CVE-2007-1216
Publication date 6 April 2007
Last updated 24 July 2024
Ubuntu priority
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an “an invalid direction encoding”.
Status
Package | Ubuntu Release | Status |
---|---|---|
krb5 | 7.04 feisty |
Fixed 1.4.4-5ubuntu3.3
|
6.10 edgy |
Fixed 1.4.3-9ubuntu1.5
|
|
6.06 LTS dapper |
Fixed 1.4.3-5ubuntu0.6
|