CVE-2004-0772

Summary

CVE	CVE-2004-0772
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2004-10-20 04:00:00 UTC
Updated	2024-02-02 15:27:00 UTC
Description	Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

Risk And Classification

Problem Types: CWE-415

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	3.0	All	All	All
Application	Mit	Kerberos	1.0	All	All	All
Application	Mit	Kerberos	1.0.8mit	All	All	All
Application	Mit	Kerberos	1.2.2.beta1	All	All	All
Application	Mit	Kerberos	1.0	All	All	All
Application	Mit	Kerberos	1.0.8mit	All	All	All
Application	Mit	Kerberos	1.2.2.beta1	All	All	All
Application	Mit	Kerberos 5	1.0.6	All	All	All
Application	Mit	Kerberos 5	1.1.1	All	All	All
Application	Mit	Kerberos 5	1.2	All	All	All
Application	Mit	Kerberos 5	1.2.1	All	All	All
Application	Mit	Kerberos 5	1.2.2	All	All	All
Application	Mit	Kerberos 5	1.2.3	All	All	All
Application	Mit	Kerberos 5	1.2.4	All	All	All
Application	Mit	Kerberos 5	1.2.5	All	All	All
Application	Mit	Kerberos 5	1.2.6	All	All	All
Application	Mit	Kerberos 5	1.2.7	All	All	All
Application	Mit	Kerberos 5	1.2.8	All	All	All
Application	Mit	Kerberos 5	1.3	All	All	All
Application	Mit	Kerberos 5	1.3	alpha1	All	All
Application	Mit	Kerberos 5	1.3.1	All	All	All
Application	Mit	Kerberos 5	1.3.2	All	All	All
Application	Mit	Kerberos 5	1.3.3	All	All	All
Application	Mit	Kerberos 5	1.3.4	All	All	All
Application	Mit	Kerberos 5	1.0.6	All	All	All
Application	Mit	Kerberos 5	1.1.1	All	All	All
Application	Mit	Kerberos 5	1.2	All	All	All
Application	Mit	Kerberos 5	1.2.1	All	All	All
Application	Mit	Kerberos 5	1.2.2	All	All	All
Application	Mit	Kerberos 5	1.2.3	All	All	All
Application	Mit	Kerberos 5	1.2.4	All	All	All
Application	Mit	Kerberos 5	1.2.5	All	All	All
Application	Mit	Kerberos 5	1.2.6	All	All	All
Application	Mit	Kerberos 5	1.2.7	All	All	All
Application	Mit	Kerberos 5	1.2.8	All	All	All
Application	Mit	Kerberos 5	1.3	All	All	All
Application	Mit	Kerberos 5	1.3	alpha1	All	All
Application	Mit	Kerberos 5	1.3.1	All	All	All
Application	Mit	Kerberos 5	1.3.2	All	All	All
Application	Mit	Kerberos 5	1.3.3	All	All	All
Application	Mit	Kerberos 5	1.3.4	All	All	All
Application	Mit	Kerberos 5	All	All	All	All
Application	Openpkg	Openpkg	2.0	All	All	All
Application	Openpkg	Openpkg	2.1	All	All	All

References

Reference	Source	Link	Tags
US-CERT Technical Cyber Security Alert TA04-247A -- Vulnerabilities in MIT Kerberos 5	CERT	www.us-cert.gov	Patch, Third Party Advisory, US Government Resource
web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt	CONFIRM	web.mit.edu	Patch, Vendor Advisory
Gentoo Linux Documentation -- MIT krb5: Multiple vulnerabilities	GENTOO	www.gentoo.org
'[OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)' - MARC	BUGTRAQ	marc.info
Home - Conectiva	CONECTIVA	distro.conectiva.com.br
US-CERT Vulnerability Note VU#350792	CERT-VN	www.kb.cert.org	US Government Resource
Advisories - Mandriva	MANDRAKE	www.mandriva.com
2004-0045	TRUSTIX	www.trustix.net
MIT Kerberos 5 Multiple Double-Free Vulnerabilities	BID	www.securityfocus.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Debian -- Security Information -- DSA-543-1 krb5	DEBIAN	www.debian.org
Repository / Oval Repository	OVAL	oval.cisecurity.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.