NVD Vulnerability Detail

CVE-2007-2442

Summary	The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
Summary	La función gssrpc__svcauth_gssapi en la librería RPC de MIT Kerberos 5 (krb5) 1.6.1 y anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante credenciales RPC de longitud cero, lo cual provoca que kadmind libere un puntero no inicializado durante la limpieza.
Publication Date	June 27, 2007, 7:30 a.m.
Registration Date	Jan. 29, 2021, 2:12 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mit:kerberos_5::::::::		1.6.1
cpe:2.3:o:debian:debian_linux:3.1:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*

Related information, measures and tools

No	URL	refsource
1	ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc	cve@mitre.org
2	http://docs.info.apple.com/article.html?artnum=306172	cve@mitre.org
3	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427	cve@mitre.org
4	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	cve@mitre.org
5	http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html	cve@mitre.org
6	http://osvdb.org/36596	cve@mitre.org
7	http://secunia.com/advisories/25800	cve@mitre.org
8	http://secunia.com/advisories/25801	cve@mitre.org
9	http://secunia.com/advisories/25814	cve@mitre.org
10	http://secunia.com/advisories/25821	cve@mitre.org
11	http://secunia.com/advisories/25841	cve@mitre.org
12	http://secunia.com/advisories/25870	cve@mitre.org
13	http://secunia.com/advisories/25888	cve@mitre.org
14	http://secunia.com/advisories/25890	cve@mitre.org
15	http://secunia.com/advisories/25894	cve@mitre.org
16	http://secunia.com/advisories/25911	cve@mitre.org
17	http://secunia.com/advisories/26033	cve@mitre.org
18	http://secunia.com/advisories/26228	cve@mitre.org
19	http://secunia.com/advisories/26235	cve@mitre.org
20	http://secunia.com/advisories/26909	cve@mitre.org
21	http://secunia.com/advisories/27706	cve@mitre.org
22	http://secunia.com/advisories/40346	cve@mitre.org
23	http://security.gentoo.org/glsa/glsa-200707-11.xml	cve@mitre.org
24	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1	cve@mitre.org
25	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt	cve@mitre.org
26	http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt	cve@mitre.org
27	http://www.debian.org/security/2007/dsa-1323	cve@mitre.org
28	http://www.kb.cert.org/vuls/id/356961	cve@mitre.org
29	http://www.mandriva.com/security/advisories?name=MDKSA-2007:137	cve@mitre.org
30	http://www.novell.com/linux/security/advisories/2007_38_krb5.html	cve@mitre.org
31	http://www.redhat.com/support/errata/RHSA-2007-0384.html	cve@mitre.org
32	http://www.redhat.com/support/errata/RHSA-2007-0562.html	cve@mitre.org
33	http://www.securityfocus.com/archive/1/472288/100/0/threaded	cve@mitre.org
34	http://www.securityfocus.com/archive/1/472432/100/0/threaded	cve@mitre.org
35	http://www.securityfocus.com/archive/1/472507/30/5970/threaded	cve@mitre.org
36	http://www.securityfocus.com/bid/24655	cve@mitre.org
37	http://www.securityfocus.com/bid/25159	cve@mitre.org
38	http://www.securitytracker.com/id?1018293	cve@mitre.org
39	http://www.trustix.org/errata/2007/0021/	cve@mitre.org
40	http://www.ubuntu.com/usn/usn-477-1	cve@mitre.org
41	http://www.us-cert.gov/cas/techalerts/TA07-177A.html	cve@mitre.org
42	http://www.vupen.com/english/advisories/2007/2337	cve@mitre.org
43	http://www.vupen.com/english/advisories/2007/2354	cve@mitre.org
44	http://www.vupen.com/english/advisories/2007/2491	cve@mitre.org
45	http://www.vupen.com/english/advisories/2007/2732	cve@mitre.org
46	http://www.vupen.com/english/advisories/2007/3229	cve@mitre.org
47	http://www.vupen.com/english/advisories/2010/1574	cve@mitre.org
48	https://exchange.xforce.ibmcloud.com/vulnerabilities/35082	cve@mitre.org
49	https://issues.rpath.com/browse/RPL-1499	cve@mitre.org
50	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10631	cve@mitre.org
51	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7344	cve@mitre.org
52	https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html	cve@mitre.org
53	ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc	af854a3a-2127-422b-91ae-364da2661108
54	http://docs.info.apple.com/article.html?artnum=306172	af854a3a-2127-422b-91ae-364da2661108
55	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427	af854a3a-2127-422b-91ae-364da2661108
56	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
57	http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html	af854a3a-2127-422b-91ae-364da2661108
58	http://osvdb.org/36596	af854a3a-2127-422b-91ae-364da2661108
59	http://secunia.com/advisories/25800	af854a3a-2127-422b-91ae-364da2661108
60	http://secunia.com/advisories/25801	af854a3a-2127-422b-91ae-364da2661108
61	http://secunia.com/advisories/25814	af854a3a-2127-422b-91ae-364da2661108
62	http://secunia.com/advisories/25821	af854a3a-2127-422b-91ae-364da2661108
63	http://secunia.com/advisories/25841	af854a3a-2127-422b-91ae-364da2661108
64	http://secunia.com/advisories/25870	af854a3a-2127-422b-91ae-364da2661108
65	http://secunia.com/advisories/25888	af854a3a-2127-422b-91ae-364da2661108
66	http://secunia.com/advisories/25890	af854a3a-2127-422b-91ae-364da2661108
67	http://secunia.com/advisories/25894	af854a3a-2127-422b-91ae-364da2661108
68	http://secunia.com/advisories/25911	af854a3a-2127-422b-91ae-364da2661108
69	http://secunia.com/advisories/26033	af854a3a-2127-422b-91ae-364da2661108
70	http://secunia.com/advisories/26228	af854a3a-2127-422b-91ae-364da2661108
71	http://secunia.com/advisories/26235	af854a3a-2127-422b-91ae-364da2661108
72	http://secunia.com/advisories/26909	af854a3a-2127-422b-91ae-364da2661108
73	http://secunia.com/advisories/27706	af854a3a-2127-422b-91ae-364da2661108
74	http://secunia.com/advisories/40346	af854a3a-2127-422b-91ae-364da2661108
75	http://security.gentoo.org/glsa/glsa-200707-11.xml	af854a3a-2127-422b-91ae-364da2661108
76	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1	af854a3a-2127-422b-91ae-364da2661108
77	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt	af854a3a-2127-422b-91ae-364da2661108
78	http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt	af854a3a-2127-422b-91ae-364da2661108
79	http://www.debian.org/security/2007/dsa-1323	af854a3a-2127-422b-91ae-364da2661108
80	http://www.kb.cert.org/vuls/id/356961	af854a3a-2127-422b-91ae-364da2661108
81	http://www.mandriva.com/security/advisories?name=MDKSA-2007:137	af854a3a-2127-422b-91ae-364da2661108
82	http://www.novell.com/linux/security/advisories/2007_38_krb5.html	af854a3a-2127-422b-91ae-364da2661108
83	http://www.redhat.com/support/errata/RHSA-2007-0384.html	af854a3a-2127-422b-91ae-364da2661108
84	http://www.redhat.com/support/errata/RHSA-2007-0562.html	af854a3a-2127-422b-91ae-364da2661108
85	http://www.securityfocus.com/archive/1/472288/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
86	http://www.securityfocus.com/archive/1/472432/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
87	http://www.securityfocus.com/archive/1/472507/30/5970/threaded	af854a3a-2127-422b-91ae-364da2661108
88	http://www.securityfocus.com/bid/24655	af854a3a-2127-422b-91ae-364da2661108
89	http://www.securityfocus.com/bid/25159	af854a3a-2127-422b-91ae-364da2661108
90	http://www.securitytracker.com/id?1018293	af854a3a-2127-422b-91ae-364da2661108
91	http://www.trustix.org/errata/2007/0021/	af854a3a-2127-422b-91ae-364da2661108
92	http://www.ubuntu.com/usn/usn-477-1	af854a3a-2127-422b-91ae-364da2661108
93	http://www.us-cert.gov/cas/techalerts/TA07-177A.html	af854a3a-2127-422b-91ae-364da2661108
94	http://www.vupen.com/english/advisories/2007/2337	af854a3a-2127-422b-91ae-364da2661108
95	http://www.vupen.com/english/advisories/2007/2354	af854a3a-2127-422b-91ae-364da2661108
96	http://www.vupen.com/english/advisories/2007/2491	af854a3a-2127-422b-91ae-364da2661108
97	http://www.vupen.com/english/advisories/2007/2732	af854a3a-2127-422b-91ae-364da2661108
98	http://www.vupen.com/english/advisories/2007/3229	af854a3a-2127-422b-91ae-364da2661108
99	http://www.vupen.com/english/advisories/2010/1574	af854a3a-2127-422b-91ae-364da2661108
100	https://exchange.xforce.ibmcloud.com/vulnerabilities/35082	af854a3a-2127-422b-91ae-364da2661108
101	https://issues.rpath.com/browse/RPL-1499	af854a3a-2127-422b-91ae-364da2661108
102	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10631	af854a3a-2127-422b-91ae-364da2661108
103	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7344	af854a3a-2127-422b-91ae-364da2661108
104	https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-824	初期化されていないポインタのアクセス	https://cwe.mitre.org/data/definitions/824.html

JVN Vulnerability Information

MIT Kerberos 5 RPC ライブラリの gssrpc__svcauth_gssapi() 関数における不正なメモリ領域が解放される脆弱性

Title	MIT Kerberos 5 RPC ライブラリの gssrpc__svcauth_gssapi() 関数における不正なメモリ領域が解放される脆弱性
Summary	MIT Kerberos 5 RPC ライブラリの gssrpc__svcauth_gssapi() 関数には長さ 0 の RPC 認証データを処理した場合のクリーンアップコードに不備が存在するために、初期化されていないポインタが指すメモリ領域が解放される脆弱性が存在します。
Possible impacts	第三者によって、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています (krb5-1.6.2 で修正済)。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 26, 2007, midnight
Registration Date	July 2, 2007, 6:14 p.m.
Last Update	July 15, 2010, 5:19 p.m.

Affected System

サン・マイクロシステムズ

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 8 (sparc)

Sun Solaris 8 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

レッドハット

Red Hat Enterprise Linux 2.1 (as)

Red Hat Enterprise Linux 2.1 (es)

Red Hat Enterprise Linux 2.1 (ws)

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Linux Advanced Workstation 2.1

RHEL Desktop Workstation 5 (client)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

ターボリナックス

Turbolinux 10_f

Turbolinux Appliance Server 2.0

Turbolinux Desktop 10

Turbolinux Multimedia

Turbolinux Personal

Turbolinux Server 10

Turbolinux Server 10 (x64)

Turbolinux Server 8

ターボリナックスホーム

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

日本電気

Express5800/FW

MIT Kerberos

Kerberos krb5-1.6.1 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2442	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
National Vulnerability Database (NVD)
2	CVE-2007-2442	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2442

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	krb5-1.6.1-17AXS3.1	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=218
HP Security Bulletin
2	HPSBUX02544	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02257427
MIRACLE LINUX アップデート情報
3	1072	http://www.miraclelinux.com/support/update/list.php?errata_id=1072
MIT krb5 Security Advisory
4	MITKerberos krb5-SA-2007-004	http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt
NEC製品セキュリティ情報
5	NV07-006	http://www.nec.co.jp/security-info/secinfo/nv07-006.html
Red Hat Security Advisory
6	RHSA-2007:0384	https://rhn.redhat.com/errata/RHSA-2007-0384.html
7	RHSA-2007:0562	https://rhn.redhat.com/errata/RHSA-2007-0562.html
Sun Alert Notification
8	102914	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1
レッドハットセキュリティーアップデート
9	RHSA-2007:0384	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0384J.html
10	RHSA-2007:0562	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0562J.html
製品セキュリティ情報
11	TLSA-2007-42	http://www.turbolinux.co.jp/security/2007/TLSA-2007-42j.txt

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2007-2337	http://www.frsirt.com/english/advisories/2007/2337
JVN
2	JVNTA07-177A	http://jvn.jp/cert/JVNTA07-177A/index.html
SecurityFocus
3	24655	http://www.securityfocus.com/bid/24655
US-CERT Technical Cyber Security Alert
4	TA07-177A	http://www.us-cert.gov/cas/techalerts/TA07-177A.html
US-CERT Vulnerability Note
5	VU#356961	http://www.kb.cert.org/vuls/id/356961

Change Log

No	Changed Details	Date of change
0	[2007年07月02日] 掲載 [2007年08月10日] 影響を受けるシステム：ターボリナックス (TLSA-2007-42) の情報追加。ベンダ情報: ターボリナックス (TLSA-2007-42) 追加。 [2007年10月10日] 影響を受けるシステム：日本電気 (NV07-006) の情報追加。ベンダ情報: 日本電気 (NV07-006) 追加。 [2008年10月29日] 影響を受けるシステム：ミラクル・リナックス（krb5-1.6.1-17AXS3.1）の情報を追加ベンダ情報：ミラクル・リナックス（krb5-1.6.1-17AXS3.1）を追加 [2010年07月15日] 影響を受けるシステム：ヒューレット・パッカード (HPSBUX02544) の情報を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02544) を追加	Feb. 17, 2018, 10:37 a.m.