Skip to main content

MIT Kerberos KDC "process_tgs_req()" Double Free Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 22 Apr 2010 5414 Views

RISK: Medium Risk

A vulnerability has been identified in MIT Kerberos, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a double free error within the "process_tgs_req()" function when handling renewal or validation of existing tickets, which could allow attackers to crash an affected server or execute arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • MIT Kerberos version krb5-1.7 and later

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to krb5-1.8.2 or apply patch :
http://web.mit.edu/kerberos/advisories/2010-004-patch.txt


Vulnerability Identifier


Source