9 - CVE-2007-1216

Executive Summary

Informations
Name	CVE-2007-1216	First vendor Publication	2007-04-05
Vendor	Cve	Last vendor Modification	2021-02-02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score	9	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	8	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-415	Double Free

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11135

Oval ID:	oval:org.mitre.oval:def:11135
Title:	Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Description:	Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1216	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section krb5-workstation is earlier than 0:1.2.7-61 AND krb5 is earlier than 0:1.2.7-61 AND krb5-libs is earlier than 0:1.2.7-61 AND krb5-server is earlier than 0:1.2.7-61 AND krb5-devel is earlier than 0:1.2.7-61 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section krb5-workstation is earlier than 0:1.3.4-46 AND krb5 is earlier than 0:1.3.4-46 AND krb5-libs is earlier than 0:1.3.4-46 AND krb5-server is earlier than 0:1.3.4-46 AND krb5-devel is earlier than 0:1.3.4-46 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section krb5-workstation is earlier than 0:1.5-23 AND krb5 is earlier than 0:1.5-23 AND krb5-libs is earlier than 0:1.5-23 AND krb5-server is earlier than 0:1.5-23 AND krb5-devel is earlier than 0:1.5-23

Definition Id: oval:org.mitre.oval:def:18864

Oval ID:	oval:org.mitre.oval:def:18864
Title:	DSA-1276-1 krb5 - several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1276-1 CVE-2007-0956 CVE-2007-0957 CVE-2007-1216	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	krb5
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND krb5 DPKG is earlier than 1.4.4-7etch1

Definition Id: oval:org.mitre.oval:def:22677

Oval ID:	oval:org.mitre.oval:def:22677
Title:	ELSA-2007:0095: krb5 security update (Critical)
Description:	Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0095-01 CVE-2007-0956 CVE-2007-0957 CVE-2007-1216	Version:	17
Platform(s):	Oracle Linux 5	Product(s):	krb5
Definition Synopsis:
Oracle Linux 5.x rpm test krb5-libs is earlier than 0:1.5-23 AND krb5-devel is earlier than 0:1.5-23 AND krb5-server is earlier than 0:1.5-23 AND krb5 is earlier than 0:1.5-23 AND krb5-workstation is earlier than 0:1.5-23

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.6:::::::* cpe:2.3:a:mit:kerberos_5:1.5.3:::::::* cpe:2.3:a:mit:kerberos_5:1.5.2:::::::* cpe:2.3:a:mit:kerberos_5:1.5.1:::::::* cpe:2.3:a:mit:kerberos_5:1.5:::::::* cpe:2.3:a:mit:kerberos_5:1.4.4:::::::* cpe:2.3:a:mit:kerberos_5:1.4.3:::::::* cpe:2.3:a:mit:kerberos_5:1.4.2:::::::* cpe:2.3:a:mit:kerberos_5:1.4.1:::::::* cpe:2.3:a:mit:kerberos_5:1.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.6:::::::* cpe:2.3:a:mit:kerberos_5:1.3.5:::::::* cpe:2.3:a:mit:kerberos_5:1.3.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.3:::::::* cpe:2.3:a:mit:kerberos_5:1.3.2:::::::* cpe:2.3:a:mit:kerberos_5:1.3.1:::::::* cpe:2.3:a:mit:kerberos_5:1.3:-:::::: cpe:2.3:a:mit:kerberos_5:1.3:alpha1:::::: cpe:2.3:a:mit:kerberos_5:1.2.8:::::::* cpe:2.3:a:mit:kerberos_5:1.2.7:::::::* cpe:2.3:a:mit:kerberos_5:1.2.6:::::::* cpe:2.3:a:mit:kerberos_5:1.2.5:::::::* cpe:2.3:a:mit:kerberos_5:1.2.4:::::::* cpe:2.3:a:mit:kerberos_5:1.2.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.2:::::::* cpe:2.3:a:mit:kerberos_5:1.2.1:::::::* cpe:2.3:a:mit:kerberos_5:1.2:beta1:::::: cpe:2.3:a:mit:kerberos_5:1.2:-:::::: cpe:2.3:a:mit:kerberos_5:1.2:beta2:::::: cpe:2.3:a:mit:kerberos_5:1.1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.0.6:::::::* cpe:2.3:a:mit:kerberos_5:1.0:-:::::: cpe:2.3:a:mit:kerberos_5:::::::: cpe:2.3:a:mit:kerberos_5:-:::::::*	35
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::* cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*	3
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:4.0:::::::* cpe:2.3:o:debian:debian_linux:3.1:::::::*	2

OpenVAS Exploits

Date	Description
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-05-05	Name : HP-UX Update for Kerberos HPSBUX02217 File : nvt/gb_hp_ux_HPSBUX02217.nasl
2009-04-09	Name : Mandriva Update for krb5 MDKSA-2007:077 (krb5) File : nvt/gb_mandriva_MDKSA_2007_077.nasl
2009-04-09	Name : Mandriva Update for krb5 MDKSA-2007:077-1 (krb5) File : nvt/gb_mandriva_MDKSA_2007_077_1.nasl
2009-03-23	Name : Ubuntu Update for krb5 vulnerabilities USN-449-1 File : nvt/gb_ubuntu_USN_449_1.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-0740 File : nvt/gb_fedora_2007_0740_krb5_fc7.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-2017 File : nvt/gb_fedora_2007_2017_krb5_fc7.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-2066 File : nvt/gb_fedora_2007_2066_krb5_fc7.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-408 File : nvt/gb_fedora_2007_408_krb5_fc6.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-409 File : nvt/gb_fedora_2007_409_krb5_fc5.nasl
2009-02-27	Name : Fedora Update for krb5 FEDORA-2007-620 File : nvt/gb_fedora_2007_620_krb5_fc5.nasl
2009-02-16	Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl
2009-01-28	Name : SuSE Update for krb5 SUSE-SA:2007:025 File : nvt/gb_suse_2007_025.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200704-02 (mit-krb5) File : nvt/glsa_200704_02.nasl
2008-01-17	Name : Debian Security Advisory DSA 1276-1 (krb5) File : nvt/deb_1276_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
34105	MIT Kerberos 5 kadmind GSS-API Library Remote Key Database Manipulation

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0095.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-3046.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-449-1.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_krb5-3045.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34991.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_36286.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_36361.nasl - Type : ACT_GATHER_INFO
2007-04-21	Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2007-004.nasl - Type : ACT_GATHER_INFO
2007-04-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1276.nasl - Type : ACT_GATHER_INFO
2007-04-05	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0095.nasl - Type : ACT_GATHER_INFO
2007-04-05	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200704-02.nasl - Type : ACT_GATHER_INFO
2007-04-05	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-077.nasl - Type : ACT_GATHER_INFO
2007-04-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0095.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
BID	http://www.securityfocus.com/bid/23282
BUGTRAQ	http://www.securityfocus.com/archive/1/464591/100/0/threaded http://www.securityfocus.com/archive/1/464666/100/0/threaded http://www.securityfocus.com/archive/1/464814/30/7170/threaded
CERT	http://www.us-cert.gov/cas/techalerts/TA07-093B.html http://www.us-cert.gov/cas/techalerts/TA07-109A.html
CERT-VN	http://www.kb.cert.org/vuls/id/419344
CONFIRM	http://docs.info.apple.com/article.html?artnum=305391 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt
DEBIAN	http://www.debian.org/security/2007/dsa-1276
GENTOO	http://security.gentoo.org/glsa/glsa-200704-02.xml
HP	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=...
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDKSA-2007:077
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2007-0095.html
SECTRACK	http://www.securitytracker.com/id?1017852
SECUNIA	http://secunia.com/advisories/24706 http://secunia.com/advisories/24735 http://secunia.com/advisories/24736 http://secunia.com/advisories/24740 http://secunia.com/advisories/24750 http://secunia.com/advisories/24757 http://secunia.com/advisories/24785 http://secunia.com/advisories/24786 http://secunia.com/advisories/24817 http://secunia.com/advisories/24966 http://secunia.com/advisories/25388
SGI	ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc
SUSE	http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html
UBUNTU	http://www.ubuntu.com/usn/usn-449-1
VUPEN	http://www.vupen.com/english/advisories/2007/1218 http://www.vupen.com/english/advisories/2007/1470 http://www.vupen.com/english/advisories/2007/1916
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/33413

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:06:05	Multiple Updates
2024-02-01 12:02:12	Multiple Updates
2023-09-05 12:05:41	Multiple Updates
2023-09-05 01:02:03	Multiple Updates
2023-09-02 12:05:46	Multiple Updates
2023-09-02 01:02:04	Multiple Updates
2023-08-12 12:06:45	Multiple Updates
2023-08-12 01:02:04	Multiple Updates
2023-08-11 12:05:50	Multiple Updates
2023-08-11 01:02:07	Multiple Updates
2023-08-06 12:05:32	Multiple Updates
2023-08-06 01:02:05	Multiple Updates
2023-08-04 12:05:38	Multiple Updates
2023-08-04 01:02:08	Multiple Updates
2023-07-14 12:05:37	Multiple Updates
2023-07-14 01:02:05	Multiple Updates
2023-03-29 01:06:17	Multiple Updates
2023-03-28 12:02:10	Multiple Updates
2022-10-11 12:04:57	Multiple Updates
2022-10-11 01:01:56	Multiple Updates
2021-05-04 12:05:56	Multiple Updates
2021-04-22 01:06:29	Multiple Updates
2021-02-02 21:23:17	Multiple Updates
2020-05-23 01:37:54	Multiple Updates
2020-05-23 00:19:22	Multiple Updates
2018-10-16 21:19:51	Multiple Updates
2018-09-25 12:06:29	Multiple Updates
2017-10-11 09:23:52	Multiple Updates
2017-07-29 12:02:04	Multiple Updates
2016-04-26 15:49:34	Multiple Updates
2014-02-17 10:39:18	Multiple Updates
2013-05-11 10:20:03	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	40
Sources(s)	35
osvdb(s)	1
Openvas Exploit(s)	15
Nessus® Exploit(s)	13

	Related
9	USN-449-1
9	DSA-1276
8.5	HPSBUX02217 SSR...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

9 - CVE-2007-1216

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU