A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | krb5 | 2014-11-11 10:25 | ALAS-2014-443 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P |
NVD | CVSSv2 | 7.6 | AV:N/AC:H/Au:N/C:C/I:C/A:C |