FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- double-free vulnerabilities

Affected packages
krb5 <= 1.3.4_1

Details

VuXML ID 86a98b57-fb8e-11d8-9343-000a95bc6fae
Discovery 2004-08-31
Entry 2004-08-31

An advisory published by the MIT Kerberos team says:

The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable.

Double-free vulnerabilities of this type are not believed to be exploitable for code execution on FreeBSD systems. However, the potential for other ill effects may exist.

References

CERT/CC Vulnerability Note 350792
CERT/CC Vulnerability Note 795632
CERT/CC Vulnerability Note 866472
CVE Name CVE-2004-0642
CVE Name CVE-2004-0643
CVE Name CVE-2004-0772
URL http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt