CVE-2007-5894

Publication date 6 December 2007

Last updated 24 July 2024

Ubuntu priority

** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
krb5	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored

Notes

kees

upstream does not feel this is a security issue

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
krb5	Upstream: http://src.mit.edu/fisheye/browse/krb5/trunk/src/appl/gssftp/ftpd/ftpd.c?r1=19653&r2=20182

References

Other references

https://www.cve.org/CVERecord?id=CVE-2007-5894