CyberSec.Space Logo
Back to CVE Browser

CVE-2007-5902

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0760%
EPSS Percentile7.97th
PublishedDec 6, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.

Affected Platforms (CPE)

πŸ“¦
Mit

Kerberos 5

All versions

References & Advisories

πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=199214
πŸ”— http://osvdb.org/44748
πŸ”— http://seclists.org/fulldisclosure/2007/Dec/0176.html
πŸ”— http://seclists.org/fulldisclosure/2007/Dec/0321.html
πŸ”— http://secunia.com/advisories/28636
πŸ”— http://secunia.com/advisories/29457
πŸ”— http://secunia.com/advisories/39290
πŸ”— http://secunia.com/advisories/39784

Related Vulnerabilities

CVE-2000-039110.0

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

CVE-2000-039010.0

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

CVE-2000-038910.0

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

CVE-2000-051410.0

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cau...