Upstream information

CVE-2007-1216 at MITRE

Description

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 8.5
Vector AV:N/AC:M/Au:S/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 252487 [RESOLVED / FIXED], 256319 [RESOLVED / INVALID]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • krb5 >= 1.6.3-133.27.1
  • krb5-32bit >= 1.6.3-133.27.1
  • krb5-apps-clients >= 1.6.3-133.27.1
  • krb5-apps-servers >= 1.6.3-133.27.1
  • krb5-client >= 1.6.3-133.27.1
  • krb5-plugin-kdb-ldap >= 1.6.3-133.12
  • krb5-plugin-preauth-pkinit >= 1.6.3-133.12
  • krb5-server >= 1.6.3-133.27.1
  • krb5-x86 >= 1.6.3-133.27.1
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA krb5
SUSE Linux Enterprise Server 11 SP1 GA krb5-plugin-kdb-ldap
SUSE Linux Enterprise Server 11 SP2
  • krb5 >= 1.6.3-133.48.48.1
  • krb5-32bit >= 1.6.3-133.48.48.1
  • krb5-apps-clients >= 1.6.3-133.48.48.1
  • krb5-apps-servers >= 1.6.3-133.48.48.1
  • krb5-client >= 1.6.3-133.48.48.1
  • krb5-plugin-kdb-ldap >= 1.6.3-133.12
  • krb5-plugin-preauth-pkinit >= 1.6.3-133.12
  • krb5-server >= 1.6.3-133.48.48.1
  • krb5-x86 >= 1.6.3-133.48.48.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA krb5
SUSE Linux Enterprise Server 11 SP2 GA krb5-plugin-kdb-ldap
SUSE Linux Enterprise Server 11 SP3
  • krb5 >= 1.6.3-133.49.54.1
  • krb5-32bit >= 1.6.3-133.49.54.1
  • krb5-apps-clients >= 1.6.3-133.49.54.1
  • krb5-apps-servers >= 1.6.3-133.49.54.1
  • krb5-client >= 1.6.3-133.49.54.1
  • krb5-plugin-kdb-ldap >= 1.6.3-133.49.54.1
  • krb5-plugin-preauth-pkinit >= 1.6.3-133.49.54.1
  • krb5-server >= 1.6.3-133.49.54.1
  • krb5-x86 >= 1.6.3-133.49.54.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA krb5
SUSE Linux Enterprise Server 11 SP3 GA krb5-plugin-kdb-ldap
SUSE Linux Enterprise Server 11 SP4
  • krb5 >= 1.6.3-133.49.66.1
  • krb5-32bit >= 1.6.3-133.49.66.1
  • krb5-apps-clients >= 1.6.3-133.49.66.1
  • krb5-apps-servers >= 1.6.3-133.49.66.1
  • krb5-client >= 1.6.3-133.49.66.1
  • krb5-plugin-kdb-ldap >= 1.6.3-133.49.66.1
  • krb5-plugin-preauth-pkinit >= 1.6.3-133.49.66.1
  • krb5-server >= 1.6.3-133.49.66.1
  • krb5-x86 >= 1.6.3-133.49.66.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA krb5
SUSE Linux Enterprise Server 11 SP4 GA krb5-plugin-kdb-ldap
SUSE Linux Enterprise Software Development Kit 11 SP4
  • krb5-devel >= 1.6.3-133.49.66.1
  • krb5-devel-32bit >= 1.6.3-133.49.66.1
  • krb5-server >= 1.6.3-133.49.66.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA krb5-devel
SUSE LINUX 10.0
  • krb5 >= 1.4.1-5.5
  • krb5-32bit >= 1.4.1-5.5
  • krb5-64bit >= 1.4.1-5.5
  • krb5-devel >= 1.4.1-5.5
  • krb5-devel-32bit >= 1.4.1-5.5
  • krb5-devel-64bit >= 1.4.1-5.5
  • krb5-server >= 1.4.1-5.5
SUSE LINUX 10.1
  • krb5 >= 1.4.3-19.10.3
  • krb5-32bit >= 1.4.3-19.10.3
  • krb5-64bit >= 1.4.3-19.10.3
  • krb5-devel >= 1.4.3-19.10.3
  • krb5-devel-32bit >= 1.4.3-19.10.3
  • krb5-devel-64bit >= 1.4.3-19.10.3
  • krb5-server >= 1.4.3-19.10.3
SUSE LINUX 9.3
  • krb5 >= 1.4-16.9
  • krb5-32bit >= 9.3-7.3
  • krb5-devel >= 1.4-16.9
  • krb5-devel-32bit >= 9.3-7.2
  • krb5-server >= 1.4-16.9