FreeBSD446DBECB-9EDC-11D8-9366-0020ED76EF5Aheimdal kadmind remote heap buffer overflow
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.059 Low
EPSS
Percentile
93.4%
An input validation error was discovered in the kadmind
code that handles the framing of Kerberos 4 compatibility
administration requests. The code assumed that the length
given in the framing was always two or more bytes. Smaller
lengths will cause kadmind to read an arbitrary amount of
data into a minimally-sized buffer on the heap.
A remote attacker may send a specially formatted message
to kadmind, causing it to crash or possibly resulting in
arbitrary code execution.
The kadmind daemon is part of Kerberos 5 support. However,
this bug will only be present if kadmind was built with
additional Kerberos 4 support. Thus, only systems that have
both Heimdal Kerberos 5 and Kerberos 4 installed might
be affected.
NOTE: On FreeBSD 4 systems, kadmind' may be installed as k5admind’.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.059 Low
EPSS
Percentile
93.4%