CVE-2011-0284

2011-03-1500:00:00

ubuntu.com

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.356 Low

EPSS

Percentile

97.1%

JSON

Double free vulnerability in the prepare_error_as function in do_as_req.c
in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7
through 1.9, when the PKINIT feature is enabled, allows remote attackers to
cause a denial of service (daemon crash) or possibly execute arbitrary code
via an e_data field containing typed data.

Notes

Author	Note
sbeattie	CRD Tuesday, 15 March 2011, at 14:00 US/Eastern time

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchkrb5< 1.7dfsg~beta3-1ubuntu0.12UNKNOWN
ubuntu10.04noarchkrb5< 1.8.1+dfsg-2ubuntu0.8UNKNOWN
ubuntu10.10noarchkrb5< 1.8.1+dfsg-5ubuntu0.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.10	noarch	krb5	< 1.7dfsg~beta3-1ubuntu0.12	UNKNOWN
ubuntu	10.04	noarch	krb5	< 1.8.1+dfsg-2ubuntu0.8	UNKNOWN
ubuntu	10.10	noarch	krb5	< 1.8.1+dfsg-5ubuntu0.6	UNKNOWN