The KDC in releases krb5-1.7 and later are vulnerable to a double-free vulnerability if they are configured to respond to PKINIT requests.
The MIT krb5 Security Advisory 2011-003 states:
"The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult)."
An unauthenticated remote attacker can induce a double-free event, causing the KDC daemon to crash (denial of service), or to execute arbitrary code.
Apply a Patch
This issue was discovered by Cameron Meadors of Red Hat.
This document was written by Jared Allar.
|Date First Published:||2011-03-15|
|Date Last Updated:||2011-03-29 12:22 UTC|