The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote malicious users to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
heimdal heimdal 0.7.2 |