CVE-2004-1189

2004-12-3100:00:00

ubuntu.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

37.1%

JSON

The add_to_history function in svr_principal.c in libkadm5srv for MIT
Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not
properly track the password policy’s history count and the maximum number
of keys, which can cause an array index out-of-bounds error and may allow
authenticated users to execute arbitrary code via a heap-based buffer
overflow.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchkrb5< 1.4.3-5ubuntu0.6UNKNOWN
ubuntu6.10noarchkrb5< 1.4.3-9ubuntu1.5UNKNOWN
ubuntu7.04noarchkrb5< 1.4.4-5ubuntu3.3UNKNOWN