CVE-2010-0629

Published: 06 April 2010

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

Priority

Medium

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream
Released (1.7)
Patches:
Upstream: http://web.mit.edu/kerberos/advisories/2010-003-patch.txt