Veracode Vulnerability DatabaseVERACODE:23976Use-after-Free
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
Kerberos is vulnerable to use-after-free flaw. It was discovered in the MIT Kerberos administration daemon, kadmind. A remote, authenticated attacker could use this flaw to crash the kadmind daemon. Administrative privileges are not required to trigger this flaw, as any realm user can request information about their own principal from kadmind.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052
krbdev.mit.edu/rt/Ticket/Display.html?id=5998
lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html
lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
secunia.com/advisories/39264
secunia.com/advisories/39290
secunia.com/advisories/39315
secunia.com/advisories/39324
secunia.com/advisories/39367
securitytracker.com/id?1023821
ubuntu.com/usn/usn-924-1
web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
www.debian.org/security/2010/dsa-2031
www.mandriva.com/security/advisories?name=MDVSA-2010:071
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0343.html
www.securityfocus.com/archive/1/510566/100/0/threaded
www.securityfocus.com/bid/39247
www.vupen.com/english/advisories/2010/0876
access.redhat.com/errata/RHSA-2010:0343
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489
Related
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P