250976 – (CVE-2007-4000) CVE-2007-4000 krb5 kadmind uninitialized pointer

Bug 250976 (CVE-2007-4000) - CVE-2007-4000 krb5 kadmind uninitialized pointer

Summary: CVE-2007-4000 krb5 kadmind uninitialized pointer

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-4000
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	250997 250998
Blocks:
TreeView+	depends on / blocked

Reported:	2007-08-06 09:30 UTC by Mark J. Cox
Modified:	2019-09-29 12:20 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-07-25 08:36:10 UTC
Embargoed:

Attachments	(Terms of Use)
proposed patch from MIT (649 bytes, patch) 2007-08-06 09:30 UTC, Mark J. Cox	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0858	0	normal	SHIPPED_LIVE	Important: krb5 security update	2007-09-07 07:27:07 UTC

Description Mark J. Cox 2007-08-06 09:30:47 UTC

MIT notified us of a kadmind uninitialized pointer.  Will be public on 04
September 2007, at 14:00 US/Eastern time.

This issue has not been triaged as it may well affect recent RHEL distributions
with a different severity (flaw type is likely caught by fortify_source)

Comment 1 Mark J. Cox 2007-08-06 09:30:47 UTC

Created attachment 160739 [details]
proposed patch from MIT

Comment 5 Mark J. Cox 2007-09-04 18:11:02 UTC

now public at http://web.mit.edu/Kerberos/advisories/
removing embargo

Comment 6 Red Hat Product Security 2008-07-25 08:36:10 UTC

This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0858.html

Note You need to log in before you can comment on or make changes to this bug.