CVE-2011-0284

Publication date 15 March 2011

Last updated 24 July 2024


Ubuntu priority

Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.

From the Ubuntu Security Team

Cameron Meadors discovered that the MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled. This could allow a remote attacker to cause a denial of service.

Read the notes from the security team

Status

Package Ubuntu Release Status
krb5 10.10 maverick
Fixed 1.8.1+dfsg-5ubuntu0.6
10.04 LTS lucid
Fixed 1.8.1+dfsg-2ubuntu0.8
9.10 karmic
Fixed 1.7dfsg~beta3-1ubuntu0.12
8.04 LTS hardy
Not affected
6.06 LTS dapper
Not affected

Notes


sbeattie

CRD Tuesday, 15 March 2011, at 14:00 US/Eastern time

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
krb5

References

Related Ubuntu Security Notices (USN)

Other references