Bug 415311 (CVE-2007-5894)
Summary: | CVE-2007-5894 krb5: ftpd - use of uninitialized variables | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | nalin |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5894 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-12-14 09:38:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2007-12-07 08:33:09 UTC
http://marc.info/?l=full-disclosure&m=119743235325151&w=2 MIT say: CVE-2007-5894 http://bugs.gentoo.org/show_bug.cgi?id=199205 This is not a vulnerability, and only a stylistic bug. The alleged vulnerability consists of reading an uninitialized variable, "length", in the reply() function in src/appl/gssftp/ftpd/ftpd.c. 1878 /* Other auth types go here ... */ 1879 if (length >= sizeof(in) / 4 * 3) { 1880 syslog(LOG_ERR, "input to radix_encode too long"); 1881 fputs(in, stdout); 1882 } else if ((kerror = radix_encode(out, in, &length, 0))) { 1883 syslog(LOG_ERR, "Couldn't encode reply (%s)", 1884 radix_error(kerror)); 1885 fputs(in,stdout); The "length" variable is only uninitialized if "auth_type" is neither the "KERBEROS_V4" nor "GSSAPI"; this condition cannot occur in the unmodified source code. While the remote user can set the string in "auth_type", this may only occur by way of the auth_data() function, which will only set "auth_type" if it exactly matches one of the aforementioned two strings. |