CVE-2002-1235 — Kerberos 4 vulnerability
12 documents9 sources
Severity
10.0CRITICALNVD
EPSS
32.9%
top 3.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 4
Latest updateMay 3
Description
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages5 packages
Also affects: Debian Linux 3.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-r4jv-xp6w-68qp: The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1↗2022-05-03
OSV▶
CVE-2002-1235: The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1↗2002-11-04
CVEList▶
CVE-2002-1235: The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1↗2002-10-25