CVE-2004-0643

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5) versions 1.3.1 and earlier krb5-devel version 1.2.2 krb5-server version 1.2.2 krb5-libs version 1.2.2 krb5-workstation version 1.2.2

Description The issue concerns multiple vulnerabilities in the krb5 package of Red Hat Enterprise Linux, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A double free vulnerability in the krb5 rd cred function may allow local users to execute arbitrary code.

Recommendations For MIT Kerberos 5 (krb5) versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue. For krb5-devel version 1.2.2, update to a newer version to mitigate the risk. For krb5-server version 1.2.2, update to a newer version to mitigate the risk. For krb5-libs version 1.2.2, update to a newer version to mitigate the risk. For krb5-workstation version 1.2.2, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.