There are multiple double-free vulnerabilities reported to exist in MIT Kerberos 5. All vulnerabilities stem from inconsistent memory handling routines in the krb5 library. These vulnerabilities are exploitable in various ways: - An attacker can execute arbitrary code in the context of a KDC server process, potentially compromising the entire Kerberos realm. - An attacker can execute arbitrary code in the context of a krb524d server process, potentially compromising the entire Kerberos realm if it is running on the same computer as a KDC. - An attacker can execute arbitrary code in the context of various other server processes utilizing the krb5 library. - An attacker impersonating a KDC or application server may be able to execute arbitrary code in the context of a client process attempting to authenticate. Versions up to and including 1.3.4 are reported vulnerable. Update: IBM has reported that IBM Tivoli Access Manager for e-business version 5.1 is vulnerable to CAN-2004-0642...
There are multiple double-free vulnerabilities reported to exist in MIT Kerberos 5. All vulnerabilities stem from inconsistent memory handling routines in the krb5 library. These vulnerabilities are exploitable in various ways: - An attacker can execute arbitrary code in the context of a KDC server process, potentially compromising the entire Kerberos realm. - An attacker can execute arbitrary code in the context of a krb524d server process, potentially compromising the entire Kerberos realm if it is running on the same computer as a KDC. - An attacker can execute arbitrary code in the context of various other server processes utilizing the krb5 library. - An attacker impersonating a KDC or application server may be able to execute arbitrary code in the context of a client process attempting to authenticate. Versions up to and including 1.3.4 are reported vulnerable. Update: IBM has reported that IBM Tivoli Access Manager for e-business version 5.1 is vulnerable to CAN-2004-0642 and CAN-2004-0643 when configured for single sign on using SPNEGO authentication.
