Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2007-04-06 01:19
Updated : 2024-02-28 11:01
NVD link : CVE-2007-1216
Mitre link : CVE-2007-1216
CVE.ORG link : CVE-2007-1216
JSON object : View
Products Affected
mit
- kerberos_5
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-415
Double Free