FreeBSD : krb5 -- double-free vulnerabilities (86a98b57-fb8e-11d8-9343-000a95bc6fae)

high Nessus Plugin ID 37617


The remote FreeBSD host is missing a security-related update.


An advisory published by the MIT Kerberos team says :

The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable.

Double-free vulnerabilities of this type are not believed to be exploitable for code execution on FreeBSD systems. However, the potential for other ill effects may exist.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 37617

File Name: freebsd_pkg_86a98b57fb8e11d89343000a95bc6fae.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:krb5

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/31/2004

Vulnerability Publication Date: 8/31/2004

Reference Information

CVE: CVE-2004-0642, CVE-2004-0643, CVE-2004-0772

CWE: 119

CERT: 350792, 795632, 866472