PT-2001-2679 · Mit · Kerberos4Kth-Servers+16

Published

1970-01-01

·

Updated

2020-01-21

·

CVE-2002-1235

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions krb5-workstation versions 1.1.1 through 1.2.2 krb5-server versions 1.1.1 through 1.2.2 krb5-devel versions 1.1.1 through 1.2.2 krb5-libs version 1.1.1 kerberos4kth-services (affected versions not specified) libkadm1-kerberos4kth (affected versions not specified) kerberos4kth-servers-x (affected versions not specified) libkdb-1-kerberos4kth (affected versions not specified) kerberos4kth-kdc (affected versions not specified) kerberos4kth-dev-common (affected versions not specified) kerberos4kth-clients-x (affected versions not specified) kerberos4kth-servers (affected versions not specified) kerberos4kth-clients (affected versions not specified) kerberos4kth-docs (affected versions not specified) kerberos4kth-x11 (affected versions not specified) kerberos4kth-dev (affected versions not specified) kerberos4kth1 (affected versions not specified) libacl1-kerberos4kth (affected versions not specified) libkrb-1-kerberos4kth (affected versions not specified) kerberos4kth-user (affected versions not specified) kerberos4kth-kip (affected versions not specified)
Description The issue is related to multiple vulnerabilities in various Kerberos packages, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The kadm ser in function in the Kerberos v4 compatibility administration daemon (kadmind4) does not properly verify the length field of a request, allowing remote attackers to execute arbitrary code via a buffer overflow attack.
Recommendations For krb5-workstation versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-server versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-devel versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-libs version 1.1.1, update to a version later than 1.1.1. For other affected packages, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

BDU:2015-03359
BDU:2015-03360
BDU:2015-03361
BDU:2015-03362
BDU:2015-03363
BDU:2015-03364
BDU:2015-03365
BDU:2015-03366
BDU:2015-03367
BDU:2015-03368
BDU:2015-03369
BDU:2015-03370
BDU:2015-03371
BDU:2015-03372
BDU:2015-03373
BDU:2015-03374
BDU:2015-03375
BDU:2015-08132
BDU:2015-08133
BDU:2015-08135
BDU:2015-08136
BDU:2015-08137
BDU:2015-08139
BDU:2015-08142
BDU:2015-08143
BDU:2015-08145
BDU:2015-08146
CVE-2002-1235
DSA-183
DSA-184
DSA-185

Affected Products

Kerberos4Kth-Clients
Kerberos4Kth-Dev
Kerberos4Kth-Dev-Common
Kerberos4Kth-Docs
Kerberos4Kth-Kdc
Kerberos4Kth-Kip
Kerberos4Kth-Servers
Kerberos4Kth-User
Kerberos4Kth-X11
Kerberos4Kth1
Krb5-Devel
Krb5-Libs
Krb5-Server
Krb5-Workstation
Libacl1-Kerberos4Kth
Libkadm1-Kerberos4Kth
Libkdb-1-Kerberos4Kth