A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code.
The MIT krb 5 administration daemon contains a vulnerability that may allow an attacker to execute arbitary code. According to MIT krb5 Security Advisory 2006-003:
This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation.
A remote, unauthenticated attacker may be able to execute arbitrary code resulting in the compromise of the Kerberos key database or cause a denial of service.
This issue is addressed in MIT krb5 Security Advisory 2006-003.
This document was written by Chris Taschner.
|Date First Published:||2007-01-09|
|Date Last Updated:||2007-05-10 14:26 UTC|