CVE-2007-5471 - OpenCVE

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Suse	Suse Linux

Configuration 1 [-]

cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_server:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/40935
http://secunia.com/advisories/27189
http://www.securityfocus.com/bid/26076
https://exchange.xforce.ibmcloud.com/vulnerabilities/37233
https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-16T00:00:00

Updated: 2024-08-07T15:31:58.546Z

Reserved: 2007-10-15T00:00:00

Link: CVE-2007-5471

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-16T00:17:00.000

Modified: 2017-07-29T01:33:41.630

Link: CVE-2007-5471

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html"}, {"name": "40935", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40935"}, {"name": "libgssapi-bind-suse-gsstsig-dos(37233)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37233"}, {"name": "27189", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27189"}, {"name": "26076", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26076"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5471", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html", "refsource": "CONFIRM", "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html"}, {"name": "40935", "refsource": "OSVDB", "url": "http://osvdb.org/40935"}, {"name": "libgssapi-bind-suse-gsstsig-dos(37233)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37233"}, {"name": "27189", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27189"}, {"name": "26076", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26076"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:31:58.546Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html"}, {"name": "40935", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40935"}, {"name": "libgssapi-bind-suse-gsstsig-dos(37233)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37233"}, {"name": "27189", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27189"}, {"name": "26076", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26076"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5471", "datePublished": "2007-10-16T00:00:00", "dateReserved": "2007-10-15T00:00:00", "dateUpdated": "2024-08-07T15:31:58.546Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_server:*:*:*:*:*", "matchCriteriaId": "26B6132C-4FF0-4359-B0A6-BBA4ED73E1D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration."}, {"lang": "es", "value": "libgssapi versiones anteriores a 0.6-13.7, tal y como se usa en el demonio ISC BIND en SUSE Linux Enterprise Server 10 SP 1, concluye con un error de inicializaci\u00f3n, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (finalizaci\u00f3n de demonio) mediante una petici\u00f3n GSS-TSIG.\r\nNOTA: Este asunto afecta a otros demonios que intentan inicializar esta biblioteca con una configuraci\u00f3n chroot u otra configuraci\u00f3n inv\u00e1lida."}], "id": "CVE-2007-5471", "lastModified": "2017-07-29T01:33:41.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-16T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/40935"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27189"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26076"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37233"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. The versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 do not support GSS-TSIG and are not linked with libgssapi library.", "lastModified": "2007-10-23T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}