FreeBSD : krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled (7edac52a-66cd-11e0-9398-5d45f3aa24f0)

high Nessus Plugin ID 53443


The remote FreeBSD host is missing one or more security-related updates.


An advisory published by the MIT Kerberos team says :

The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult).

An unauthenticated remote attacker can induce a double-free event, causing the KDC daemon to crash (denial of service), or to execute arbitrary code. Exploiting a double-free event to execute arbitrary code is believed to be difficult.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 53443

File Name: freebsd_pkg_7edac52a66cd11e093985d45f3aa24f0.nasl

Version: 1.12

Type: local

Published: 4/15/2011

Updated: 1/6/2021

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:krb5, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/14/2011

Vulnerability Publication Date: 3/15/2011

Reference Information

CVE: CVE-2011-0284