Debian DSA-543-1 : krb5 - several vulnerabilities

high Nessus Plugin ID 15380


The remote Debian host is missing a security-related update.


The MIT Kerberos Development Team has discovered a number of vulnerabilities in the MIT Kerberos Version 5 software. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :

- CAN-2004-0642 [VU#795632] A double-free error may allow unauthenticated remote attackers to execute arbitrary code on KDC or clients.

- CAN-2004-0643 [VU#866472]

Several double-free errors may allow authenticated attackers to execute arbitrary code on Kerberos application servers.

- CAN-2004-0644 [VU#550464]

A remotely exploitable denial of service vulnerability has been found in the KDC and libraries.

- CAN-2004-0772 [VU#350792]

Several double-free errors may allow remote attackers to execute arbitrary code on the server. This does not affect the version in woody.


Upgrade the krb5 packages.

For the stable distribution (woody) these problems have been fixed in version 1.2.4-5woody6.

See Also

Plugin Details

Severity: High

ID: 15380

File Name: debian_DSA-543.nasl

Version: 1.26

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:krb5

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 8/31/2004

Vulnerability Publication Date: 8/31/2004

Reference Information

CVE: CVE-2004-0642, CVE-2004-0643, CVE-2004-0644, CVE-2004-0772

CWE: 119

CERT: 350792, 550464, 795632, 866472

DSA: 543