Vulnerability Note VU#943220
MIT KDC vulnerable to double-free when PKINIT enabled
The KDC in releases krb5-1.7 and later are vulnerable to a double-free vulnerability if they are configured to respond to PKINIT requests.
The MIT krb5 Security Advisory 2011-003 states:
"The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult)."
An unauthenticated remote attacker can induce a double-free event, causing the KDC daemon to crash (denial of service), or to execute arbitrary code.
Apply a Patch
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|MIT Kerberos Development Team||Affected||15 Mar 2011||09 Mar 2011|
|Red Hat, Inc.||Affected||-||29 Mar 2011|
|Ubuntu||Affected||-||29 Mar 2011|
CVSS Metrics (Learn More)
This issue was discovered by Cameron Meadors of Red Hat.
This document was written by Jared Allar.
- CVE IDs: CVE-2011-0284
- Date Public: 15 Mar 2011
- Date First Published: 15 Mar 2011
- Date Last Updated: 29 Mar 2011
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.