search menu icon-carat-right cmu-wordmark

CERT Coordination Center

MIT Kerberos 5 GSS-API library double-free vulnerability

Vulnerability Note VU#419344

Original Release Date: 2007-04-03 | Last Revised: 2007-04-23

Overview

The GSS-API library provided with MIT krb5 contains a vulnerability that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service.

Description

A vulnerability in the way the GSS-API library provided with MIT krb5 handles messages with an invalid direction encoding may result in a double free. According to MIT krb5 Security Advisory MITKRB5-SA-2007-003:

The kg_unseal_v1() function in src/lib/gssapi/krb5/k5unseal.c frees memory allocated for the "message_buffer" gss_buffer_t when it detects an invalid direction encoding on the message. It does not set the pointer to NULL, nor does it set the length to zero. An application subsequently calling gss_release_buffer() on this gss_buffer_t will cause memory to be freed twice.

Much code provided with MIT krb5 does not attempt to call gss_release_buffer() when gss_unseal() or gss_unwrap() fails, even though the GSS-API C-bindings specification permits it to do so. The RPCSEC_GSS authentication flavor for the RPC library, introduced in krb5-1.4, does call gss_release_buffer() when gss_unwrap() fails. This allows an authenticated attacker to trigger a double-free situation.

Note that this issue affects all releases of MIT krb5 up to and including krb5-1.6. Other server applications that utilize the RPC library or the MIT GSS-API library provided with MIT krb5 may also be affected.

This vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system.

Impact

A remote, authenticated user may be able to execute arbitrary code on an affected system or cause the affected program to crash, resulting in a denial of service. Secondary impacts of code execution include complete compromise of the Kerberos key database.

Solution

Apply Patch
A patch can be obtained from MIT krb5 Security Advisory MITKRB5-SA-2007-003. MIT also states that this will be addressed in the upcoming krb5-1.6.1 release.

Vendor Information

419344
 
Affected   Unknown   Unaffected

Apple Computer, Inc.

Notified:  April 04, 2007 Updated:  April 20, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Apple Security Update 2007-004.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MIT Kerberos Development Team

Updated:  April 03, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to MITKRB5-SA-2007-003.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc.

Notified:  April 04, 2007 Updated:  April 05, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to MDKSA-2007:077.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc.

Updated:  April 02, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to RHSA-2007-0095.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Notified:  April 04, 2007 Updated:  April 05, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to SUSE-SA:2007:025.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux

Notified:  April 04, 2007 Updated:  April 06, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Trustix Secure Linux Security Advisory #2007-0012.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

rPath

Updated:  April 05, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to rPSA-2007-0063-1.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems, Inc.

Updated:  April 02, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi

Updated:  April 02, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation

Notified:  April 04, 2007 Updated:  April 06, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  March 21, 2007 Updated:  April 04, 2007

Status

  Not Vulnerable

Vendor Statement

Openwall GNU/*/Linux is not vulnerable. We don't provide Kerberos.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Symantec, Inc.

Notified:  April 04, 2007 Updated:  April 05, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

3com, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

AT&T

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Alcatel

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avaya, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avici Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Borderware Technologies

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Charlotte's Web Networks

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Check Point Software Technologies

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Chiaro Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Clavister

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Data Connection, Ltd.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation)

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ericsson

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Extreme Networks

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fortinet, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Foundry Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Global Technology Associates

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hyperchip

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IP Filter

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intel Corporation

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Security Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

KTH Kerberos Team

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Linksys (A division of Cisco Systems)

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lucent Technologies

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Luminous Networks

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multinet (owned Process Software Corporation)

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multitech, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Network Appliance, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NextHop Technologies, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nortel Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Redback Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Riverstone Networks, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secure Computing Network Security Division

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secureworx, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sony Corporation

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Stonesoft

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Watchguard Technologies, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

ZyXEL

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

eSoft, Inc.

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter

Notified:  April 04, 2007 Updated:  April 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 80 vendors View less vendors


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This issue is addressed in MIT krb5 Security Advisory MITKRB5-SA-2007-003

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2007-1216
Severity Metric: 17.85
Date Public: 2007-04-03
Date First Published: 2007-04-03
Date Last Updated: 2007-04-23 19:26 UTC
Document Revision: 43

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.