CVE-2002-1235

EPSS 32.9%

heimdal - buffer overflow

發布日:2002/11/4修改日:2026/4/28

描述

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

受影響套件(5)

Debian/heimdalfrom 0, < 0.4e-22
Debian/heimdalfrom 0, < 0.4e-7.woody.5
Debian/krb4from 0, < 1.1-8-2.2
Debian/krb5from 0, < 1.2.6-2
Debian/krb5from 0, < 1.2.4-5woody3

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2002-1235