Upstream information
Description
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
National Vulnerability Database | |
---|---|
Base Score | 10 |
Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
- SUSE-SA:2007:038, published Tue, 03 Jul 2007 17:00:00 +0000
- TID3248163, published Mo 24. Nov 17:13:20 CET 2014
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA krb5-devel-1.6.3-133.49.66.1 |
SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA krb5-1.6.3-133.27.1 SUSE Linux Enterprise Server 11 SP1 GA krb5-plugin-kdb-ldap-1.6.3-133.12 |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA krb5-1.6.3-133.48.48.1 SUSE Linux Enterprise Server 11 SP2 GA krb5-plugin-kdb-ldap-1.6.3-133.12 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA krb5-1.6.3-133.49.54.1 SUSE Linux Enterprise Server 11 SP3 GA krb5-plugin-kdb-ldap-1.6.3-133.49.54.1 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA krb5-1.6.3-133.49.66.1 SUSE Linux Enterprise Server 11 SP4 GA krb5-plugin-kdb-ldap-1.6.3-133.49.66.1 SUSE Linux Enterprise Software Development Kit 11 SP4 GA krb5-devel-1.6.3-133.49.66.1 |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA krb5-1.19.2-2.2 |