A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | krb5 | 2015-05-05 15:44 | ALAS-2015-518 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 6.5 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
NVD | CVSSv2 | 9.0 | AV:N/AC:L/Au:S/C:C/I:C/A:C |