1. CVE-Search
  2. CVE-2004-0371
ID CVE-2004-0371
Summary Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.
References
Vulnerable Configurations
  • cpe:2.3:a:kth:heimdal:0.4a:*:*:*:*:*:*:*
    cpe:2.3:a:kth:heimdal:0.4a:*:*:*:*:*:*:*
  • cpe:2.3:a:kth:heimdal:0.4b:*:*:*:*:*:*:*
    cpe:2.3:a:kth:heimdal:0.4b:*:*:*:*:*:*:*
  • cpe:2.3:a:kth:heimdal:0.4c:*:*:*:*:*:*:*
    cpe:2.3:a:kth:heimdal:0.4c:*:*:*:*:*:*:*
  • cpe:2.3:a:kth:heimdal:0.4d:*:*:*:*:*:*:*
    cpe:2.3:a:kth:heimdal:0.4d:*:*:*:*:*:*:*
  • cpe:2.3:a:kth:heimdal:0.4e:*:*:*:*:*:*:*
    cpe:2.3:a:kth:heimdal:0.4e:*:*:*:*:*:*:*
  • cpe:2.3:a:kth:heimdal:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:kth:heimdal:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:kth:heimdal:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:kth:heimdal:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kth:heimdal:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:kth:heimdal:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kth:heimdal:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:kth:heimdal:0.6.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
confirm http://www.pdc.kth.se/heimdal/advisory/2004-04-01/
debian DSA-476
freebsd FreeBSD-SA-04:08
gentoo GLSA-200404-09
openbsd 20040530 009: SECURITY FIX: May 30, 2004
xf heimdal-cross-realm-spoofing(15701)
Last major update 11-07-2017 - 01:30
Published 04-05-2004 - 04:00
Last modified 11-07-2017 - 01:30
Back to Top