CVE-2004-0772
published 2004-10-20CVE-2004-0772: Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
PriorityP335critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.99%
93.4th percentile
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.3.4-3 (bookworm) | krb5 1.3.4-3 (bookworm) |
| mit | kerberos_5 | <= 1.2.8 | — |
| mit | krb5 | >= 0 < 1.3.4-3 | 1.3.4-3 |
| mit | krb5 | >= 0 < 1.3.4-3 | 1.3.4-3 |
| mit | krb5 | >= 0 < 1.3.4-3 | 1.3.4-3 |
| mit | krb5 | >= 0 < 1.3.4-3 | 1.3.4-3 |
| openpkg | openpkg | — | — |
| openpkg | openpkg | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qcm3-q3pj-vw39: Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1
ghsa_unreviewed·2022-04-29
CVE-2004-0772 [HIGH] CWE-119 GHSA-qcm3-q3pj-vw39: Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
OSV
CVE-2004-0772: Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1
osv·2004-10-20·CVSS 9.8
CVE-2004-0772 [CRITICAL] CVE-2004-0772: Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
Cisco
Vulnerabilities in Kerberos 5 Implementation
vendor_cisco·2004-08-31
CVE-2004-0642 Vulnerabilities in Kerberos 5 Implementation
Vulnerabilities in Kerberos 5 Implementation
Two vulnerabilities in the
Massachusetts Institute
of Technology (MIT) Kerberos 5
implementation that affect Cisco VPN 3000
Series Concentrators have been announced by the MIT Kerberos Team.
Cisco VPN 3000 Series Concentrators authenticating users against a
Kerberos Key Distribution Center (KDC) may be vulnerable to remote code
execution and to Denial of Service (DoS) attacks. Cisco has made free software
available to address these problems.
Cisco VPN 3000 Series Concentrators not authenticating users against a
Kerberos Key Distribution Center (KDC) are not impacted.
No exploitations of these vulnerabilities have been reported.
This advisory is available at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa
Debian
CVE-2004-0772: krb5 - Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5...
vendor_debian·2004·CVSS 9.8
CVE-2004-0772 [CRITICAL] CVE-2004-0772: krb5 - Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5...
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
Scope: local
bookworm: resolved (fixed in 1.3.4-3)
bullseye: resolved (fixed in 1.3.4-3)
forky: resolved (fixed in 1.3.4-3)
sid: resolved (fixed in 1.3.4-3)
trixie: resolved (fixed in 1.3.4-3)
Red Hat
security flaw
vendor_redhat·2003-03-27·CVSS 9.8
CVE-2004-0772 [CRITICAL] security flaw
security flaw
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
Cisco
Vulnerabilities in Kerberos 5 Implementation
vendor_cisco
CVE-2004-0772 Vulnerabilities in Kerberos 5 Implementation
CVE-2004-0772: Vulnerabilities in Kerberos 5 Implementation
Two vulnerabilities in the Massachusetts Institute of Technology (MIT) Kerberos 5 implementation that affect Cisco VPN 3000 Series Concentrators have been announced by the MIT Kerberos Team. Cisco VPN 3000 Series Concentrators authenticating users against a Kerberos Key Distribution Center (KDC) may be vulnerable to remote code execution and to Denial of Service (DoS) attacks. Cisco has made free software available to address these problems. Cisco VPN 3000 Series Concentrators not authenticating users against a Kerberos Key Distribution Center (KDC) are not impacted. No exploitations of these vulnerabilities have been reported. This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvis
No detection rules found.
No public exploits indexed.
CWE
Multiple Releases of Same Resource or Handle
mitre_cwe
CWE-1341 Multiple Releases of Same Resource or Handle
CWE-1341: Multiple Releases of Same Resource or Handle
The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.
Code typically requires "opening" handles or references to resources such as memory, files, devices, socket connections, services, etc. When the code is finished with using the resource, it is typically expected to "close" or "release" the resource, which indicates to the environment (such as the OS) that the resource can be re-assigned or reused by unrelated processes or actors - or in some cases, within the same process. API functions or other abstractions are often used to perform this release, such as free() or delete() within C/C++, or file-handle close() operations that are used in many languag
CWE
Double Free
mitre_cwe
CWE-415 Double Free
CWE-415: Double Free
The product calls free() twice on the same memory address.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability. Impact: Modify Memory, Execute Unauthorized Code or Commands. When a program calls free() twice with the same argument, the program's memory management data structures may become corrupted, potentially leading to the reading or modification of unexpected memory addresses. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a bu
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860http://marc.info/?l=bugtraq&m=109508872524753&w=2http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txthttp://www.debian.org/security/2004/dsa-543http://www.gentoo.org/security/en/glsa/glsa-200409-09.xmlhttp://www.kb.cert.org/vuls/id/350792http://www.mandriva.com/security/advisories?name=MDKSA-2004:088http://www.securityfocus.com/bid/11078http://www.trustix.net/errata/2004/0045/http://www.us-cert.gov/cas/techalerts/TA04-247A.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17158https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860http://marc.info/?l=bugtraq&m=109508872524753&w=2http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txthttp://www.debian.org/security/2004/dsa-543http://www.gentoo.org/security/en/glsa/glsa-200409-09.xmlhttp://www.kb.cert.org/vuls/id/350792http://www.mandriva.com/security/advisories?name=MDKSA-2004:088http://www.securityfocus.com/bid/11078http://www.trustix.net/errata/2004/0045/http://www.us-cert.gov/cas/techalerts/TA04-247A.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17158https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661
2004-10-20
Published