Skip to content

Commit 23d9ba6

Browse files
westonsteimeljoshbressers
westonsteimel
and
joshbressers
authored
* Add CVE-2007-5902 Signed-off-by: Josh Bressers <[email protected]> * 1.7 was the upstream release version Signed-off-by: Weston Steimel <[email protected]> --------- Signed-off-by: Josh Bressers <[email protected]> Signed-off-by: Weston Steimel <[email protected]> Co-authored-by: Josh Bressers <[email protected]>
1 parent 2cec954 commit 23d9ba6

File tree

1 file changed

+80
-0
lines changed

1 file changed

+80
-0
lines changed

data/2007/6/ANCHORE-2007-6901.toml

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
[schema]
2+
version = "0.1.0"
3+
4+
[snapshot]
5+
captured = 2025-11-13T16:23:40.512771Z
6+
[[snapshot.cve5]]
7+
id = "CVE-2007-5902"
8+
published = 2007-12-06T02:00:00
9+
reserved = 2007-11-09T00:00:00
10+
updated = 2024-08-07T15:47:00.452000Z
11+
12+
[snapshot.cve5.digest]
13+
xxh128 = "7da07ebe6b92f1b30587cb359bc0561d"
14+
15+
[snapshot.cve5.overview]
16+
urls = ["https://nvd.nist.gov/vuln/detail/CVE-2007-5902"]
17+
cna = "mitre"
18+
description = """Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request."""
19+
references = [
20+
"http://bugs.gentoo.org/show_bug.cgi?id=199214",
21+
"http://osvdb.org/44748",
22+
"http://seclists.org/fulldisclosure/2007/Dec/0176.html",
23+
"http://seclists.org/fulldisclosure/2007/Dec/0321.html",
24+
"http://secunia.com/advisories/28636",
25+
"http://secunia.com/advisories/29457",
26+
"http://secunia.com/advisories/39290",
27+
"http://secunia.com/advisories/39784",
28+
"http://ubuntu.com/usn/usn-924-1",
29+
"http://wiki.rpath.com/Advisories:rPSA-2008-0112",
30+
"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112",
31+
"http://www.novell.com/linux/security/advisories/suse_security_summary_report.html",
32+
"http://www.securityfocus.com/archive/1/489883/100/0/threaded",
33+
"http://www.securityfocus.com/bid/26750",
34+
"http://www.ubuntu.com/usn/USN-940-1",
35+
"http://www.vupen.com/english/advisories/2010/1192",
36+
"https://issues.rpath.com/browse/RPL-2012",
37+
]
38+
[[snapshot.nvd]]
39+
id = "CVE-2007-5902"
40+
published = 2007-12-06T02:46:00
41+
updated = 2025-04-09T00:30:58.490000
42+
43+
[snapshot.nvd.digest]
44+
xxh128 = "d2652b73bf4ca422e975367c15c3f6ab"
45+
46+
[curator]
47+
converted_from_cve5 = true
48+
needs_review = true
49+
50+
[vuln]
51+
id = "ANCHORE-2007-6901"
52+
53+
[[vuln.providers.nvd]]
54+
id = "CVE-2007-5902"
55+
56+
[vuln.providers.nvd.enrichment]
57+
reason = "Add kerberos 5 affected details"
58+
59+
[[vuln.providers.nvd.products.override.cve5]]
60+
61+
vendor = "mit"
62+
product = "krb5"
63+
[[vuln.providers.nvd.products.override.cve5.source]]
64+
url = "https://github.com/krb5/krb5"
65+
[[vuln.providers.nvd.products.override.cve5.cpe]]
66+
vendor = "mit"
67+
product = "kerberos_5"
68+
69+
[[vuln.providers.nvd.products.override.cve5.cpe]]
70+
vendor = "mit"
71+
product = "krb5"
72+
[[vuln.providers.nvd.products.override.cve5.affected]]
73+
[vuln.providers.nvd.products.override.cve5.affected.version]
74+
scheme = "custom"
75+
greater_than_or_equal = "0"
76+
less_than = "1.7"
77+
[[vuln.providers.nvd.products.override.cve5.affected.remediation]]
78+
version = "1.7"
79+
[[vuln.providers.nvd.products.override.cve5.affected.remediation.patch]]
80+
commit = "01b3b9cbb23f8e8790ba0daeac24667c4f9f34ea"

0 commit comments

Comments
 (0)