Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2004-1189HistoryDec 31, 2004 - 5:00 a.m.
CVE-2004-1189
2004-12-3105:00:00
Debian Security Bug Tracker
security-tracker.debian.org
11
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
38.1%
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy’s history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | krb5 | < 1.3.6-1 | krb5_1.3.6-1_all.deb |
| Debian | 11 | all | krb5 | < 1.3.6-1 | krb5_1.3.6-1_all.deb |
| Debian | 999 | all | krb5 | < 1.3.6-1 | krb5_1.3.6-1_all.deb |
| Debian | 13 | all | krb5 | < 1.3.6-1 | krb5_1.3.6-1_all.deb |
Related
openvas
openvas
FreeBSD Ports: krb5, krb5-beta
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200501-05 (mit-krb5)
2008-09-24 00:00:00
FreeBSD Ports: krb5, krb5-beta
2008-09-04 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : krb5 (MDKSA-2004:156)
2004-12-23 00:00:00
Debian DSA-629-1 : krb5 - buffer overflow
2005-01-07 00:00:00
ubuntucve
ubuntucve
CVE-2004-1189
2004-12-31 00:00:00
debian
debian
[SECURITY] [DSA 629-1] New kerberos packages fix arbitrary code execution
2005-01-07 16:13:03
[SECURITY] [DSA 629-1] New kerberos packages fix arbitrary code execution
2005-01-07 16:13:03
freebsd
freebsd
krb5 -- heap buffer overflow vulnerability in libkadm5srv
2004-12-06 00:00:00
redhat
redhat
(RHSA-2005:045) krb5 security update
2005-02-15 00:00:00
(RHSA-2005:012) krb5 security update
2005-01-19 00:00:00
ubuntu
ubuntu
MIT Kerberos server vulnerability
2005-01-10 00:00:00
gentoo
gentoo
mit-krb5: Heap overflow in libkadm5srv
2005-01-05 00:00:00
osv
osv
krb5 - buffer overflow
2005-01-07 00:00:00
cvelist
cvelist
CVE-2004-1189
2004-12-31 05:00:00
cve
cve
CVE-2004-1189
2004-12-31 05:00:00
securityvulns
securityvulns
MITKRB5-SA-2004-004: heap overflow in libkadm5srv
2004-12-22 00:00:00
nvd
nvd
CVE-2004-1189
2004-12-31 05:00:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
38.1%
Related for DEBIANCVE:CVE-2004-1189