FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0285

This CVE name corresponds to:

Entered Topic
2011-04-14 krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-0285
Phase Assigned(20110103)

Description

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

References

Source Reference
BUGTRAQ 20110413 MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285]
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
CONFIRM http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
FEDORA FEDORA-2011-5333
MANDRIVA MDVSA-2011:077
REDHAT RHSA-2011:0447
SUSE openSUSE-SU-2011:0348
BID 47310
OSVDB 71789
SECTRACK 1025320
SECUNIA 44125
SECUNIA 44196
SECUNIA 44181
SREASON 8200
VUPEN ADV-2011-0936
VUPEN ADV-2011-0986
VUPEN ADV-2011-0997