First published: Tue Oct 16 2007(Updated: )
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SUSE Linux | =10-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-5471 is classified as a denial of service vulnerability.
To fix CVE-2007-5471, you should upgrade to a version of libgssapi that is 0.6-13.7 or later.
CVE-2007-5471 primarily affects SUSE Linux Enterprise Server 10 SP1 with the ISC BIND named daemon.
CVE-2007-5471 is exploited through a GSS-TSIG request which triggers an initialization error leading to a daemon exit.
CVE-2007-5471 is considered a remote vulnerability as it allows attackers to disrupt operations from a distance.