CVE-2007-2442

Name of the Vulnerable Software and Affected Versions: krb5 versions prior to 1.5.2 krb5-server-1.5 version 1.5 krb5-libs-1.5 version 1.5 krb5-devel-1.5 version 1.5 krb5-workstation-1.5 version 1.5 MIT Kerberos 5 versions 1.6.1 and earlier

Description: The issue concerns multiple vulnerabilities in the krb5 package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The gssrpc svcauth gssapi function in the RPC library in MIT Kerberos 5 might allow remote attackers to execute arbitrary code via a zero-length RPC credential, causing kadmind to free an uninitialized pointer during cleanup.

Recommendations: For krb5 versions prior to 1.5.2, update to version 1.5.2 or later. For krb5-server-1.5 version 1.5, update to a newer version. For krb5-libs-1.5 version 1.5, update to a newer version. For krb5-devel-1.5 version 1.5, update to a newer version. For krb5-workstation-1.5 version 1.5, update to a newer version. For MIT Kerberos 5 versions 1.6.1 and earlier, update to a version later than 1.6.1. As a temporary workaround, consider restricting access to the RPC library to minimize the risk of exploitation.