Lucene search
GoogleOSV:DSA-183HistoryOct 29, 2002 - 12:00 a.m.
krb5 - buffer overflow
2002-10-2900:00:00
Google
osv.dev
5
0.294 Low
EPSS
Percentile
96.9%
Tom Yu and Sam Hartman of MIT discovered another stack buffer overflow
in the kadm_ser_wrap_in function in the Kerberos v4 administration
server. This kadmind bug has a working exploit code circulating,
hence it is considered serious. The MIT krb5 implementation
includes support for version 4, including a complete v4 library,
server side support for krb4, and limited client support for v4.
This problem has been fixed in version 1.2.4-5woody3 for the current
stable distribution (woody) and in version 1.2.6-2 for the unstable
distribution (sid). The old stable distribution (potato) is not
affected since no krb5 packages are included.
We recommend that you upgrade your krb5 packages immediately.
References
Related
cert
cert
Kerberos administration daemon vulnerable to buffer overflow
2002-10-23 00:00:00
securityvulns
securityvulns
CERT Advisory CA-2002-29 Buffer Overflow in Kerberos Administration Daemon
2002-10-26 00:00:00
cvelist
cvelist
CVE-2002-1235
2002-10-25 04:00:00
cve
cve
CVE-2002-1235
2002-11-04 05:00:00
openvas
openvas
Debian Security Advisory DSA 185-1 (heimdal)
2008-01-17 00:00:00
Debian Security Advisory DSA 183-1 (krb5)
2008-01-17 00:00:00
Debian Security Advisory DSA 184-1 (krb4)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-183-1 : krb5 - buffer overflow
2004-09-29 00:00:00
Debian DSA-184-1 : krb4 - buffer overflow
2004-09-29 00:00:00
Debian DSA-185-1 : heimdal - buffer overflow
2004-09-29 00:00:00
redhat
redhat
(RHSA-2002:250) krb5 security update
2003-01-09 00:00:00
nvd
nvd
CVE-2002-1235
2002-11-04 05:00:00
debiancve
debiancve
CVE-2002-1235
2002-11-04 05:00:00
osv
osv
krb4 - buffer overflow
2002-10-30 00:00:00