FreeBSD : krb5 -- double-free vulnerabilities (86a98b57-fb8e-11d8-9343-000a95bc6fae)

High Nessus Plugin ID 37617


The remote FreeBSD host is missing a security-related update.


An advisory published by the MIT Kerberos team says :

The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable.

Double-free vulnerabilities of this type are not believed to be exploitable for code execution on FreeBSD systems. However, the potential for other ill effects may exist.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 37617

File Name: freebsd_pkg_86a98b57fb8e11d89343000a95bc6fae.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2009/04/23

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:krb5, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/08/31

Vulnerability Publication Date: 2004/08/31

Reference Information

CVE: CVE-2004-0642, CVE-2004-0643, CVE-2004-0772

CERT: 350792, 795632, 866472

CWE: 119