CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.2%
The KDC in releases krb5-1.7 and later are vulnerable to a double-free vulnerability if they are configured to respond to PKINIT requests.
The MIT krb5 Security Advisory 2011-003 states:
“The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult).”
An unauthenticated remote attacker can induce a double-free event, causing the KDC daemon to crash (denial of service), or to execute arbitrary code.
Apply a Patch
Upcoming releases in the krb5-1.7, krb5-1.8, and krb5-1.9 series will contain fixes. In the meantime, apply the following patch:`
``diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 46b5fa1…464cb6e 100644
943220
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: March 15, 2011 Updated: March 09, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 29, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 29, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was discovered by Cameron Meadors of Red Hat.
This document was written by Jared Allar.
CVE IDs: | CVE-2011-0284 |
---|---|
Date Public: | 2011-03-15 Date First Published: |