CVE-2004-0642

Name of the Vulnerable Software and Affected Versions krb5-devel versions 1.2.2 krb5-server versions 1.2.2 krb5-libs versions 1.2.2 krb5-workstation versions 1.2.2 MIT Kerberos 5 (krb5) versions prior to 1.3.4

Description The issue concerns multiple vulnerabilities in the krb5 package of Red Hat Enterprise Linux and MIT Kerberos 5 (krb5), which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, double free vulnerabilities exist in the error handling code for ASN.1 decoders in the Key Distribution Center (KDC) library and the client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier, potentially allowing remote attackers to execute arbitrary code.

Recommendations For krb5-devel version 1.2.2, update to a version later than 1.2.2. For krb5-server version 1.2.2, update to a version later than 1.2.2. For krb5-libs version 1.2.2, update to a version later than 1.2.2. For krb5-workstation version 1.2.2, update to a version later than 1.2.2. For MIT Kerberos 5 (krb5) versions prior to 1.3.4, update to version 1.3.4 or later. As a temporary workaround, consider restricting access to the Key Distribution Center (KDC) library and the client library until a patch is available.