FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- KDC double free vulnerability

Affected packages
1.7 <= krb5 < 1.7.2
1.8 <= krb5 < 1.8.2

Details

VuXML ID 86b8b655-4d1a-11df-83fb-0015587e2cc1
Discovery 2010-04-20
Entry 2010-04-21

The MIT Kerberos team reports:

An authenticated remote attacker can crash the KDC by inducing the KDC to perform a double free. Under some circumstances on some platforms, this could also allow malicious code execution.

References

CVE Name CVE-2010-1320
URL http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt