JVN/CVE Demo: Cveinfos

CVE

Id: 24573
CVE No.: CVE-2007-1216
Status: Candidate
Description: Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Phase: Assigned (20070302)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
242277	24573	CVE-2007-1216	BUGTRAQ:20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation	View
242278	24573	CVE-2007-1216	URL:http://www.securityfocus.com/archive/1/archive/1/464666/100/0/threaded	View
242279	24573	CVE-2007-1216	BUGTRAQ:20070403 MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216]	View
242280	24573	CVE-2007-1216	URL:http://www.securityfocus.com/archive/1/archive/1/464591/100/0/threaded	View
242281	24573	CVE-2007-1216	BUGTRAQ:20070405 FLEA-2007-0008-1: krb5	View
242282	24573	CVE-2007-1216	URL:http://www.securityfocus.com/archive/1/archive/1/464814/30/7170/threaded	View
242283	24573	CVE-2007-1216	CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt	View
242284	24573	CVE-2007-1216	CONFIRM:http://docs.info.apple.com/article.html?artnum=305391	View
242285	24573	CVE-2007-1216	APPLE:APPLE-SA-2007-04-19	View
242286	24573	CVE-2007-1216	URL:http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html	View
242287	24573	CVE-2007-1216	DEBIAN:DSA-1276	View
242288	24573	CVE-2007-1216	URL:http://www.debian.org/security/2007/dsa-1276	View
242289	24573	CVE-2007-1216	GENTOO:GLSA-200704-02	View
242290	24573	CVE-2007-1216	URL:http://security.gentoo.org/glsa/glsa-200704-02.xml	View
242291	24573	CVE-2007-1216	HP:HPSBUX02217	View
242292	24573	CVE-2007-1216	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056923	View
242293	24573	CVE-2007-1216	HP:SSRT071337	View
242294	24573	CVE-2007-1216	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056923	View
242295	24573	CVE-2007-1216	MANDRIVA:MDKSA-2007:077	View
242296	24573	CVE-2007-1216	URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:077	View
242297	24573	CVE-2007-1216	REDHAT:RHSA-2007:0095	View
242298	24573	CVE-2007-1216	URL:http://www.redhat.com/support/errata/RHSA-2007-0095.html	View
242299	24573	CVE-2007-1216	SGI:20070401-01-P	View
242300	24573	CVE-2007-1216	URL:ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc	View
242301	24573	CVE-2007-1216	SUSE:SUSE-SA:2007:025	View
242302	24573	CVE-2007-1216	URL:http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html	View
242303	24573	CVE-2007-1216	UBUNTU:USN-449-1	View
242304	24573	CVE-2007-1216	URL:http://www.ubuntu.com/usn/usn-449-1	View
242305	24573	CVE-2007-1216	CERT:TA07-093B	View
242306	24573	CVE-2007-1216	URL:http://www.us-cert.gov/cas/techalerts/TA07-093B.html	View
242307	24573	CVE-2007-1216	CERT:TA07-109A	View
242308	24573	CVE-2007-1216	URL:http://www.us-cert.gov/cas/techalerts/TA07-109A.html	View
242309	24573	CVE-2007-1216	CERT-VN:VU#419344	View
242310	24573	CVE-2007-1216	URL:http://www.kb.cert.org/vuls/id/419344	View
242311	24573	CVE-2007-1216	BID:23282	View
242312	24573	CVE-2007-1216	URL:http://www.securityfocus.com/bid/23282	View
242313	24573	CVE-2007-1216	OVAL:oval:org.mitre.oval:def:11135	View
242314	24573	CVE-2007-1216	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11135	View
242315	24573	CVE-2007-1216	VUPEN:ADV-2007-1218	View
242316	24573	CVE-2007-1216	URL:http://www.vupen.com/english/advisories/2007/1218	View
242317	24573	CVE-2007-1216	VUPEN:ADV-2007-1470	View
242318	24573	CVE-2007-1216	URL:http://www.vupen.com/english/advisories/2007/1470	View
242319	24573	CVE-2007-1216	VUPEN:ADV-2007-1916	View
242320	24573	CVE-2007-1216	URL:http://www.vupen.com/english/advisories/2007/1916	View
242321	24573	CVE-2007-1216	SECTRACK:1017852	View
242322	24573	CVE-2007-1216	URL:http://www.securitytracker.com/id?1017852	View
242323	24573	CVE-2007-1216	SECUNIA:24706	View
242324	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24706	View
242325	24573	CVE-2007-1216	SECUNIA:24736	View
242326	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24736	View
242327	24573	CVE-2007-1216	SECUNIA:24757	View
242328	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24757	View
242329	24573	CVE-2007-1216	SECUNIA:24740	View
242330	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24740	View
242331	24573	CVE-2007-1216	SECUNIA:24750	View
242332	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24750	View
242333	24573	CVE-2007-1216	SECUNIA:24785	View
242334	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24785	View
242335	24573	CVE-2007-1216	SECUNIA:24786	View
242336	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24786	View
242337	24573	CVE-2007-1216	SECUNIA:24817	View
242338	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24817	View
242339	24573	CVE-2007-1216	SECUNIA:24735	View
242340	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24735	View
242341	24573	CVE-2007-1216	SECUNIA:24966	View
242342	24573	CVE-2007-1216	URL:http://secunia.com/advisories/24966	View
242343	24573	CVE-2007-1216	SECUNIA:25388	View
242344	24573	CVE-2007-1216	URL:http://secunia.com/advisories/25388	View
242345	24573	CVE-2007-1216	XF:kerberos-kadmind-code-execution(33413)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
52019	JVNDB-2007-000682	tcpdump の 802.11 プリンタコードにおけるひとつずれによるバッファオーバーフローの脆弱性	tcpdump には 802.11 プリンタコード (print-802_11.c) の parse_elements() 関数に、一つずれ (off-by-one) によるヒープオーバーフローの脆弱性が存在します。	CVE-2007-1218	24573	10		http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000682.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.37 MB
View render complete	2.88 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	3.17
Event: Controller.initialize	0.02
Event: Controller.startup	0.07
Controller action	456.29
Event: Controller.beforeRender	4.69
» Processing toolbar data	4.59
Rendering View	20.03
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	18.91
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.65
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.13
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/24573
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/24573
Remote Port	22102
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.99
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.3.91.204
Http Via	1.1 squid-proxy-5b5d847c96-bg2d9 (squid/6.13)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.99
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.99
Unique Id	aSGQKZTY6jGeZ8k-rBFjUQAAAyE
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.99
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.99
Redirect Unique Id	aSGQKZTY6jGeZ8k-rBFjUQAAAyE
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.99
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.99
Redirect Redirect Unique Id	aSGQKZTY6jGeZ8k-rBFjUQAAAyE
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1763807273.3139
Request Time	1763807273

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files