Описание
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.4.3-5ubuntu0.6 |
| devel | released | 1.6.dfsg.1-7 |
| edgy | released | 1.4.3-9ubuntu1.5 |
| feisty | released | 1.4.4-5ubuntu3.3 |
| upstream | needs-triage |
Показывать по
EPSS
9 Critical
CVSS2
Связанные уязвимости
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5un ...
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
ELSA-2007-0095: Critical: krb5 security update (CRITICAL)
EPSS
9 Critical
CVSS2