CyberSec.Space Logo
Back to CVE Browser

CVE-2007-5939

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile16.98th
PublishedDec 6, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.

Affected Platforms (CPE)

πŸ“¦
Heimdal

Heimdal

= 0.7.2

References & Advisories

πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=199207
πŸ”— http://marc.info/?l=full-disclosure&m=119704362903699&w=2
πŸ”— http://osvdb.org/44750
πŸ”— http://securitytracker.com/id?1019057
πŸ”— http://www.mandriva.com/security/advisories?name=MDKSA-2007:239
πŸ”— http://www.securityfocus.com/bid/26758
πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=199207
πŸ”— http://marc.info/?l=full-disclosure&m=119704362903699&w=2

Related Vulnerabilities

CVE-2002-122510.0

Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers ...

CVE-2002-123510.0

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1....

CVE-2002-122610.0

Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remo...

CVE-2011-486210.0

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) ...