Lucene search

K

[email protected]CVE-2005-1689

HistoryJul 18, 2005 - 4:00 a.m.

CVE-2005-1689

2005-07-1804:00:00

CWE-415

[email protected]

web.nvd.nist.gov

27

mit kerberos 5

double free vulnerability

remote code execution

cve-2005-1689

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.343 Low

EPSS

Percentile

97.0%

Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5le1.4.1
apple:mac_os_x_serverapple mac os x serverlt10.4.2
apple:mac_os_xapple mac os xlt10.4.2
debian:debian_linuxdebian debian linuxeq3.1
debian:debian_linuxdebian debian linuxeq3.0

References

ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000993

lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

marc.info/?l=bugtraq&m=112119974704542&w=2

secunia.com/advisories/16041

secunia.com/advisories/17135

secunia.com/advisories/17899

secunia.com/advisories/22090

securitytracker.com/id?1014461

sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1

web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt

www.debian.org/security/2005/dsa-757

www.gentoo.org/security/en/glsa/glsa-200507-11.xml

www.kb.cert.org/vuls/id/623332

www.novell.com/linux/security/advisories/2005_17_sr.html

www.redhat.com/support/errata/RHSA-2005-562.html

www.redhat.com/support/errata/RHSA-2005-567.html

www.securityfocus.com/archive/1/446940/100/0/threaded

www.securityfocus.com/bid/14239

www.trustix.org/errata/2005/0036

www.turbolinux.com/security/2005/TLSA-2005-78.txt

www.vupen.com/english/advisories/2005/1066

www.vupen.com/english/advisories/2006/3776

exchange.xforce.ibmcloud.com/vulnerabilities/21055

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9819

usn.ubuntu.com/224-1/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.343 Low

EPSS

Percentile

97.0%

Related for CVE-2005-1689

checkpoint_advisories1 nessus22 ubuntucve1 securityvulns1 cert1 debiancve1 debian2 openvas2 osv1 gentoo1 centos3 redhat2 ubuntu1