CVE-2007-5894

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5) (affected versions not specified)

Description The issue concerns the reply function in ftpd.c in the gssftp ftpd, where the length variable may not be initialized under specific conditions related to the auth type value. This could potentially be exploited through remote authenticated attack vectors. However, the vendor disputes this issue, stating that the condition for the uninitialized variable cannot occur in the unmodified source code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.