Summary
Detail | |||
---|---|---|---|
Vendor | Heimdal Project | First view | 2004-07-07 |
Product | Heimdal | Last view | 2023-03-27 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:* | 12 |
cpe:2.3:a:heimdal_project:heimdal:7.8.0:*:*:*:*:*:*:* | 1 |
cpe:2.3:a:heimdal_project:heimdal:7.7.1:*:*:*:*:*:*:* | 1 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2023-03-27 | CVE-2022-3116 | The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. |
7.5 | 2023-03-06 | CVE-2022-45142 | The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. |
7.5 | 2022-12-26 | CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. |
9.8 | 2022-12-25 | CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). |
8.8 | 2022-12-25 | CVE-2022-42898 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." |
7.5 | 2022-11-15 | CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. |
7.5 | 2019-07-31 | CVE-2018-16860 | A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. |
7.4 | 2019-05-15 | CVE-2019-12098 | In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. |
7.5 | 2017-12-06 | CVE-2017-17439 | In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. |
7.5 | 2017-08-28 | CVE-2017-6594 | The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. |
8.1 | 2017-07-13 | CVE-2017-11103 | Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. |
10 | 2011-12-24 | CVE-2011-4862 | Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. |
9.8 | 2004-07-07 | CVE-2004-0434 | k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
27% (3) | CWE-476 | NULL Pointer Dereference |
9% (1) | CWE-358 | Improperly Implemented Security Check for Standard |
9% (1) | CWE-354 | Improper Validation of Integrity Check Value |
9% (1) | CWE-345 | Insufficient Verification of Data Authenticity |
9% (1) | CWE-295 | Certificate Issues |
9% (1) | CWE-193 | Off-by-one Error |
9% (1) | CWE-190 | Integer Overflow or Wraparound |
9% (1) | CWE-131 | Incorrect Calculation of Buffer Size |
9% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-100 | Overflow Buffers |
CAPEC-123 | Buffer Attacks |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:22146 | RHSA-2011:1851: krb5 security update (Critical) |
oval:org.mitre.oval:def:22108 | RHSA-2011:1852: krb5-appl security update (Critical) |
oval:org.mitre.oval:def:20405 | VMware ESXi and ESX address several security issues |
oval:org.mitre.oval:def:15184 | DSA-2373-1 inetutils -- buffer overflow |
oval:org.mitre.oval:def:15151 | DSA-2375-1 krb5 -- buffer overflow |
oval:org.mitre.oval:def:15084 | DSA-2372-1 heimdal -- buffer overflow |
oval:org.mitre.oval:def:23380 | ELSA-2011:1852: krb5-appl security update (Critical) |
oval:org.mitre.oval:def:23239 | ELSA-2011:1851: krb5 security update (Critical) |
oval:org.mitre.oval:def:27975 | DEPRECATED: ELSA-2011-1852 -- krb5-appl security update (critical) |
SAINT Exploits
Description | Link |
---|---|
Telnetd Encryption Key ID Code Execution | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78020 | FreeBSD telnetd Multiple telnet/libtelnet/encrypt.c encrypt_keyid() Function ... |
5889 | Heimdal kadmind Kerberos 4 Heap Overflow |
OpenVAS Exploits
id | Description |
---|---|
2012-08-02 | Name : SuSE Update for krb5-appl openSUSE-SU-2012:0051-1 (krb5-appl) File : nvt/gb_suse_2012_0051_1.nasl |
2012-08-02 | Name : SuSE Update for krb5-appl openSUSE-SU-2012:0019-1 (krb5-appl) File : nvt/gb_suse_2012_0019_1.nasl |
2012-07-30 | Name : CentOS Update for krb5-devel CESA-2011:1851 centos4 File : nvt/gb_CESA-2011_1851_krb5-devel_centos4.nasl |
2012-07-30 | Name : CentOS Update for krb5-devel CESA-2011:1851 centos5 File : nvt/gb_CESA-2011_1851_krb5-devel_centos5.nasl |
2012-07-30 | Name : CentOS Update for krb5-appl-clients CESA-2011:1852 centos6 File : nvt/gb_CESA-2011_1852_krb5-appl-clients_centos6.nasl |
2012-07-09 | Name : RedHat Update for krb5-appl RHSA-2011:1852-02 File : nvt/gb_RHSA-2011_1852-02_krb5-appl.nasl |
2012-04-02 | Name : VMSA-2012-0006 VMware ESXi and ESX address several security issues File : nvt/gb_VMSA-2012-0006.nasl |
2012-03-19 | Name : Fedora Update for krb5-appl FEDORA-2011-17493 File : nvt/gb_fedora_2011_17493_krb5-appl_fc16.nasl |
2012-03-12 | Name : Gentoo Security Advisory GLSA 201202-05 (heimdal) File : nvt/glsa_201202_05.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-14 (mit-krb5-appl) File : nvt/glsa_201201_14.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2373-1 (inetutils) File : nvt/deb_2373_1.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2372-1 (heimdal) File : nvt/deb_2372_1.nasl |
2012-01-09 | Name : Fedora Update for krb5-appl FEDORA-2011-17492 File : nvt/gb_fedora_2011_17492_krb5-appl_fc15.nasl |
2011-12-30 | Name : RedHat Update for krb5 RHSA-2011:1851-01 File : nvt/gb_RHSA-2011_1851-01_krb5.nasl |
2011-12-30 | Name : Mandriva Update for krb5-appl MDVSA-2011:195 (krb5-appl) File : nvt/gb_mandriva_MDVSA_2011_195.nasl |
2011-12-28 | Name : FreeBSD 'telnetd' Daemon Remote Buffer Overflow Vulnerability File : nvt/gb_freebsd_telnetd_51182.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-23 (Heimdal) File : nvt/glsa_200405_23.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-04:09.kadmind.asc) File : nvt/freebsdsa_kadmind.nasl |
2008-09-04 | Name : FreeBSD Ports: heimdal File : nvt/freebsd_heimdal.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 504-1 (heimdal) File : nvt/deb_504_1.nasl |
0000-00-00 | Name : FreeBSD Ports: krb5-appl File : nvt/freebsd_krb5-appl.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2012-A-0056 | Multiple Vulnerabilities in VMWare ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0031979 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-10-08 | Heimdal KDC malformed as-req denial of service attempt RuleID : 51400 - Type : SERVER-OTHER - Revision : 1 |
2014-01-10 | FreeBSD telnetd dec_keyid overflow attempt RuleID : 20813 - Type : PROTOCOL-TELNET - Revision : 9 |
2014-01-10 | FreeBSD telnetd enc_keyid overflow attempt RuleID : 20812 - Type : PROTOCOL-TELNET - Revision : 9 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-f0e5ad250c.nasl - Type: ACT_GATHER_INFO |
2018-01-10 | Name: The remote Fedora host is missing a security update. File: fedora_2017-2962e58478.nasl - Type: ACT_GATHER_INFO |
2017-12-14 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1364.nasl - Type: ACT_GATHER_INFO |
2017-12-08 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4055.nasl - Type: ACT_GATHER_INFO |
2017-11-03 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2017-004.nasl - Type: ACT_GATHER_INFO |
2017-10-03 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_13.nasl - Type: ACT_GATHER_INFO |
2017-08-31 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-987.nasl - Type: ACT_GATHER_INFO |
2017-08-23 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2237-1.nasl - Type: ACT_GATHER_INFO |
2017-08-18 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-937.nasl - Type: ACT_GATHER_INFO |
2017-07-24 | Name: The remote Fedora host is missing a security update. File: fedora_2017-5d6a9e0c9c.nasl - Type: ACT_GATHER_INFO |
2017-07-24 | Name: The remote Fedora host is missing a security update. File: fedora_2017-2afe501b36.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3353-1.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2017-195-02.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Debian host is missing a security update. File: debian_DLA-1027.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3909.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3912.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Samba server is affected by a service impersonation vulnerability. File: samba_4_6_6.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3353-2.nasl - Type: ACT_GATHER_INFO |
2017-07-14 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_85851e4f67d911e7bc3700505689d4ae.nasl - Type: ACT_GATHER_INFO |
2017-06-01 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_40a8d798461511e78080a4badb2f4699.nasl - Type: ACT_GATHER_INFO |
2016-03-03 | Name: The remote VMware ESXi / ESX host is missing a security-related patch. File: vmware_VMSA-2012-0006_remote.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_telnet_20120404.nasl - Type: ACT_GATHER_INFO |
2014-11-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2011-0015.nasl - Type: ACT_GATHER_INFO |
2014-11-17 | Name: The remote security appliance is missing a vendor-supplied patch. File: cisco-sa-20120126-wsa.nasl - Type: ACT_GATHER_INFO |
2014-11-17 | Name: The remote security appliance is missing a vendor-supplied patch. File: cisco-sa-20120126-sma.nasl - Type: ACT_GATHER_INFO |