LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

krb5: double-free and ASN.1 parsing

Package(s):krb5 CVE #(s):CAN-2004-0642 CAN-2004-0643 CAN-2004-0644 CAN-2004-0772
Created:August 31, 2004 Updated:September 21, 2004
Description: Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. See CAN-2004-0642, CAN-2004-0643 and CAN-2004-0772. An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. See CAN-2004-0644. See this CERT advisory for additional information.
Alerts:
Whitebox WBSA-2004:350-01 2004-09-20
OpenPKG OpenPKG-SA-2004.039 2004-09-13
Conectiva CLA-2004:860 2004-09-09
Gentoo 200409-09 2004-09-06
Trustix TSLSA-2004-0045 2004-09-02
Mandrake MDKSA-2004:088 2004-08-31
Debian DSA-543-1 2004-08-31
Fedora FEDORA-2004-277 2004-08-31
Fedora FEDORA-2004-276 2004-08-31
Red Hat RHSA-2004:350-01 2004-08-31
Red Hat RHSA-2004:448-01 2004-08-31
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds