[heimdal] [CVE-2007-5939] possible remote vulnerability of unknown impact via an invalid username
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
heimdal (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: heimdal-dev
References:
[1] MDKSA-2007:239 (http://
[2] CVE-2007-5939 (http://
Quoting [1]:
"It was found that the gss_userok() function in Heimdal 0.7.2 did not allocate memory for the ticketfile pointer before calling free(), which could possibly allow remote attackers to have an unknown impact via an invalid username. It is uncertain whether or not this is exploitable, however packages are being provided regardless."
Quoting [2]:
"The gss_userok function in appl/ftp/
Version in Hardy not affected.