Sun Microsystems Inc. Information for VU#259798

MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to free unallocated memory



Vendor Statement

Sun is affected by the two Kerberos vulnerabilities described in MIT Advisory MITKRB5-SA-2005-002 and CERT VU#259798 and VU#885830. Sun has published Sun Alert 101809 which is available here:

for these issues.

The Sun Alert is currently unresolved but will be updated once either IDRs or T-patches are available on SunSolve. The Sun Alert will ultimately be updated with the released patch information for the final resolution.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.