Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-5471

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Oct, 2007 | 00:00
Updated At-07 Aug, 2024 | 15:31
Rejected At-
Credits

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Oct, 2007 | 00:00
Updated At:07 Aug, 2024 | 15:31
Rejected At:
▼CVE Numbering Authority (CNA)

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html
x_refsource_CONFIRM
http://osvdb.org/40935
vdb-entry
x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/37233
vdb-entry
x_refsource_XF
http://secunia.com/advisories/27189
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/26076
vdb-entry
x_refsource_BID
Hyperlink: https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://osvdb.org/40935
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37233
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/27189
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/26076
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html
x_refsource_CONFIRM
x_transferred
http://osvdb.org/40935
vdb-entry
x_refsource_OSVDB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/37233
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/27189
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/26076
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://osvdb.org/40935
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37233
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/27189
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/26076
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Oct, 2007 | 00:17
Updated At:29 Jul, 2017 | 01:33

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
SUSE
suse
>>suse_linux>>10
cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_server:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-10-23T00:00:00

Not vulnerable. The versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 do not support GSS-TSIG and are not linked with libgssapi library.

References
HyperlinkSourceResource
http://osvdb.org/40935cve@mitre.org
N/A
http://secunia.com/advisories/27189cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/26076cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/37233cve@mitre.org
N/A
https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.htmlcve@mitre.org
Patch
Hyperlink: http://osvdb.org/40935
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/27189
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/26076
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37233
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://secure-support.novell.com/KanisaPlatform/Publishing/936/3665923_f.SAL_Public.html
Source: cve@mitre.org
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2014-3687
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.82% / 82.13%
||
7 Day CHG~0.00%
Published-10 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncSUSERed Hat, Inc.NovellDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-linux_kernelubuntu_linuxenterprise_mrgevergreensuse_linux_enterprise_serverlinux_enterprise_real_time_extensionsuse_linux_enterprise_desktoplinux_enterprise_workstation_extensiondebian_linuxlinuxlinux_enterprise_software_development_kitn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-3673
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-9.80% / 92.66%
||
7 Day CHG~0.00%
Published-10 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linuxlinux_kernelubuntu_linuxenterprise_mrgevergreensuse_linux_enterprise_serverlinux_enterprise_workstation_extensiondebian_linuxlinuxlinux_enterprise_software_development_kitn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4854
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-70.18% / 98.62%
||
7 Day CHG~0.00%
Published-26 Jul, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Action-Not Available
Vendor-n/aNovellFreeBSD FoundationInternet Systems Consortium, Inc.Mandriva (Mandrakesoft)Fedora ProjectSlackwareHP Inc.Red Hat, Inc.SUSEopenSUSE
Product-enterprise_linuxdnsco_bindfreebsdfedoraopensusebindsuse_linuxhp-uxslackware_linuxbusiness_serversuse_linux_enterprise_software_development_kitenterprise_servern/a
CVE-2011-3192
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-92.99% / 99.77%
||
7 Day CHG~0.00%
Published-29 Aug, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.The Apache Software FoundationopenSUSE
Product-ubuntu_linuxopensuselinux_enterprise_software_development_kithttp_serverlinux_enterprise_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-4164
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-2.00% / 82.90%
||
7 Day CHG~0.00%
Published-03 Jan, 2011 | 19:26
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncDebian GNU/LinuxopenSUSE
Product-linux_kernelopensusedebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2010-3432
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-4.32% / 88.47%
||
7 Day CHG~0.00%
Published-20 Nov, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-linux_kernelubuntu_linuxopensusedebian_linuxlinux_enterprise_real_time_extensionn/a
CWE ID-CWE-20
Improper Input Validation
Details not found