CVE-2004-1189

EPSS 0.09%

krb5 - buffer overflow

發布日:2004/12/31修改日:2026/4/28

也稱為:DSA-629-1DEBIAN-CVE-2004-1189

描述

The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.

受影響套件(2)

Debian/krb5from 0, < 1.3.6-1
Debian/krb5from 0, < 1.2.4-5woody7

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2004-1189