CVE-2007-5972 — Vulnetix

Try Vulnetix Request Demo

CVE-2007-5972 PUBLISHED CVSS 8.600000381469727 HIGH

Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.

EPSS 1.92% · 83.2th percentile

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

1.92%

83.2th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
mit	kerberos_5	1.5

Timeline

Dec 6, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

39784 third-party-advisory
USN-940-1 vendor-advisory
SUSE-SR:2008:002 vendor-advisory
26750 vdb
20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972] mailing-list
ADV-2010-1192 vdb
44747 vdb
20071208 MIT Kerberos 5: Multiple vulnerabilities mailing-list
39290 third-party-advisory
USN-924-1 vendor-advisory
28636 third-party-advisory
http://bugs.gentoo.org/show_bug.cgi?id=199211 url
https://issues.rpath.com/browse/RPL-2012 url
https://nvd.nist.gov/vuln/detail/CVE-2007-5972 advisory

Open in Interactive Console →