CVE

CVE-2005-1174

Date: (C)2005-07-18   (M)2023-12-22

MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL

Reference:

SECTRACK-1014460

SUNALERT-101809

BID-14240

SECUNIA-16041

SECUNIA-17899

2005-0036

20050703-01-U

http://marc.info/?l=bugtraq&m=112122123211974&w=2

SECUNIA-20364

ADV-2005-1066

ADV-2006-2074

APPLE-SA-2005-08-15

APPLE-SA-2005-08-17

DSA-757

IY85474

RHSA-2005:567

SUSE-SR:2005:017

TLSA-2005-78

USN-224-1

VU#259798

http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt

kerberos-kdc-krb5-tcp-connection-dos(21327)

oval:org.mitre.oval:def:10229

oval:org.mitre.oval:def:397