1. CVE-Search
  2. CVE-2004-0434
ID CVE-2004-0434
Summary k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:heimdal_project:heimdal:0.0j:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0j:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0k:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0k:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0l:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0l:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0m:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0m:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0n:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0n:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0o:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0o:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0p:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0p:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0q:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0q:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0r:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0r:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0s:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0s:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0t:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0t:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.0u:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.0u:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1a:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1b:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1b:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1c:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1c:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1d:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1d:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1e:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1e:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1f:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1f:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1g:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1g:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1h:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1h:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1i:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1i:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1j:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1j:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1k:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1k:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1l:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1l:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.1m:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.1m:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2a:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2b:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2c:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2c:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2d:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2d:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2e:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2e:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2f:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2f:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2g:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2g:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2h:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2h:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2i:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2i:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2j:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2j:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2k:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2k:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2l:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2l:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2m:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2m:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2n:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2n:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2o:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2o:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2p:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2p:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2q:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2q:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2r:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2r:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2s:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2s:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.2t:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.2t:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.3a:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.3a:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.3b:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.3b:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.3c:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.3c:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.3d:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.3d:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.3e:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.3e:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.3f:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.3f:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.4.d:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.4.d:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.4.e:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.4.e:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.4.f:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.4.f:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.4a:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.4a:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.4b:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.4b:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.4c:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.4c:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:heimdal_project:heimdal:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal_project:heimdal:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 02-02-2024 - 03:05)
Impact:
Exploitability:
CWE CWE-131
CAPEC
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bugtraq 20040505 Advisory: Heimdal kadmind version4 remote heap overflow
debian DSA-504
freebsd FreeBSD-SA-04:09
fulldisc 20040506 Advisory: Heimdal kadmind version4 remote heap overflow
gentoo GLSA-200405-23
xf heimdal-kadmind-bo(16071)
Last major update 02-02-2024 - 03:05
Published 07-07-2004 - 04:00
Last modified 02-02-2024 - 03:05
Back to Top