Executive Summary
Summary | |
---|---|
Title | MIT Kerberos server vulnerability |
Informations | |||
---|---|---|---|
Name | USN-58-1 | First vendor Publication | 2005-01-10 |
Vendor | Ubuntu | Last vendor Modification | 2005-01-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: krb5-admin-server krb5-kdc libkadm55 libkrb53 The problem can be corrected by upgrading the affected package to version 1.3.4-3ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Michael Tautschnig discovered a possible buffer overflow in the add_to_history() function in the MIT Kerberos 5 implementation. Performing a password change did not properly track the password policy's history count and the maximum number of keys. This could cause an array overflow and may have allowed authenticated users (not necessarily one with administrative privileges) to execute arbitrary code on the KDC host, compromising an entire Kerberos realm. |
Original Source
Url : http://www.ubuntu.com/usn/USN-58-1 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-100 | Overflow Buffers |
CAPEC-119 | Resource Depletion |
CAPEC-123 | Buffer Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11911 | |||
Oval ID: | oval:org.mitre.oval:def:11911 | ||
Title: | The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow. | ||
Description: | The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1189 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-05 (mit-krb5) File : nvt/glsa_200501_05.nasl |
2008-09-04 | Name : FreeBSD Ports: krb5, krb5-beta File : nvt/freebsd_krb5.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 629-1 (krb5) File : nvt/deb_629_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12533 | MIT Kerberos 5 libkadm5srv Password History Handling Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-58-1.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2005-007.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0bb7677d52f311d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-045.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200501-05.nasl - Type : ACT_GATHER_INFO |
2005-01-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-012.nasl - Type : ACT_GATHER_INFO |
2005-01-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-629.nasl - Type : ACT_GATHER_INFO |
2004-12-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-563.nasl - Type : ACT_GATHER_INFO |
2004-12-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-564.nasl - Type : ACT_GATHER_INFO |
2004-12-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-156.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:56 |
|
2013-05-11 12:26:11 |
|