Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18602
HistoryDec 09, 2007 - 12:00 a.m.

[ MDKSA-2007:239 ] - Updated heimdal packages fix potential vulnerability

2007-12-0900:00:00
vulners.com
11
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2007:239
http://www.mandriva.com/security/

Package : heimdal
Date : December 6, 2007
Affected: Corporate 4.0

Problem Description:

It was found that the gss_userok() function in Heimdal 0.7.2 did not
allocate memory for the ticketfile pointer before calling free(), which
could possibly allow remote attackers to have an unknown impact via an
invalid username. It is uncertain whether or not this is exploitable,
however packages are being provided regardless.

The updated packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5939

Updated Packages:

Corporate 4.0:
be6d53b523a2e480ad3c4ff5c06b3224 corporate/4.0/i586/heimdal-devel-0.7.2-8.1.20060mlcs4.i586.rpm
54bf58397e29abfde02df9136030d9f2 corporate/4.0/i586/heimdal-libs-0.7.2-8.1.20060mlcs4.i586.rpm
fa75b430132836b44f23b381f11a52f3 corporate/4.0/i586/heimdal-server-0.7.2-8.1.20060mlcs4.i586.rpm
f0dffddcb8aa0806c5e2da2f6e8c970e corporate/4.0/i586/heimdal-workstation-0.7.2-8.1.20060mlcs4.i586.rpm
a1f928c65de872d4a289bc74a89a4edd corporate/4.0/SRPMS/heimdal-0.7.2-8.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
f4264a1969969c148229bf5a266f10cb corporate/4.0/x86_64/heimdal-devel-0.7.2-8.1.20060mlcs4.x86_64.rpm
ac602c09873863c130a9b68dacfd26c8 corporate/4.0/x86_64/heimdal-libs-0.7.2-8.1.20060mlcs4.x86_64.rpm
61f2cb03ae15b3fe7e7a5dcab47a9c16 corporate/4.0/x86_64/heimdal-server-0.7.2-8.1.20060mlcs4.x86_64.rpm
9399188193c5d5018878f55328c72b09 corporate/4.0/x86_64/heimdal-workstation-0.7.2-8.1.20060mlcs4.x86_64.rpm
a1f928c65de872d4a289bc74a89a4edd corporate/4.0/SRPMS/heimdal-0.7.2-8.1.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHWHZAmqjQ0CJFipgRAkLhAKDmRqNw/CCl8ZLulSHILtZkjDi03ACeOHty
ikNN/kEekOyzRbj3EkX/C4c=
=9mff
-----END PGP SIGNATURE-----

Related

openvas 2
securityvulns 1
nessus 1
debiancve 1
prion 1
cve 1
ubuntucve 1
openvas
openvas
SLES9: Security update for heimdal
2009-10-10 00:00:00
SLES9: Security update for heimdal
2009-10-10 00:00:00
securityvulns
securityvulns
Heimdal RADIUS server memory corruption
2007-12-09 00:00:00
nessus
nessus
SuSE9 Security Update : heimdal (YOU Patch Number 12015)
2009-09-24 00:00:00
debiancve
debiancve
CVE-2007-5939
2007-12-06 15:46:00
prion
prion
Design/Logic Flaw
2007-12-06 15:46:00
cve
cve
CVE-2007-5939
2007-12-06 15:46:00
ubuntucve
ubuntucve
CVE-2007-5939
2007-12-06 00:00:00
JSON
Related for SECURITYVULNS:DOC:18602
openvas2securityvulns1nessus1debiancve1prion1cve1ubuntucve1