CVE Vulnerabilities

CVE-2011-0284

Published: Mar 20, 2011 | Modified: Jan 21, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.6 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.

Affected Software

Name Vendor Start Version End Version
Kerberos_5 Mit 1.7 1.7
Kerberos_5 Mit 1.7.1 1.7.1
Kerberos_5 Mit 1.8 1.8
Kerberos_5 Mit 1.8.1 1.8.1
Kerberos_5 Mit 1.8.2 1.8.2
Kerberos_5 Mit 1.8.3 1.8.3
Kerberos_5 Mit 1.9 1.9

References