.com/advisories/39784http://ubuntu.com/usn/usn-924-1http://wiki.rpath.com/Advisories:rPSA-2008-0112http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112http://www.novell.com/linux/security/advisories/suse_security_summary_report.htmlhttp://www.securityfocus.com/archive/1/489883/100/0/threadedhttp://www.securityfocus.com/bid/26750http://www.ubuntu.com/usn/USN-940-1http://www.vupen.com/english/advisories/2010/1192https://issues.rpath.com/browse/RPL-2012
2007-12-06
Published