• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MIT Kerberos 5 Multiple Double-Free Vulnerabilities

There are multiple double-free vulnerabilities reported to exist in MIT Kerberos 5.

All vulnerabilities stem from inconsistent memory handling routines in the krb5 library.

These vulnerabilities are exploitable in various ways:
- An attacker can execute arbitrary code in the context of a KDC server process, potentially compromising the entire Kerberos realm.
- An attacker can execute arbitrary code in the context of a krb524d server process, potentially compromising the entire Kerberos realm if it is running on the same computer as a KDC.
- An attacker can execute arbitrary code in the context of various other server processes utilizing the krb5 library.
- An attacker impersonating a KDC or application server may be able to execute arbitrary code in the context of a client process attempting to authenticate.

Versions up to and including 1.3.4 are reported vulnerable.

Update: IBM has reported that IBM Tivoli Access Manager for e-business version 5.1 is vulnerable to CAN-2004-0642 and CAN-2004-0643 when configured for single sign on using SPNEGO authentication.