Double Free Vulnerability in MIT Kerberos 5 by MIT
CVE-2004-0772

9.8CRITICAL

Key Information:

Vendor

Mit

Status
Kerberos
Kerberos 5
Vendor
CVE Published:
20 October 2004

What is CVE-2004-0772?

A double free vulnerability exists in the error handling code of krb524d within MIT Kerberos 5 versions 1.2.8 and earlier. This flaw can be exploited by remote attackers to potentially execute arbitrary code, compromising the integrity and security of affected systems. It is crucial for users and administrators of affected versions to apply the relevant patches to mitigate this risk and enhance their overall security posture.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...
vendor-advisoryx_refsource_CONECTIVA
https://exchange.xforce.ibmcloud.com/vulnerabilities/17158
vdb-entryx_refsource_XF
http://www.kb.cert.org/vuls/id/350792
third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.