CVE-2002-1235
Summary
| CVE | CVE-2002-1235 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-11-04 05:00:00 UTC |
| Updated | 2020-01-21 16:47:00 UTC |
| Description | The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 3.0 | All | All | All |
| Operating System | Debian | Debian Linux | 3.0 | All | All | All |
| Application | Kth | Kth Kerberos 4 | All | All | All | All |
| Application | Kth | Kth Kerberos 4 | All | All | All | All |
| Application | Kth | Kth Kerberos 5 | All | All | All | All |
| Application | Kth | Kth Kerberos 5 | All | All | All | All |
| Application | Mit | Kerberos 5 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 'MITKRB5-SA-2002-002: Buffer overflow in kadmind4' - MARC | BUGTRAQ | marc.info | Mailing List, Third Party Advisory |
| Debian -- Security Information -- DSA-183-1 krb5 | DEBIAN | www.debian.org | Third Party Advisory |
| web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt | CONFIRM | web.mit.edu | Vendor Advisory |
| Debian -- Security Information -- DSA-184-1 krb4 | DEBIAN | www.debian.org | Patch, Third Party Advisory |
| 'Re: Buffer overflow in kadmind4' - MARC | BUGTRAQ | marc.info | Mailing List, Third Party Advisory |
| CERT Advisory CA-2002-29 Buffer Overflow in Kerberos Administration Daemon | CERT | www.cert.org | Patch, Third Party Advisory, US Government Resource |
| ISS X-Force Database: kerberos-kadmind-bo (10430): Kerberos 4 compatibility administration daemon (kadmind) buffer overflow | XF | www.iss.net | Third Party Advisory |
| www.pdc.kth.se/heimdal | CONFIRM | www.pdc.kth.se | Third Party Advisory |
| 'Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4' - MARC | BUGTRAQ | marc.info | Mailing List, Third Party Advisory |
| MDKSA-2002:073 | MANDRAKE | www.linux-mandrake.com | Third Party Advisory |
| 'GLSA: krb5' - MARC | BUGTRAQ | marc.info | Mailing List, Third Party Advisory |
| NetBSD-SA2002-026 | NETBSD | ftp.netbsd.org | Third Party Advisory |
| redhat.com | Red Hat Support | REDHAT | www.redhat.com | Third Party Advisory |
| Neohapsis Archives - Bugtraq - KRB5-SORCERER2002-10-27 Security Update - From ask33_at_linuxmountain.org | BUGTRAQ | archives.neohapsis.com | Third Party Advisory |
| Home - Conectiva | CONECTIVA | distro.conectiva.com.br | Third Party Advisory |
| Multiple Vendor kadmind Remote Buffer Overflow Vulnerability | BID | www.securityfocus.com | Patch, Third Party Advisory, VDB Entry, Vendor Advisory |
| Debian -- Security Information -- DSA-185-1 heimdal | DEBIAN | www.debian.org | Third Party Advisory |
| web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt | CONFIRM | web.mit.edu | Vendor Advisory |
| CERT/CC Vulnerability Note VU#875073 | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.