Status Tracking Note TRTA07-009B

MIT Kerberos Vulnerabilities

Overview

The MIT Kerberos administration daemon contains two vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.
Event Information
Date (UTC)Description
2007-01-09 21:52 US-CERT
TA07-009B: MIT Kerberos Vulnerabilities
The MIT Kerberos administration daemon contains two vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.
2007-01-09 02:28 MIT
MIT krb5 Security Advisory 2006-003: kadmind (via GSS-API mechglue) frees uninitialized pointers
The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution.
2007-01-09 02:28 MIT
MIT krb5 Security Advisory 2006-002: kadmind (via RPC library) calls uninitialized function pointer
The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory.
Date first published (UTC): 2007-01-11T14:32+00:00
Date last updated (UTC): 2007-01-11T14:32+00:00