CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-5939

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile16.98th
Published2007年12月6日
Last Modified2026年4月23日

Vulnerability Description

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.

Affected Platforms (CPE)

📦
Heimdal

Heimdal

= 0.7.2

References & Advisories

🔗 http://bugs.gentoo.org/show_bug.cgi?id=199207
🔗 http://marc.info/?l=full-disclosure&m=119704362903699&w=2
🔗 http://osvdb.org/44750
🔗 http://securitytracker.com/id?1019057
🔗 http://www.mandriva.com/security/advisories?name=MDKSA-2007:239
🔗 http://www.securityfocus.com/bid/26758
🔗 http://bugs.gentoo.org/show_bug.cgi?id=199207
🔗 http://marc.info/?l=full-disclosure&m=119704362903699&w=2

関連する脆弱性情報

CVE-2002-122510.0

Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers ...

CVE-2002-123510.0

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1....

CVE-2002-122610.0

Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remo...

CVE-2011-486210.0

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) ...