CVE-2011-0285

EPSS 17.9%

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/35606unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726 http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html http://osvdb.org/71789 http://secunia.com/advisories/44125 http://secunia.com/advisories/44181 http://secunia.com/advisories/44196 http://securityreason.com/securityalert/8200 https://hermes.opensuse.org/messages/8086843 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt http://www.mandriva.com/security/advisories?name=MDVSA-2011:077 http://www.redhat.com/support/errata/RHSA-2011-0447.html