CVE - CVE-2011-0284

CVE-ID
CVE-2011-0284	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20110315 MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled URL:http://www.securityfocus.com/archive/1/517029/100/0/threaded CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt FEDORA:FEDORA-2011-3462 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056579.html FEDORA:FEDORA-2011-3464 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056573.html FEDORA:FEDORA-2011-3547 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056413.html MANDRIVA:MDVSA-2011:048 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:048 REDHAT:RHSA-2011:0356 URL:http://www.redhat.com/support/errata/RHSA-2011-0356.html SUSE:SUSE-SR:2011:005 URL:http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html UBUNTU:USN-1088-1 URL:http://www.ubuntu.com/usn/USN-1088-1 CERT-VN:VU#943220 URL:http://www.kb.cert.org/vuls/id/943220 BID:46881 URL:http://www.securityfocus.com/bid/46881 OSVDB:71183 URL:http://osvdb.org/71183 SECTRACK:1025216 URL:http://securitytracker.com/id?1025216 SECUNIA:43783 URL:http://secunia.com/advisories/43783 SECUNIA:43700 URL:http://secunia.com/advisories/43700 SECUNIA:43760 URL:http://secunia.com/advisories/43760 SECUNIA:43881 URL:http://secunia.com/advisories/43881 VUPEN:ADV-2011-0672 URL:http://www.vupen.com/english/advisories/2011/0672 VUPEN:ADV-2011-0673 URL:http://www.vupen.com/english/advisories/2011/0673 VUPEN:ADV-2011-0680 URL:http://www.vupen.com/english/advisories/2011/0680 VUPEN:ADV-2011-0722 URL:http://www.vupen.com/english/advisories/2011/0722 VUPEN:ADV-2011-0763 URL:http://www.vupen.com/english/advisories/2011/0763 XF:kerberos-perpareerroras-code-execution(66101) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/66101
Assigning CNA
N/A
Date Entry Created
20110103	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110103)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org