CVE-2007-5972
published 2007-12-06CVE-2007-5972: Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated…
PriorityP434critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
2.68%
83.9th percentile
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.6.dfsg.4~beta1-1 (bookworm) | krb5 1.6.dfsg.4~beta1-1 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-1 | 1.6.dfsg.4~beta1-1 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-1 | 1.6.dfsg.4~beta1-1 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-1 | 1.6.dfsg.4~beta1-1 |
| mit | krb5 | >= 0 < 1.6.dfsg.4~beta1-1 | 1.6.dfsg.4~beta1-1 |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL
vendor_ubuntu10.0CRITICAL
vendor_debian9.0LOW
vendor_redhat9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cpvg-gx3j-rfm4: Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default
ghsa_unreviewed·2022-05-01
CVE-2007-5972 [HIGH] CWE-119 GHSA-cpvg-gx3j-rfm4: Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
OSV
CVE-2007-5972: Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default
osv·2007-12-06·CVSS 9.0
CVE-2007-5972 [CRITICAL] CVE-2007-5972: Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2010-05-19·CVSS 10.0
CVE-2007-5971 [CRITICAL] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Unauthenticated remote attackers could cause Kerberos servers to crash,
leading to a denial of service.
It was discovered that Kerberos did not correctly free memory in the
GSSAPI and kdb libraries. If a remote attacker were able to manipulate
an application using these libraries carefully, the service could
crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was
affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)
Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos
did not correctly verify certain packet structures. An unauthenticated
remote attacker could send specially crafted traffic to cause the KDC or
kadmind services to crash, leading to a denial of service. (CVE-2010-1320,
CVE-2010-1321)
Instructions: In ge
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2010-04-07·CVSS 6.9
CVE-2007-5901 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos vulnerabilities
Sol Jerome discovered that the Kerberos kadmind service did not correctly
free memory. An unauthenticated remote attacker could send specially
crafted traffic to crash the kadmind process, leading to a denial of
service. (CVE-2010-0629)
It was discovered that Kerberos did not correctly free memory in
the GSSAPI library. If a remote attacker were able to manipulate an
application using GSSAPI carefully, the service could crash, leading to
a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901,
CVE-2007-5971)
It was discovered that Kerberos did not correctly free memory in the
GSSAPI and kdb libraries. If a remote attacker were able to manipulate
an application using these libraries carefully, the service coul
Red Hat
krb5: double free in kdb lib
vendor_redhat·2007-11-14·CVSS 9.0
CVE-2007-5972 [CRITICAL] krb5: double free in kdb lib
krb5: double free in kdb lib
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
Statement: This issue is not a vulnerability, for more information see https://marc.info/?m=119743235325151
Debian
CVE-2007-5972: krb5 - Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_def...
vendor_debian·2007·CVSS 9.0
CVE-2007-5972 [CRITICAL] CVE-2007-5972: krb5 - Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_def...
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
Scope: local
bookworm: resolved (fixed in 1.6.dfsg.4~beta1-1)
bullseye: resolved (fixed in 1.6.dfsg.4~beta1-1)
forky: resolved (fixed in 1.6.dfsg.4~beta1-1)
sid: resolved (fixed in 1.6.dfsg.4~beta1-1)
trixie: resolved (fixed in 1.6.dfsg.4~beta1-1)
No detection rules found.
No public exploits indexed.
http://bugs.gentoo.org/show_bug.cgi?id=199211http://osvdb.org/44747http://seclists.org/fulldisclosure/2007/Dec/0176.htmlhttp://seclists.org/fulldisclosure/2007/Dec/0321.htmlhttp://secunia.com/advisories/28636http://secunia.com/advisories/39290http://secunia.com/advisories/39784http://ubuntu.com/usn/usn-924-1http://www.novell.com/linux/security/advisories/suse_security_summary_report.htmlhttp://www.securityfocus.com/bid/26750http://www.ubuntu.com/usn/USN-940-1http://www.vupen.com/english/advisories/2010/1192https://issues.rpath.com/browse/RPL-2012http://bugs.gentoo.org/show_bug.cgi?id=199211http://osvdb.org/44747http://seclists.org/fulldisclosure/2007/Dec/0176.htmlhttp://seclists.org/fulldisclosure/2007/Dec/0321.htmlhttp://secunia.com/advisories/28636http://secunia.com/advisories/39290http://secunia.com/advisories/39784http://ubuntu.com/usn/usn-924-1http://www.novell.com/linux/security/advisories/suse_security_summary_report.htmlhttp://www.securityfocus.com/bid/26750http://www.ubuntu.com/usn/USN-940-1http://www.vupen.com/english/advisories/2010/1192https://issues.rpath.com/browse/RPL-2012
2007-12-06
Published