The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) prior to 1.6.4 allows remote malicious users to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mit kerberos 5 |
||
fedoraproject fedora 10 |
||
fedoraproject fedora 9 |
||
canonical ubuntu linux 7.10 |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 6.06 |
||
apple mac os x |
||
redhat enterprise linux 4.0 |
||
redhat enterprise linux desktop 3.0 |
||
redhat enterprise linux desktop 4.0 |
||
redhat enterprise linux eus 4.7 |
||
redhat enterprise linux server 4.0 |
||
redhat enterprise linux workstation 4.0 |
||
redhat enterprise linux workstation 3.0 |
||
redhat enterprise linux server 3.0 |
||
redhat enterprise linux server 2.0 |
||
redhat enterprise linux workstation 2.0 |