ID CVE-2004-0434
Summary k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:kth:heimdal
    cpe:2.3:a:kth:heimdal
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_HEIMDAL_061_1.NASL
    description The following package needs to be updated: heimdal
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12550
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12550
    title FreeBSD : heimdal kadmind remote heap buffer overflow (66)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200405-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-200405-23 (Heimdal: Kerberos 4 buffer overflow in kadmin) A buffer overflow was discovered in kadmind, a server for administrative access to the Kerberos database. Impact : By sending a specially formatted message to kadmind, a remote attacker may be able to crash kadmind causing a denial of service, or execute arbitrary code with the permissions of the kadmind process. Workaround : For a temporary workaround, providing you do not require Kerberos 4 support, you may turn off Kerberos 4 kadmin by running kadmind with the --no-kerberos4 option.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 14509
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14509
    title GLSA-200405-23 : Heimdal: Kerberos 4 buffer overflow in kadmin
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-504.NASL
    description Evgeny Demidov discovered a potential buffer overflow in a Kerberos 4 component of heimdal, a free implementation of Kerberos 5. The problem is present in kadmind, a server for administrative access to the Kerberos database. This problem could perhaps be exploited to cause the daemon to read a negative amount of data which could lead to unexpected behaviour.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15341
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15341
    title Debian DSA-504-1 : heimdal - missing input sanitising
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_446DBECB9EDC11D893660020ED76EF5A.NASL
    description An input validation error was discovered in the kadmind code that handles the framing of Kerberos 4 compatibility administration requests. The code assumed that the length given in the framing was always two or more bytes. Smaller lengths will cause kadmind to read an arbitrary amount of data into a minimally-sized buffer on the heap. A remote attacker may send a specially formatted message to kadmind, causing it to crash or possibly resulting in arbitrary code execution. The kadmind daemon is part of Kerberos 5 support. However, this bug will only be present if kadmind was built with additional Kerberos 4 support. Thus, only systems that have *both* Heimdal Kerberos 5 and Kerberos 4 installed might be affected. NOTE: On FreeBSD 4 systems, `kadmind' may be installed as `k5admind'.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 36947
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36947
    title FreeBSD : heimdal kadmind remote heap buffer overflow (446dbecb-9edc-11d8-9366-0020ed76ef5a)
refmap via4
bugtraq 20040505 Advisory: Heimdal kadmind version4 remote heap overflow
debian DSA-504
freebsd FreeBSD-SA-04:09
fulldisc 20040506 Advisory: Heimdal kadmind version4 remote heap overflow
gentoo GLSA-200405-23
xf heimdal-kadmind-bo(16071)
Last major update 17-10-2016 - 22:45
Published 07-07-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top