Published: 18/08/2004 Updated: 21/01/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and previous versions allow remote malicious users to execute arbitrary code as root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.2
mit kerberos 5 1.2.1
mit kerberos 5 1.2.2
mit kerberos 5 1.3
mit kerberos 5 1.0
sgi propack 2.4
mit kerberos 1.0
mit kerberos 1.0.8
mit kerberos 5 1.2.5
mit kerberos 5 1.2.6
mit kerberos 5 1.1.1
sun seam 1.0.2
tinysofa tinysofa enterprise server 1.0
mit kerberos 1.2.2.beta1
mit kerberos 5 1.1
mit kerberos 5 1.2.7
mit kerberos 5 1.3.3
tinysofa tinysofa enterprise server 1.0_u1
sgi propack 3.0
mit kerberos 5 1.2.3
mit kerberos 5 1.2.4
mit kerberos 5 1.0.6
sun seam 1.0
sun seam 1.0.1
sun sunos 5.8
sun solaris 8.0
sun solaris 9.0

Synopsis krb5 security update Type/Severity Security Advisory: Moderate Topic Updated Kerberos 5 (krb5) packages which correct buffer overflows in thekrb5_aname_to_localname function are now available Description Kerberos is a network authentication systemBugs have been fixed in the krb5_ ...

In their advisory MITKRB5-SA-2004-001, the MIT Kerberos announced the existence of buffer overflow vulnerabilities in the krb5_aname_to_localname function This function is only used if aname_to_localname is enabled in the configuration (this is not enabled by default) For the current stable distribution (woody), this problem has been fixed in ver ...

NVD-CWE-Other http://www.kb.cert.org/vuls/id/686862 http://www.debian.org/security/2004/dsa-520 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860 http://lwn.net/Articles/88206/http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056 http://www.redhat.com/support/errata/RHSA-2004-236.html ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://www.securityfocus.com/bid/10448 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1 http://marc.info/?l=bugtraq&m=108619161815320&w=2 http://marc.info/?l=bugtraq&m=108619250923790&w=2 http://marc.info/?l=bugtraq&m=108612325909496&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16268 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295 https://access.redhat.com/errata/RHSA-2004:236 https://nvd.nist.gov https://www.debian.org/security/./dsa-520

CVE-2004-0523

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect