|
|
Log in / Subscribe / Register

krb5: arbitrary code execution

Package(s):krb5 CVE #(s):CVE-2011-0285
Created:April 15, 2011 Updated:April 26, 2011
Description: From the CVE entry:

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Alerts:
Gentoo 201201-13 mit-krb5 2012-01-23
Mandriva MDVSA-2011:077 krb5 2011-04-22
Ubuntu USN-1116-1 krb5 2011-04-19
SUSE SUSE-SR:2011:007 NetworkManager, OpenOffice_org, apache2-slms, dbus-1-glib, dhcp/dhcpcd/dhcp6, freetype2, kbd, krb5, libcgroup, libmodplug, libvirt, mailman, moonlight-plugin, nbd, openldap2, pure-ftpd, python-feedparser, rsyslog, telepathy-gabble, wireshark 2011-04-19
openSUSE openSUSE-SU-2011:0348-1 krb5 2011-04-18
Red Hat RHSA-2011:0447-01 krb5 2011-04-14
Fedora FEDORA-2011-5343 krb5 2011-04-14
Fedora FEDORA-2011-5345 krb5 2011-04-14
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds