VanDyke Software Inc. Information for VU#795632
MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free)
- Vendor Information Help Date Notified: 21 Jul 2004
- Statement Date:
- Date Updated: 02 Sep 2004
This vulnerability is not Applicable to VanDyke Software products. VanDyke Software products do not link to any static kerberos libraries. Instead, VanDyke Software products dynamically load shared libraries for GSSAPI related functionality.
Due to the critical nature of this vulnerability in affected versions of MIT Kerberos, those using the GSSAPI authentication method for SSH2 authentication within an MIT Kerberos environment should install the patched version of MIT Kerberos immediately.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.