MIT Kerberos 5 Double-free Error Condition Code Execution

2004-08-31T00:00:00
ID OSVDB:9407
Type osvdb
Reporter Will Fiveash(), Nico Williams()
Modified 2004-08-31T00:00:00

Description

Vulnerability Description

MIT Kerberos 5 contains a flaw related to a double free in the KDC ASN.1 error handling code that may allow an attacker to run privileged code of the attackers choosing. MIT note that no published means of exploiting a double free is known, impying that a real world exploit would be difficult at best. Should this feat be achieved, a complete Kerberos realm could be compromised.

Solution Description

Upgrade to version 1.3.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as the fix is complex and affects library code as well as executables.

Short Description

MIT Kerberos 5 contains a flaw related to a double free in the KDC ASN.1 error handling code that may allow an attacker to run privileged code of the attackers choosing. MIT note that no published means of exploiting a double free is known, impying that a real world exploit would be difficult at best. Should this feat be achieved, a complete Kerberos realm could be compromised.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011106 Secunia Advisory ID:12408 Secunia Advisory ID:12412 Secunia Advisory ID:12503 Secunia Advisory ID:12694 Secunia Advisory ID:12414 Secunia Advisory ID:12413 Secunia Advisory ID:12411 Secunia Advisory ID:12410 Secunia Advisory ID:12457 Secunia Advisory ID:13612 Related OSVDB ID: 9408 Related OSVDB ID: 9409 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000860 Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-350.html Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:088 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200409-09.xml Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml Other Advisory URL: http://www.debian.org/security/2004/dsa-543 CVE-2004-0642 CERT VU: 795632