CVE-2011-0285high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
http://secunia.com/advisories/44125
http://secunia.com/advisories/44181
http://secunia.com/advisories/44196
http://securityreason.com/securityalert/8200
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
http://www.redhat.com/support/errata/RHSA-2011-0447.html
http://www.securityfocus.com/archive/1/517484/100/0/threaded
http://www.securityfocus.com/bid/47310
http://www.securitytracker.com/id?1025320
http://www.vupen.com/english/advisories/2011/0936
http://www.vupen.com/english/advisories/2011/0986
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 75884 | openSUSE Security Update : krb5 (openSUSE-SU-2011:0348-1) | Nessus | SuSE Local Security Checks | critical |
| 75562 | openSUSE Security Update : krb5 (openSUSE-SU-2011:0348-1) | Nessus | SuSE Local Security Checks | critical |
| 68256 | Oracle Linux 6 : krb5 (ELSA-2011-0447) | Nessus | Oracle Linux Local Security Checks | critical |
| 61019 | Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
| 57655 | GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 55074 | Ubuntu 9.10 / 10.04 LTS / 10.10 : krb5 vulnerability (USN-1116-1) | Nessus | Ubuntu Local Security Checks | critical |
| 53745 | openSUSE Security Update : krb5 (openSUSE-SU-2011:0348-1) | Nessus | SuSE Local Security Checks | critical |
| 53555 | Fedora 14 : krb5-1.8.2-10.fc14 (2011-5345) | Nessus | Fedora Local Security Checks | critical |
| 53554 | Fedora 13 : krb5-1.7.1-19.fc13 (2011-5343) | Nessus | Fedora Local Security Checks | critical |
| 53538 | Mandriva Linux Security Advisory : krb5 (MDVSA-2011:077) | Nessus | Mandriva Local Security Checks | critical |
| 53467 | Fedora 15 : krb5-1.9-7.fc15 (2011-5333) | Nessus | Fedora Local Security Checks | critical |
| 53445 | RHEL 6 : krb5 (RHSA-2011:0447) | Nessus | Red Hat Local Security Checks | critical |
| 53442 | FreeBSD : krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285] (6a3c3e5c-66cb-11e0-a116-c535f3aa24f0) | Nessus | FreeBSD Local Security Checks | critical |