CVE-2011-0284
published 2011-03-20CVE-2011-0284: Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9…
PriorityP341high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
8.27%
94.2th percentile
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.8.3+dfsg-6 (bookworm) | krb5 1.8.3+dfsg-6 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.8.3+dfsg-6 | 1.8.3+dfsg-6 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-6 | 1.8.3+dfsg-6 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-6 | 1.8.3+dfsg-6 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-6 | 1.8.3+dfsg-6 |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6LOW
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerability
vendor_ubuntu·2011-03-15
CVE-2011-0284 Kerberos vulnerability
Title: Kerberos vulnerability
Summary: MIT Kerberos 5 Key Distribution Center (KDC) daemon denial of service
vulnerability.
Cameron Meadors discovered that the MIT Kerberos 5 Key Distribution
Center (KDC) daemon is vulnerable to a double-free condition if
the Public Key Cryptography for Initial Authentication (PKINIT)
capability is enabled. This could allow a remote attacker to cause
a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
(krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
vendor_redhat·2011-03-15·CVSS 7.6
CVE-2011-0284 [HIGH] (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
(krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
Package: krb5 (Red Hat Enterprise Linux 4) - Not affected
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2011-0284: krb5 - Double free vulnerability in the prepare_error_as function in do_as_req.c in the...
vendor_debian·2011·CVSS 7.6
CVE-2011-0284 [HIGH] CVE-2011-0284: krb5 - Double free vulnerability in the prepare_error_as function in do_as_req.c in the...
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
Scope: local
bookworm: resolved (fixed in 1.8.3+dfsg-6)
bullseye: resolved (fixed in 1.8.3+dfsg-6)
forky: resolved (fixed in 1.8.3+dfsg-6)
sid: resolved (fixed in 1.8.3+dfsg-6)
trixie: resolved (fixed in 1.8.3+dfsg-6)
GHSA
GHSA-w63f-q474-3fj3: Double free vulnerability in the prepare_error_as function in do_as_req
ghsa_unreviewed·2022-05-13
CVE-2011-0284 [HIGH] GHSA-w63f-q474-3fj3: Double free vulnerability in the prepare_error_as function in do_as_req
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
OSV
CVE-2011-0284: Double free vulnerability in the prepare_error_as function in do_as_req
osv·2011-03-20·CVSS 7.6
CVE-2011-0284 [HIGH] CVE-2011-0284: Double free vulnerability in the prepare_error_as function in do_as_req
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003) [fedora-all]
bugzilla·2011-03-16·CVSS 7.6
CVE-2011-0284 [HIGH] CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003) [fedora-all]
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?ty
Bugzilla
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
bugzilla·2011-02-01·CVSS 5.0
CVE-2011-0284 [MEDIUM] CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
A double-free flaw was found in the way the MIT Kerberos
KDC handled initial authentication requests (AS-REQ), when
the KDC was configured to provide the PKINIT capability.
A remote attacker could use this flaw to cause the KDC
daemon to abort by using a specially-crafted AS-REQ request.
Different vulnerability than CVE-2010-1320 and CVE-2005-1174.
Discussion:
Created attachment 476397
Proposed patch from Nalin Dahyabhai to fix the issue
---
This issue did NOT affect the versions of the krb5 package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue affects the version of the krb5 package, as shipped
with Red Hat Enterprise Linux 6.
--
This i
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056413.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056573.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056579.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://osvdb.org/71183http://secunia.com/advisories/43700http://secunia.com/advisories/43760http://secunia.com/advisories/43783http://secunia.com/advisories/43881http://securitytracker.com/id?1025216http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txthttp://www.kb.cert.org/vuls/id/943220http://www.mandriva.com/security/advisories?name=MDVSA-2011:048http://www.redhat.com/support/errata/RHSA-2011-0356.htmlhttp://www.securityfocus.com/archive/1/517029/100/0/threadedhttp://www.securityfocus.com/bid/46881http://www.ubuntu.com/usn/USN-1088-1http://www.vupen.com/english/advisories/2011/0672http://www.vupen.com/english/advisories/2011/0673http://www.vupen.com/english/advisories/2011/0680http://www.vupen.com/english/advisories/2011/0722http://www.vupen.com/english/advisories/2011/0763https://exchange.xforce.ibmcloud.com/vulnerabilities/66101http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056413.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056573.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056579.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://osvdb.org/71183http://secunia.com/advisories/43700http://secunia.com/advisories/43760http://secunia.com/advisories/43783http://secunia.com/advisories/43881http://securitytracker.com/id?1025216http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txthttp://www.kb.cert.org/vuls/id/943220http://www.mandriva.com/security/advisories?name=MDVSA-2011:048http://www.redhat.com/support/errata/RHSA-2011-0356.htmlhttp://www.securityfocus.com/archive/1/517029/100/0/threadedhttp://www.securityfocus.com/bid/46881http://www.ubuntu.com/usn/USN-1088-1http://www.vupen.com/english/advisories/2011/0672http://www.vupen.com/english/advisories/2011/0673http://www.vupen.com/english/advisories/2011/0680http://www.vupen.com/english/advisories/2011/0722http://www.vupen.com/english/advisories/2011/0763https://exchange.xforce.ibmcloud.com/vulnerabilities/66101
2011-03-20
Published