Ubuntu Security Notice 408-1 - The server-side portion of Kerberos' RPC library had a memory management flaw which allowed users of that library to call a function pointer located in unallocated memory. By doing specially crafted calls to the kadmind server, a remote attacker could exploit this to execute arbitrary code with root privileges on the target computer.
e079b7c7e47961cfa7ff2d1f16f02981d8f6e75fcf8965a3c0ce46723b5c0d19Mandriva Linux Security Advisory - A vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used in the kadmind administration daemon calls an uninitialized function pointer in freed memory, which could allow a remote attacker to cause a Denial of Service and possibly execute arbitrary code via unspecified vectors.
699eadf06107b013881e40f59f8a3d015127c5a77af5ca495b05c155650a55a3OpenPKG Security Advisory - According to vendor security advisories, two security issues exist in the Kerberos network authentication system implementation MIT Kerberos. First, the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind(8). Second, the GSS-API "mechglue" layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused another security vulnerability in kadmind(8).
18eb84638a0aa1af34b0b1cdc4873ec6ac8264aa88bdd3cd284bf7eb213a80c4MIT krb5 Security Advisory 2006-002 - The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library. Third-party server applications written using the RPC library provided with MIT krb5 may also be vulnerable.
87d587621f057226f60e716dfd1abc4d65dbd81c11c4a1edfa9d38e13eb53dcf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed