• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free Vulnerability

MIT Kerberos 5 is prone to a remote double-free vulnerability. Remote attackers can trigger this issue prior to any authentication whatsoever. The issue exists in the 'revcauth_common()' helper function.

Because of the code path taken in the vulnerable function, exploitation may be hindered. However, attackers may presumably leverage this issue to execute arbitrary code in the context of the affected service.

Note that successful exploitation of this issue on a Kerberos Key Distribution Center (KDC) computer may result in the compromise of an entire Kerberos realm.