CVE-2004-0772

Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860	Broken Link
http://marc.info/?l=bugtraq&m=109508872524753&w=2	Mailing List
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt	Patch Vendor Advisory
http://www.debian.org/security/2004/dsa-543	Mailing List
http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml	Third Party Advisory
http://www.kb.cert.org/vuls/id/350792	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:088	Third Party Advisory
http://www.securityfocus.com/bid/11078	Broken Link Third Party Advisory VDB Entry
http://www.trustix.net/errata/2004/0045/	Broken Link
http://www.us-cert.gov/cas/techalerts/TA04-247A.html	Broken Link Patch Third Party Advisory US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/17158	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:openpkg:openpkg:2.0:::::::*
	cpe:2.3:a:openpkg:openpkg:2.1:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

History

02 Feb 2024, 15:27

Information

Published : 2004-10-20 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-0772

Mitre link : CVE-2004-0772

CVE.ORG link : CVE-2004-0772

JSON object : View

Products Affected

openpkg

openpkg

debian

debian_linux

mit

kerberos_5

CWE

CWE-415

Double Free

Type	Values Removed	Values Added
References	~~(MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2004:088 -~~	(MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2004:088 - Third Party Advisory
References	~~(CERT-VN) http://www.kb.cert.org/vuls/id/350792 - US Government Resource~~	(CERT-VN) http://www.kb.cert.org/vuls/id/350792 - Third Party Advisory, US Government Resource
References	~~(TRUSTIX) http://www.trustix.net/errata/2004/0045/ -~~	(TRUSTIX) http://www.trustix.net/errata/2004/0045/ - Broken Link
References	~~(DEBIAN) http://www.debian.org/security/2004/dsa-543 -~~	(DEBIAN) http://www.debian.org/security/2004/dsa-543 - Mailing List
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/17158 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/17158 - Third Party Advisory, VDB Entry
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661 - Broken Link
References	~~(CERT) http://www.us-cert.gov/cas/techalerts/TA04-247A.html - Patch, Third Party Advisory, US Government Resource~~	(CERT) http://www.us-cert.gov/cas/techalerts/TA04-247A.html - Broken Link, Patch, Third Party Advisory, US Government Resource
References	~~(BID) http://www.securityfocus.com/bid/11078 -~~	(BID) http://www.securityfocus.com/bid/11078 - Broken Link, Third Party Advisory, VDB Entry
References	~~(BUGTRAQ) http://marc.info/?l=bugtraq&m=109508872524753&w=2 -~~	(BUGTRAQ) http://marc.info/?l=bugtraq&m=109508872524753&w=2 - Mailing List
References	~~(GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml -~~	(GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml - Third Party Advisory
References	~~(CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860 -~~	(CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860 - Broken Link
CWE	~~CWE-119~~	CWE-415
CVSS	v2 : ~~7.5~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
First Time		Openpkg openpkg Openpkg Debian Debian debian Linux
CPE	cpe:2.3:a:mit:kerberos_5:1.2.6:::::::* cpe:2.3:a:mit:kerberos_5:1.2:::::::* cpe:2.3:a:mit:kerberos_5:1.2.2:::::::* cpe:2.3:a:mit:kerberos:1.0.8mit:::::::* cpe:2.3:a:mit:kerberos_5:1.2.7:::::::* cpe:2.3:a:mit:kerberos_5:1.3:alpha1:::::: cpe:2.3:a:mit:kerberos_5:1.2.5:::::::* cpe:2.3:a:mit:kerberos:1.2.2.beta1:::::::* cpe:2.3:a:mit:kerberos_5:1.3.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.8:::::::* cpe:2.3:a:mit:kerberos_5:1.3.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.2:::::::* cpe:2.3:a:mit:kerberos_5:1.3.1:::::::* cpe:2.3:a:mit:kerberos_5:1.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.1:::::::* cpe:2.3:a:mit:kerberos_5:1.0.6:::::::* cpe:2.3:a:mit:kerberos_5:1.1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.2.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.4:::::::* cpe:2.3:a:mit:kerberos:1.0:::::::*	cpe:2.3:a:mit:kerberos_5:::::::: cpe:2.3:o:debian:debian_linux:3.0:::::::* cpe:2.3:a:openpkg:openpkg:2.0:::::::* cpe:2.3:a:openpkg:openpkg:2.1:::::::*

9.8 /10