Threat Encyclopedia

MIT.Kerberos.5.KRB5_Recvauth.Double.Free

description-logoDescription

This indicates a possible exploit of a vulnerability in MIT Kerberos.
This vulnerability is caused by a double-free error in the "krb5_recvauth()" function. A remote attacker may exploit this to execute arbitrary code.

affected-products-logoAffected Products

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Sun Solaris 10.0 _x86
Sun Solaris 9.0 _x86 Update 2
Sun Solaris 9.0 _x86
Sun Solaris 9.0
Sun Solaris 8.0 _x86
Sun Solaris 8.0
Sun Solaris 10
Sun SEAM 1.0
SGI ProPack 3.0 SP6
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
RedHat Fedora Core4
RedHat Fedora Core3
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
MIT Kerberos 5 5.0 -1.4.1
MIT Kerberos 5 5.0 -1.4
MIT Kerberos 5 5.0 -1.3.6
MIT Kerberos 5 5.0 -1.3.5
MIT Kerberos 5 5.0 -1.3.4
MIT Kerberos 5 5.0 -1.3.3
MIT Kerberos 5 5.0 -1.2beta2
MIT Kerberos 5 5.0 -1.2beta1
MIT Kerberos 5 5.0 -1.1.1
MIT Kerberos 5 5.0 -1.1
MIT Kerberos 5 5.0 -1.0.x
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 10.2 x86_64
MandrakeSoft Linux Mandrake 10.2
MandrakeSoft Linux Mandrake 10.1 x86_64
MandrakeSoft Linux Mandrake 10.1
MandrakeSoft Linux Mandrake 10.0 AMD64
MandrakeSoft Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Conectiva Linux 9.0
Apple Mac OS X Server 10.4.2
Apple Mac OS X 10.4.2

Impact

System Compromise

recomended-action-logoRecommended Actions

The vendor has released patches to address this issue.

CVE References

CVE-2005-1689