CVE-2010-1320

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) versions 1.7.x through 1.8.1 MIT Kerberos 5 (aka krb5) versions prior to 1.9.2

Description A double free vulnerability exists in the Key Distribution Center (KDC) in MIT Kerberos 5, which can be exploited by remote authenticated users. This issue is associated with requests for renewal or validation and can cause a denial of service (daemon crash) or possibly allow the execution of arbitrary code. Multiple vulnerabilities in the mit-krb5 package can lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For versions 1.7.x through 1.8.1, update to version 1.8.2 or later to resolve the issue. For versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Key Distribution Center (KDC) to minimize the risk of exploitation.