CVE-2002-1235
published 2002-11-04CVE-2002-1235: The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind…
critical10CVSS 3.1
AVNACLAuNCCICAC
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | heimdal | < heimdal 0.4e-22 (bookworm) | heimdal 0.4e-22 (bookworm) |
| debian | krb5 | < heimdal 0.4e-22 (bookworm) | heimdal 0.4e-22 (bookworm) |
| heimdal_project | heimdal | >= 0 < 0.4e-22 | 0.4e-22 |
| heimdal_project | heimdal | >= 0 < 0.4e-22 | 0.4e-22 |
| heimdal_project | heimdal | >= 0 < 0.4e-22 | 0.4e-22 |
| heimdal_project | heimdal | >= 0 < 0.4e-22 | 0.4e-22 |
| kth | kth_kerberos_4 | < 1.2.1 | 1.2.1 |
| kth | kth_kerberos_5 | < 0.5.1 | 0.5.1 |
| mit | kerberos_5 | 1.0 – 1.2.6 | — |
| mit | krb5 | >= 0 < 1.2.6-2 | 1.2.6-2 |
| mit | krb5 | >= 0 < 1.2.6-2 | 1.2.6-2 |
| mit | krb5 | >= 0 < 1.2.6-2 | 1.2.6-2 |
| mit | krb5 | >= 0 < 1.2.6-2 | 1.2.6-2 |
CVSS provenance
nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vulncheck10.0CRITICAL