KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mit kerberos 5 |
||
debian debian linux 3.1 |
||
debian debian linux 4.0 |
||
canonical ubuntu linux 7.04 |
||
canonical ubuntu linux 7.10 |
||
canonical ubuntu linux 6.10 |
||
canonical ubuntu linux 6.06 |
||
fedoraproject fedora 8 |
||
fedoraproject fedora 7 |