VDB
CERTCC-2004-350792
CERTCC-2004-350792
PUBLISHED
The MIT Kerberos krb524d daemon does not securely deallocate heap memory when handling an error condition, resulting in a double-free vulnerability. An unauthenticated, remote attacker could execute arbitrary code on a system running krb524d, which in many cases is also a Kerberos Distribution Center (KDC). The compromise of a KDC system can lead to the compromise of an entire Kerberos realm. An attacker may also be able to cause a denial of service on a system running krb524d.
Timeline
- Aug 31, 2004 CVE Published
- Sep 3, 2004 CVE Updated
- Mar 17, 2026 Security Advisory
References
- MIT Kerberos krb524d insecurely deallocates memory (double-free) advisory
- MIT Kerberos krb524d insecurely deallocates memory (double-free) url
- MIT Kerberos krb524d insecurely deallocates memory (double-free) url
- MIT Kerberos krb524d insecurely deallocates memory (double-free) url
- MIT Kerberos krb524d insecurely deallocates memory (double-free) url
- MIT Kerberos krb524d insecurely deallocates memory (double-free) url