Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2011-0284

Published: 20/03/2011 Updated: 21/01/2020
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 676
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Mit

Vulnerability Summary

Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 up to and including 1.9, when the PKINIT feature is enabled, allows remote malicious users to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5 1.7.1

mit kerberos 5 1.8

mit kerberos 5 1.9

mit kerberos 5 1.8.1

mit kerberos 5 1.8.2

mit kerberos 5 1.8.3

mit kerberos 5 1.7

Vendor Advisories

Ubuntu Security Notice: krb5 vulnerability
MIT Kerberos 5 Key Distribution Center (KDC) daemon denial of service vulnerability ...
Debian CVElist Bug Report Logs: krb5: CVE-2011-0284 kdc double-free
Debian Bug report logs - #618517 krb5: CVE-2011-0284 kdc double-free Package: krb5; Maintainer for krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Tue, 15 Mar 2011 20:51:05 UTC Severity: serious Tags: security Found in version 183+dfsg-4 Fixed in versions ...
Debian CVElist Bug Report Logs: krb5: kadmind invalid pointer free
Debian Bug report logs - #622681 krb5: kadmind invalid pointer free Package: krb5-admin-server; Maintainer for krb5-admin-server is Sam Hartman <hartmans@debianorg>; Source for krb5-admin-server is src:krb5 (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Wed, 13 Apr 2011 19:21: ...

References

CWE-399http://www.kb.cert.org/vuls/id/943220http://www.vupen.com/english/advisories/2011/0673http://www.vupen.com/english/advisories/2011/0672http://securitytracker.com/id?1025216http://secunia.com/advisories/43783http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txthttp://www.redhat.com/support/errata/RHSA-2011-0356.htmlhttp://www.securityfocus.com/bid/46881http://www.ubuntu.com/usn/USN-1088-1http://www.vupen.com/english/advisories/2011/0722http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056573.htmlhttp://www.vupen.com/english/advisories/2011/0763http://secunia.com/advisories/43760http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056413.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:048http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056579.htmlhttp://osvdb.org/71183http://secunia.com/advisories/43881http://secunia.com/advisories/43700http://www.vupen.com/english/advisories/2011/0680http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/66101http://www.securityfocus.com/archive/1/517029/100/0/threadedhttps://usn.ubuntu.com/1088-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/943220
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook