CVE-2007-5902

Publication date 5 December 2007

Last updated 24 July 2024


Ubuntu priority

Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.

Read the notes from the security team

Status

Package Ubuntu Release Status
krb5 10.04 LTS lucid
Not affected
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Fixed 1.6.dfsg.3~beta1-2ubuntu1.4
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper
Fixed 1.4.3-5ubuntu0.11

Notes


kees

upstream does not feel this is a security issue

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
krb5

References

Related Ubuntu Security Notices (USN)

    • USN-924-1
    • Kerberos vulnerabilities
    • 7 April 2010
    • USN-940-1
    • Kerberos vulnerabilities
    • 19 May 2010

Other references