CVE-2004-0642 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2004-0642?

CVE-2004-0642 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-0642?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

Vulnerability Description

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mit	Kerberos 5	<= 1.3.4
Debian	Debian Linux	3.0
Redhat	Enterprise Linux Desktop	3.0
Redhat	Enterprise Linux Server	3.0
Redhat	Enterprise Linux Workstation	3.0

Related Weaknesses (CWE)

CWE-415

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860Broken Link
http://marc.info/?l=bugtraq&m=109508872524753&w=2Issue TrackingThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2004-350.htmlThird Party Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txtPatchVendor Advisory
http://www.debian.org/security/2004/dsa-543Mailing ListThird Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200409-09.xmlMailing ListThird Party Advisory
http://www.kb.cert.org/vuls/id/795632Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/11078Broken LinkThird Party AdvisoryVDB Entry
http://www.trustix.net/errata/2004/0045/Broken Link
http://www.us-cert.gov/cas/techalerts/TA04-247A.htmlBroken LinkThird Party AdvisoryUS Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/17157Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860Broken Link
http://marc.info/?l=bugtraq&m=109508872524753&w=2Issue TrackingThird Party Advisory

FAQ

What is CVE-2004-0642?

CVE-2004-0642 is a vulnerability with a CVSS score of 7.5 (HIGH). Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow ...

How severe is CVE-2004-0642?

CVE-2004-0642 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0642?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.