suse · CVE-2007-2442

Quick triage

Priority: critical Published: 2021-05-30 12:38:49 UTC Updated: 2026-04-18 20:34:18 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2007-2442 severity critical: SUSE including 56 source package names (krb5-1.19.2-2.2, krb5-1.20.1-4.11, …), 59 product×package rows across 9 product lines (SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2, … (9 product lines)): Fixed 59.

Description:

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

cvelogic Threat Intelligence