ID CVE-2005-1174
Summary MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 21-01-2020 - 15:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2013-04-29T04:03:45.682-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
    family unix
    id oval:org.mitre.oval:def:10229
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
    version 29
  • accepted 2007-03-21T16:17:18.240-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Nabil Ouchn
      organization Security-Database
    description MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
    family unix
    id oval:org.mitre.oval:def:397
    status accepted
    submitted 2006-09-22T05:52:00.000-04:00
    title MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability
    version 37
redhat via4
advisories
rhsa
id RHSA-2005:567
rpms
  • krb5-debuginfo-0:1.3.4-17
  • krb5-devel-0:1.3.4-17
  • krb5-libs-0:1.3.4-17
  • krb5-server-0:1.3.4-17
  • krb5-workstation-0:1.3.4-17
refmap via4
aixapar IY85474
apple
  • APPLE-SA-2005-08-15
  • APPLE-SA-2005-08-17
bid 14240
bugtraq 20050712 MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC
cert-vn VU#259798
confirm http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt
debian DSA-757
sectrack 1014460
secunia
  • 16041
  • 17899
  • 20364
sgi 20050703-01-U
sunalert 101809
suse SUSE-SR:2005:017
trustix 2005-0036
turbo TLSA-2005-78
ubuntu USN-224-1
vupen
  • ADV-2005-1066
  • ADV-2006-2074
xf kerberos-kdc-krb5-tcp-connection-dos(21327)
Last major update 21-01-2020 - 15:45
Published 18-07-2005 - 04:00
Last modified 21-01-2020 - 15:45
Back to Top