CVE-2004-1189

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 31-12-2004 06:00

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:C/I:C/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

7.2

Base score

3.9

10.0

Exploitability score

Impact score

Verification logic

Reference

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txt
CLA-2005:917-Broken Link
RHSA-2005:012-Third Party Advisory
RHSA-2005:045-Third Party Advisory
2004-0069-Broken Link
APPLE-SA-2005-08-15-Mailing List, Third Party Advisory
APPLE-SA-2005-08-17-Mailing List, Third Party Advisory
MDKSA-2004:156-Third Party Advisory
20050110 [USN-58-1] MIT Kerberos server vulnerability-Issue Tracking, Mailing List, Third Party Advisory
20041220 MITKRB5-SA-2004-004: heap overflow in libkadm5srv-Issue Tracking, Mailing List, Third Party Advisory
kerberos-libkadm5srv-bo(18621)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:11911-Broken Link, Third Party Advisory

Keywords

CVE-2004-1189

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2004-1189

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures