Heimdal FTPD gss_userok() Free Uninitialized Pointer Memory Corruption Vulnerability

Heimdal FTPD gss_userok() Free Uninitialized Pointer Memory Corruption Vulnerability

Heimdal is prone to a memory-corruption vulnerability because it performs a 'free()' call on an uninitialized pointer.

This issue affects the application's FTP daemon.

The implications of this issue are currently unknown. Arbitrary code execution or denial-of-service attacks may be possible. We will update this BID as more information emerges.

Heimdal 0.7.2 and prior versions are vulnerable.