FreeBSD : krb5 -- double-free vulnerabilities (86a98b57-fb8e-11d8-9343-000a95bc6fae)
High Nessus Plugin ID 37617
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionAn advisory published by the MIT Kerberos team says :
The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable.
Double-free vulnerabilities of this type are not believed to be exploitable for code execution on FreeBSD systems. However, the potential for other ill effects may exist.
SolutionUpdate the affected package.