Debian Woody DSA 543-1 High: KRB5 Remote Code Execution Risk
debian
August 31, 2004
The MIT Kerberos Development Team has discovered a number ofvulnerabilities in the MIT Kerberos Version 5 software
Topics Covered
Summary
The MIT Kerberos Development Team has discovered a number of
vulnerabilities in the MIT Kerberos Version 5 software. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:
CAN-2004-0642 [VU#795632]
A double-free error may allow unauthenticated remote attackers to
execute arbitrary code on KDC or clients.
CAN-2004-0643 [VU#866472]
Several double-free errors may allow authenticated attackers to
execute arbitrary code on Kerberos application servers.
CAN-2004-0644 [VU#550464]
A remotely eploitable denial of service vulnerability has been
found in the KDC and libraries.
CAN-2004-0772 [VU#350792]
Several double-free errors may allow remote attackers to execute
arbitrary code on the server. This does not affect the version in
woody.
For the stable distribution (woody) these problems have been fixed in
version 1.2.4-5woody6.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.4-3.
We recommend that you upgra...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: krb5
CVE ID: CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!