{"vuid":"VU#623332","idnumber":"623332","name":"MIT Kerberos 5 contains double free vulnerability in \"krb5_recvauth()\" function","keywords":["MIT Kerberos 5","arbitrary code execution","double free","krb5_recvauth()"],"overview":"An unauthenticated attacker can cause krb5_recvauth() function to free a block of memory twice, possibly leading to arbitrary code execution.","clean_desc":"Kerberos is a network authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions. MIT krb5 Security Advisory 2005-003 issued 2005 July 12, available from \n states: The krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code. Exploitation of this vulnerability on a Kerberos Key Distribution Center (KDC) host can result in compromise of an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of double-free vulnerabilities is believed to be difficult.","impact":"An unauthenticated attacker may be able to execute arbitrary code in the context of a program calling krb5_recvauth(). This includes the kpropd program which typically runs on slave Key Distribution Center (KDC) hosts, potentially leading to compromise of an entire Kerberos realm. For more information please see the MIT krb5 Security Advisory 2005-003.","resolution":"Apply patches available from your vendor. Details of the patch are also available from http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by the MIT Kerberos Development Team. The MIT Kerberos Development Team thanks Magnus Hagander for reporting this vulnerability.","author":"This document was written by Robert Mead based on information in the MIT krb5 Security Advisory 2005-003.","public":["h","t","t","p",":","/","/","w","e","b",".","m","i","t",".","e","d","u","/","k","e","r","b","e","r","o","s","/","w","w","w","/","a","d","v","i","s","o","r","i","e","s","/","M","I","T","K","R","B","5","-","S","A","-","2","0","0","5","-","0","0","3","-","r","e","c","v","a","u","t","h",".","t","x","t"],"cveids":["CVE-2005-1689"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-06-01T20:16:34Z","publicdate":"2005-07-12T00:00:00Z","datefirstpublished":"2005-07-13T15:14:03Z","dateupdated":"2005-08-08T19:18:36Z","revision":26,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"17","cam_impact":"17","cam_easeofexploitation":"5","cam_attackeraccessrequired":"15","cam_scorecurrent":"13.005","cam_scorecurrentwidelyknown":"15.03703125","cam_scorecurrentwidelyknownexploited":"23.16515625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":13.005,"vulnote":null}