Launchpad CVE tracker

CVE 2007-5939

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.

Related bugs and status

CVE-2007-5939 (Candidate) is related to these bugs:

Bug #174615: [heimdal] [CVE-2007-5939] possible remote vulnerability of unknown impact via an invalid username

		In	Importance	Status
174615	[heimdal] [CVE-2007-5939] possible remote vulnerability of unknown impact via an invalid username	heimdal (Ubuntu)	Undecided	Fix Released
174615	[heimdal] [CVE-2007-5939] possible remote vulnerability of unknown impact via an invalid username	heimdal (Ubuntu Edgy)	Undecided	Won't Fix
174615	[heimdal] [CVE-2007-5939] possible remote vulnerability of unknown impact via an invalid username	heimdal (Ubuntu Feisty)	Undecided	Won't Fix
174615	[heimdal] [CVE-2007-5939] possible remote vulnerability of unknown impact via an invalid username	heimdal (Ubuntu Gutsy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.gentoo.org...
MANDRIVA: MDKSA-2007:239
BID: 26758
SECTRACK: 1019057
OSVDB: 44750
FULLDISC: 20071207 Heimdal ftpd ...

Launchpad.net

CVE 2007-5939

Related bugs and status

Related bugs

References