CVE-2007-5894

NONECVSS 0.0

0.0

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.

🔗 References (24)

cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=199205
cve@mitrehttp://osvdb.org/44333
cve@mitrehttp://seclists.org/fulldisclosure/2007/Dec/0176.html
cve@mitrehttp://seclists.org/fulldisclosure/2007/Dec/0321.html
cve@mitrehttp://secunia.com/advisories/28636
cve@mitrehttp://secunia.com/advisories/29457
cve@mitrehttp://wiki.rpath.com/Advisories:rPSA-2008-0112
cve@mitrehttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
cve@mitrehttp://www.novell.com/linux/security/advisories/suse_security_summary_report.html
cve@mitrehttp://www.securityfocus.com/archive/1/489883/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/26750
cve@mitrehttps://issues.rpath.com/browse/RPL-2012
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=199205
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/44333
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2007/Dec/0176.html

Is Your Infrastructure Affected by CVE-2007-5894?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-5894

📅 Published

🔄 Last Modified

🔗 References (24)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-5894?