Bug 245547 (CVE-2007-2442)
Summary: | CVE-2007-2442 krb5 RPC library unitialized pointer free | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mark J. Cox <mjc> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-02-26 15:15:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 239073, 245544 | ||
Bug Blocks: |
Description
Mark J. Cox
2007-06-25 11:37:15 UTC
For Red Hat Enterprise Linux 4 and 5, glibc contains checks that prevent this issue from being exploitable. Therefore this is a denial of service issue and is impact important. For Red Hat Enterprise Linux 2.1 and 3, this issue is potentially exploitable and could result in arbitrary code execution. Therefore this is is impact critical. Lifting embargo: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-004.txt This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0384.html http://rhn.redhat.com/errata/RHSA-2007-0562.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-0740 |