Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2011-0285

Опубликовано: 15 апр. 2011
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 10

Описание

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

РелизСтатусПримечание
dapper

not-affected

code not present
devel

released

1.8.3+dfsg-5ubuntu2.1
hardy

not-affected

code not present
karmic

released

1.7dfsg~beta3-1ubuntu0.13
lucid

released

1.8.1+dfsg-2ubuntu0.9
maverick

released

1.8.1+dfsg-5ubuntu0.7
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 98%
0.51658
Средний

10 Critical

CVSS2

Связанные уязвимости

redhat логотип

CVE-2011-0285

redhat
около 14 лет назад

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

nvd логотип

CVE-2011-0285

nvd
около 14 лет назад

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

debian логотип

CVE-2011-0285

debian
около 14 лет назад

The process_chpw_request function in schpw.c in the password-changing ...

github логотип

GHSA-rh86-pqp5-j43v

github
около 3 лет назад

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

oracle-oval логотип

ELSA-2011-0447

oracle-oval
около 14 лет назад

ELSA-2011-0447: krb5 security update (MODERATE)

EPSS

Процентиль: 98%
0.51658
Средний

10 Critical

CVSS2