Heimdal Kerberos kf / kfd Multiple Buffer Overflows

2002-09-11T00:00:00
ID OSVDB:5618
Type osvdb
Reporter OSVDB
Modified 2002-09-11T00:00:00

Description

Vulnerability Description

Multiple remote overflows exist in Heimdal Kerberos. The 'kf' binary and the 'kfd' daemon fail to perform proper bounds checking resulting in multiple buffer overflows. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Multiple remote overflows exist in Heimdal Kerberos. The 'kf' binary and the 'kfd' daemon fail to perform proper bounds checking resulting in multiple buffer overflows. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.pdc.kth.se/heimdal/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Related OSVDB ID: 5616 Related OSVDB ID: 4900 Related OSVDB ID: 5617 ISS X-Force ID: 10116 Generic Informational URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-018.txt.asc CVE-2002-1235 Bugtraq ID: 5731