Description
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
References (13)
Core 13
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39784
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-940-1
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26750
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2007/Dec/0321.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1192
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/44747
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2007/Dec/0176.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39290
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-924-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28636
Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=199211
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-2012
Scores
EPSS
0.0192
EPSS Percentile
83.6%
Details
CWE
CWE-119
Status
published
Products (1)
mit/kerberos_5
1.5
Published
Dec 06, 2007
Tracked Since
Feb 18, 2026