MIT Kerberos 5 krb524d Double-free Error Condition Code Execution

2004-08-31T00:00:00
ID OSVDB:9409
Type osvdb
Reporter John Hawkinson(), Joseph Galbraith()
Modified 2004-08-31T00:00:00

Description

Vulnerability Description

MIT Kerberos contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is due to a double-free condition inside the Key Distribution Center (KDC) code. Under some circumstances, a KDC host could be compromised by a remote attacker. No further details have been provided.

Solution Description

Upgrade to version 5-1.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

MIT Kerberos contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is due to a double-free condition inside the Key Distribution Center (KDC) code. Under some circumstances, a KDC host could be compromised by a remote attacker. No further details have been provided.

References:

Vendor Specific Advisory URL Security Tracker: 1011106 Secunia Advisory ID:12408 Secunia Advisory ID:12412 Secunia Advisory ID:12503 Secunia Advisory ID:12414 Secunia Advisory ID:12413 Secunia Advisory ID:12411 Secunia Advisory ID:12410 Secunia Advisory ID:12457 Secunia Advisory ID:13612 Related OSVDB ID: 9408 Related OSVDB ID: 9407 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000860 Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-350.html Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:088 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200409-09.xml Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml Other Advisory URL: http://www.debian.org/security/2004/dsa-543 ISS X-Force ID: 17158 CVE-2004-0772