MIT » Kerberos 5 : Security Vulnerabilities, CVEs, Published In 2011 (Code Execution)
The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.
Max CVSS
10.0
EPSS Score
24.56%
Published
2011-04-15
Updated
2020-01-21
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
Max CVSS
7.6
EPSS Score
35.56%
Published
2011-03-20
Updated
2020-01-21
2 vulnerabilities found