CVE-2007-5939

Heimdal 0.7.2 - Use-After-Free in gss_userok Function

Title source: llm
STIX 2.1

Description

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019057
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/44750
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26758
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=199207
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:239
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119704362903699&w=2

Scores

EPSS 0.0380
EPSS Percentile 88.8%

Details

CWE
CWE-119
Status published
Products (1)
heimdal/heimdal 0.7.2
Published Dec 06, 2007
Tracked Since Feb 18, 2026