Heimdal FTPD gss_userok() Free Uninitialized Pointer Memory Corruption Vulnerability

Bugtraq ID:	26758
Class:	Design Error
CVE:	CVE-2007-5939
Remote:	Yes
Local:	No
Published:	Dec 07 2007 12:00AM
Updated:	Dec 07 2007 10:22PM
Credit:	Venustech AD_LAB is credited with the discovery of this vulnerability.
Vulnerable:	MandrakeSoft Corporate Server 4.0 Heimdal Heimdal 0.7.2 Heimdal Heimdal 0.7.1 Heimdal Heimdal 0.7 Heimdal Heimdal 0.6.6 Heimdal Heimdal 0.6.5 Heimdal Heimdal 0.6.4 Heimdal Heimdal 0.6.3 + Gentoo Linux + Gentoo Linux - Ubuntu Ubuntu Linux 5.10 powerpc - Ubuntu Ubuntu Linux 5.10 i386 - Ubuntu Ubuntu Linux 5.10 amd64 - Ubuntu Ubuntu Linux 5.0 4 powerpc - Ubuntu Ubuntu Linux 5.0 4 i386 - Ubuntu Ubuntu Linux 5.0 4 amd64 Heimdal Heimdal 0.6.2 - Ubuntu Ubuntu Linux 4.1 ppc - Ubuntu Ubuntu Linux 4.1 ia64 - Ubuntu Ubuntu Linux 4.1 ia32 Heimdal Heimdal 0.6.1 rc3 Heimdal Heimdal 0.6.1 Heimdal Heimdal 0.6 Heimdal Heimdal 0.5.3 Heimdal Heimdal 0.5.2 Heimdal Heimdal 0.5.1 Heimdal Heimdal 0.5 .0 Heimdal Heimdal 0.4 e + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Heimdal Heimdal 0.4 d Heimdal Heimdal 0.4 c Heimdal Heimdal 0.4 b Heimdal Heimdal 0.4 a Heimdal Heimdal 0.3 f Gentoo app-crypt/heimdal 0.7.2-r3

Not Vulnerable: