VanDyke Software Inc. Information for VU#795632

MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free)

Status

Not Affected

Vendor Statement

This vulnerability is not Applicable to VanDyke Software products. VanDyke Software products do not link to any static kerberos libraries. Instead, VanDyke Software products dynamically load shared libraries for GSSAPI related functionality.

Due to the critical nature of this vulnerability in affected versions of MIT Kerberos, those using the GSSAPI authentication method for SSH2 authentication within an MIT Kerberos environment should install the patched version of MIT Kerberos immediately.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.