Description
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
Affected products
- cygnus / cygnus_network_security4.0 – 4.0
- cygnus / kerbnet5.0 – 5.0
- MIT / kerberos4.0 – 4.0
- MIT / Kerberos 51.0 – 1.0
- MIT / Kerberos 51.1 – 1.1
- MIT / Kerberos 51.1.1 – 1.1.1
References
- VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2000-11.html
- MISChttp://ciac.llnl.gov/ciac/bulletins/k-051.shtml
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
- VENDOR_ADVISORYhttp://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
- MISChttp://www.redhat.com/support/errata/RHSA-2000-031.html
- MISChttp://www.securityfocus.com/bid/1465