cbcvebase.
CVE-2005-1689
published 2005-07-18

CVE-2005-1689: Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via…

PriorityP339critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
11.01%
95.3th percentile
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

Affected

10 ranges
VendorProductVersion rangeFixed in
applemac_os_x< 10.4.210.4.2
applemac_os_x_server< 10.4.210.4.2
debiandebian_linux
debiandebian_linux
debiankrb5< krb5 1.3.6-4 (bookworm)krb5 1.3.6-4 (bookworm)
mitkerberos_5<= 1.4.1
mitkrb5>= 0 < 1.3.6-41.3.6-4
mitkrb5>= 0 < 1.3.6-41.3.6-4
mitkrb5>= 0 < 1.3.6-41.3.6-4
mitkrb5>= 0 < 1.3.6-41.3.6-4

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerable function is krb5_recvauth(); monitor for exploitation attempts targeting this function in daemons that call it, specifically kpropd, klogind, and kshd
  • The vulnerability is a double-free in krb5_recvauth triggered via certain error conditions over the network; watch for anomalous/malformed Kerberos authentication traffic to KDC and rsh-server daemons
  • ·Affected versions are MIT Kerberos 5 (krb5) 1.4.1 and earlier; Debian fixed in package version 1.3.6-4
  • ·The vulnerable daemons are kpropd (krb5-kdc package), klogind, and kshd (krb5-rsh-server package); all daemons calling krb5_recvauth() are at risk

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8MEDIUM
vendor_redhat9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.