Executive Summary

Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

Why It Matters

CVE-2004-0772 is rated CRITICAL severity, requiring immediate attention from security teams.

CVSS Base Score: 9.8/10

Affected Technologies

Vendors: mit, openpkg, debian

Products: kerberos_5, openpkg, debian_linux

🛡️What Defenders Should Check

Check if you are affected — Review your asset inventory for products listed in CVE-2004-0772.

Apply available patches — Visit vendor advisories for the latest security updates.

Monitor for exploitation — Check your SIEM/IDS logs for related indicators.

Use Vulnios to continuously monitor your exposure to CVE-2004-0772 and similar vulnerabilities.

References & Sources

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860

http://marc.info/?l=bugtraq&m=109508872524753&w=2

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt

http://www.debian.org/security/2004/dsa-543

http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml

http://www.kb.cert.org/vuls/id/350792

http://www.mandriva.com/security/advisories?name=MDKSA-2004:088

http://www.securityfocus.com/bid/11078

http://www.trustix.net/errata/2004/0045/

http://www.us-cert.gov/cas/techalerts/TA04-247A.html

AI Security Advisor

Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

Affected Products

kerberos_5openpkgdebian_linux

Sources

NVD / NIST

critical

Protect Your Organization

Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

Get Started Free Free Security Scan OSINT Dashboard

Get instant alerts on Telegram

Join our public channel for real-time critical CVE alerts.

Follow @vulnios

Critical Vulnerability: CVE-2004-0772 — mit, openpkg — kerberos_5, openpkg