CVE-2007-5939
| Name | CVE-2007-5939 |
| Source | CVE (at NVD; RH) |
| Description | The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect. |
| NVD severity | high (attack range: remote) |
| Debian/oldstable | not vulnerable. |
| Debian/stable | not vulnerable. |
| Debian/testing | not vulnerable. |
| Debian/unstable | not vulnerable. |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| heimdal (PTS) | lenny | 1.2.dfsg.1-2.1 | fixed |
| lenny (security) | 1.2.dfsg.1-2.1+lenny1 | fixed |
| squeeze, squeeze (security) | 1.4.0~git20100726.dfsg.1-2+squeeze1 | fixed |
| wheezy, sid | 1.5.dfsg.1-3 | fixed |
The information above is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| heimdal | source | (unstable) | (not affected) | | | |
Notes
- heimdal <not-affected> (vulnerable code not present, ticketfile is just unlinked which is ok)
Home - Testing Security Team - Debian Security - Imprint