CVE-2010-1320

Severity

40%

Complexity

80%

Confidentiality

48%

Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.

Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

Type

Mit Kerberos 5

First reported 15 years ago

2010-04-22 14:30:00

Last updated 5 years ago

2020-01-21 15:45:00

Affected Software

Mit Kerberos 5 1.7

1.7

Mit Kerberos 5 1.7.1

1.7.1

Mit Kerberos 5 1.8

1.8

Mit Kerberos 5 1.8.1

1.8.1

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490

APPLE-SA-2010-06-15-1

SUSE-SR:2010:010

39656

39784

40220

1023904

http://support.apple.com/kb/HT4188

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt

20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC

39599

Exploit

USN-940-1

ADV-2010-1001

ADV-2010-1192

ADV-2010-1481

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.