Vulnerability Note VU#259798
MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to free unallocated memory
An unauthenticated attacker can cause MIT krb5 Key Distribution Center (KDC) to free unallocated memory, possibly leading to arbitrary code execution.
Kerberos is a network authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions.
The MIT krb5 Security Advisory 2005-002 issued 2005 July 12, available from
An unauthenticated attacker may be able to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. An unsuccessful attack against this heap corruption vulnerability may result in a denial of service by crashing the KDC process. According to the MIT krb5 Security Advisory 2005-002 this vulnerability affects the KDC implementation in all MIT krb5 releases supporting TCP client connections to the KDC. This includes krb5-1.3 and later releases, up to and including krb5-1.4.1.
Apply patches available from your vendor. Details of the patch are also available from
If patching can not be performed in a timely manner you could consider disabling TCP support in the KDC to avoid this vulnerability.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Red Hat Inc.||Affected||10 May 2005||11 Jul 2005|
|Sun Microsystems Inc.||Affected||10 May 2005||13 Jul 2005|
|F5 Networks||Not Affected||12 May 2005||17 May 2005|
|Juniper Networks||Not Affected||10 May 2005||21 Jun 2005|
|Microsoft Corporation||Not Affected||10 May 2005||27 May 2005|
|Apple Computer Inc.||Unknown||10 May 2005||10 May 2005|
|Conectiva||Unknown||10 May 2005||10 May 2005|
|Cray Inc.||Unknown||10 May 2005||17 May 2005|
|Debian||Unknown||10 May 2005||17 May 2005|
|EMC Corporation||Unknown||10 May 2005||17 May 2005|
|Engarde||Unknown||10 May 2005||17 May 2005|
|FreeBSD||Unknown||10 May 2005||17 May 2005|
|Fujitsu||Unknown||10 May 2005||17 May 2005|
|Hitachi||Unknown||10 May 2005||17 May 2005|
|HP||Unknown||10 May 2005||17 May 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by the MIT Kerberos Development Team. The MIT Kerberos Development Team thank Daniel Wachdorf for reporting this vulnerability.
This document was written by Robert Mead based on information in the MIT krb5 Security Advisory 2005-002.
- CVE IDs: CAN-2005-1174
- Date Public: 12 Jul 2005
- Date First Published: 13 Jul 2005
- Date Last Updated: 13 Jul 2005
- Severity Metric: 11.48
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.