Unrated severityNVD Advisory· Published Dec 6, 2007· Updated Apr 23, 2026

CVE-2007-5939

Description

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.

Affected products

Heimdal/Heimdal
cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.gentoo.org/show_bug.cginvd
marc.infonvd
osvdb.org/44750nvd
securitytracker.com/idnvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/bid/26758nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000