CVE-2007-5972

NameCVE-2007-5972
DescriptionDouble free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs454974

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
krb5 (PTS)bullseye1.18.3-6+deb11u5fixed
bullseye (security)1.18.3-6+deb11u7fixed
bookworm1.20.1-2+deb12u4fixed
bookworm (security)1.20.1-2+deb12u2fixed
forky, sid, trixie1.21.3-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
krb5source(unstable)1.6.dfsg.4~beta1-1unimportant454974

Notes

potential attackers must have privileges to store the krb5kdc master key
http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
Search for package or bug name: Reporting problems