FreeBSD : krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled (7edac52a-66cd-11e0-9398-5d45f3aa24f0)

high Nessus Plugin ID 53443

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

An advisory published by the MIT Kerberos team says :

The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult).

An unauthenticated remote attacker can induce a double-free event, causing the KDC daemon to crash (denial of service), or to execute arbitrary code. Exploiting a double-free event to execute arbitrary code is believed to be difficult.

Solution

Update the affected packages.

See Also

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt

http://www.nessus.org/u?ae1642eb

Plugin Details

Severity: High

ID: 53443

File Name: freebsd_pkg_7edac52a66cd11e093985d45f3aa24f0.nasl

Version: 1.12

Type: local

Published: 4/15/2011

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:krb5, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/14/2011

Vulnerability Publication Date: 3/15/2011

Reference Information

CVE: CVE-2011-0284