PT-2007-6899 · Mit · Mit Kerberos 5

Published

2007-12-06

Updated

2024-06-15

CVE-2007-5972

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5) version 1.5

Description A double free vulnerability exists in the krb5 def store mkey function, which has unknown impact and can be exploited through remote authenticated attack vectors. The vulnerability is related to the storage of the krb5kdc master key, requiring the attacker to have privileges to store this key.

Recommendations For MIT Kerberos 5 (krb5) version 1.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-5972

OPENSUSE-SU-2024:10899-1

Affected Products

Mit Kerberos 5

PT-2007-6899 · Mit · Mit Kerberos 5

CVE-2007-5972

Weakness Enumeration

Related Identifiers

Affected Products

References · 38