CVE-2004-0642

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-09-2004 06:00

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

7.5

Base score

10.0

6.4

Exploitability score

Impact score

Verification logic

Reference

GLSA-200409-09-Third Party Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt
TA04-247A-Third Party Advisory, US Government Resource
VU#795632-Third Party Advisory, US Government Resource
CLA-2004:860-Broken Link
DSA-543-Third Party Advisory
RHSA-2004:350-Third Party Advisory
2004-0045-Broken Link
11078-Third Party Advisory, VDB Entry
20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)-Issue Tracking, Third Party Advisory
kerberos-kdc-double-free(17157)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:4936-Broken Link, Third Party Advisory
oval:org.mitre.oval:def:10709-Broken Link, Third Party Advisory

Keywords

CVE-2004-0642

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2004-0642

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures