CVE-2007-5894 : The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when au

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.

Published 2007-12-06 02:46:00

Updated 2024-04-11 00:43:04

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-5894

Probability of exploitation activity in the next 30 days: 3.45%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-5894

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

Vendor statements for CVE-2007-5894

Red Hat 2007-12-14

This issue is not a vulnerability, for more information see http://marc.info/?m=119743235325151

References for CVE-2007-5894

http://seclists.org/fulldisclosure/2007/Dec/0321.html

Full Disclosure: Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]

CVEs referencing this url
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html

CVEs referencing this url
http://www.securityfocus.com/bid/26750

CVEs referencing this url
http://secunia.com/advisories/29457

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

CVEs referencing this url
http://osvdb.org/44333
https://issues.rpath.com/browse/RPL-2012

CVEs referencing this url
http://secunia.com/advisories/28636

About Secunia Research | Flexera
Vendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0112

CVEs referencing this url
http://seclists.org/fulldisclosure/2007/Dec/0176.html

Full Disclosure: MIT Kerberos 5: Multiple vulnerabilities

CVEs referencing this url
http://www.securityfocus.com/archive/1/489883/100/0/threaded

CVEs referencing this url
http://bugs.gentoo.org/show_bug.cgi?id=199205

199205 – app-crypt/mit-krb5 <1.6.3-r1 multiple issues (CVE-2007-{5901,5902, 5971, 5972, 5894})

Products affected by CVE-2007-5894

MIT » Kerberos 5 » Version: N/A
cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-5894

Exploit prediction scoring system (EPSS) score for CVE-2007-5894

CVSS scores for CVE-2007-5894

Vendor statements for CVE-2007-5894

References for CVE-2007-5894

Products affected by CVE-2007-5894