Search for vulnerabilities
Vulnerability details: VCID-qxpb-rbqx-aaak
Vulnerability ID VCID-qxpb-rbqx-aaak
Aliases CVE-2007-5894
Summary ** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code."
Status Disputed
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02245 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02880 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.02880 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03205 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.03580 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.04024 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.04024 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
epss 0.06895 https://api.first.org/data/v1/epss?cve=CVE-2007-5894
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=415311
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2007-5894
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=199205
http://osvdb.org/44333
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5894.json
https://api.first.org/data/v1/epss?cve=CVE-2007-5894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894
http://seclists.org/fulldisclosure/2007/Dec/0176.html
http://seclists.org/fulldisclosure/2007/Dec/0321.html
http://secunia.com/advisories/28636
http://secunia.com/advisories/29457
https://issues.rpath.com/browse/RPL-2012
http://wiki.rpath.com/Advisories:rPSA-2008-0112
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
http://www.securityfocus.com/archive/1/489883/100/0/threaded
http://www.securityfocus.com/bid/26750
415311 https://bugzilla.redhat.com/show_bug.cgi?id=415311
454974 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974
cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
CVE-2007-5894 https://nvd.nist.gov/vuln/detail/CVE-2007-5894
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-5894
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83086
EPSS Score 0.02245
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-09-21T19:41:11.369346+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2007-5894 34.0.1