An unauthenticated attacker can cause krb5_recvauth() function to free a block of memory twice, possibly leading to arbitrary code execution.
Kerberos is a network authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions.
MIT krb5 Security Advisory 2005-003 issued 2005 July 12, available from
An unauthenticated attacker may be able to execute arbitrary code in the context of a program calling krb5_recvauth(). This includes the kpropd program which typically runs on slave Key Distribution Center (KDC) hosts, potentially leading to compromise of an entire Kerberos realm. For more information please see the MIT krb5 Security Advisory 2005-003.
Apply patches available from your vendor. Details of the patch are also available from
MiT Kerberos Development Team Affected
Red Hat Inc. Affected
Sun Microsystems Inc. Affected
Check Point Not Affected
F5 Networks Not Affected
Force10 Networks Inc. Not Affected
Hitachi Not Affected
Juniper Networks Not Affected
Microsoft Corporation Not Affected
Netfilter Not Affected
WatchGuard Not Affected
Apple Computer Inc. Unknown
Cray Inc. Unknown
EMC Corporation Unknown
Ingrian Networks Unknown
KTH Kerberos Unknown
Mandriva Inc. Unknown
MontaVista Software Unknown
NEC Corporation Unknown
Openwall GNU/*/Linux Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Wind River Systems Unknown
This vulnerability was reported by the MIT Kerberos Development Team. The MIT Kerberos Development Team thanks Magnus Hagander for reporting this vulnerability.
This document was written by Robert Mead based on information in the MIT krb5 Security Advisory 2005-003.
|Date First Published:||2005-07-13|
|Date Last Updated:||2005-08-08 19:18 UTC|