First published: Thu Apr 22 2010(Updated: )
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MIT Kerberos 5 | =1.7 | |
MIT Kerberos 5 | =1.7.1 | |
MIT Kerberos 5 | =1.8 | |
MIT Kerberos 5 | =1.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.