MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities

Bugtraq ID:	23282
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-1216
Remote:	Yes
Local:	No
Published:	Apr 03 2007 12:00AM
Updated:	Jun 04 2007 09:40PM
Credit:	SAP AG is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux Appliance Server 2.0 Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 TransSoft Broker FTP Server 8.0 SuSE SUSE Linux Enterprise Server 10 SuSE Suse Linux Enterprise Desktop 10 SuSE Linux 9.3 x86-64 SuSE Linux 9.3 x86 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc SGI ProPack 3.0 SP6 S.u.S.E. openSUSE 10.2 rPath rPath Linux 1 Redhat Linux Advanced Work Station 2.1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Enterprise Linux Desktop version 4 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Pardus Linux 2007.1 MIT Kerberos 5 1.6 MIT Kerberos 5 1.5.1 MIT Kerberos 5 1.5 MIT Kerberos 5 1.4.3 MIT Kerberos 5 1.4.2 MIT Kerberos 5 1.4.1 MIT Kerberos 5 1.4 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.9 Apple Mac OS X 10.3.9

Not Vulnerable:	MIT Kerberos 5 1.6.1