CVE-2004-0523
published 2004-08-18CVE-2004-0523: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
PriorityP345critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
11.67%
95.5th percentile
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.3.3-2 (bookworm) | krb5 1.3.3-2 (bookworm) |
| mit | kerberos | — | — |
| mit | kerberos | — | — |
| mit | kerberos | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.3.3-2 | 1.3.3-2 |
| mit | krb5 | >= 0 < 1.3.3-2 | 1.3.3-2 |
| mit | krb5 | >= 0 < 1.3.3-2 | 1.3.3-2 |
| mit | krb5 | >= 0 < 1.3.3-2 | 1.3.3-2 |
| sgi | propack | — | — |
| sgi | propack | — | — |
| sun | seam | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gmh3-2x3j-5mm2: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1
ghsa_unreviewed·2022-05-03
CVE-2004-0523 [HIGH] GHSA-gmh3-2x3j-5mm2: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
OSV
CVE-2004-0523: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1
osv·2004-08-18·CVSS 10.0
CVE-2004-0523 [CRITICAL] CVE-2004-0523: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
Red Hat
security flaw
vendor_redhat·2004-06-01·CVSS 10.0
CVE-2004-0523 [CRITICAL] security flaw
security flaw
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
Debian
CVE-2004-0523: krb5 - Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1...
vendor_debian·2004·CVSS 10.0
CVE-2004-0523 [CRITICAL] CVE-2004-0523: krb5 - Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1...
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
Scope: local
bookworm: resolved (fixed in 1.3.3-2)
bullseye: resolved (fixed in 1.3.3-2)
forky: resolved (fixed in 1.3.3-2)
sid: resolved (fixed in 1.3.3-2)
trixie: resolved (fixed in 1.3.3-2)
No detection rules found.
No public exploits indexed.
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.ascftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860http://lwn.net/Articles/88206/http://marc.info/?l=bugtraq&m=108612325909496&w=2http://marc.info/?l=bugtraq&m=108619161815320&w=2http://marc.info/?l=bugtraq&m=108619250923790&w=2http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1http://www.debian.org/security/2004/dsa-520http://www.gentoo.org/security/en/glsa/glsa-200406-21.xmlhttp://www.kb.cert.org/vuls/id/686862http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056http://www.redhat.com/support/errata/RHSA-2004-236.htmlhttp://www.securityfocus.com/bid/10448https://exchange.xforce.ibmcloud.com/vulnerabilities/16268https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.ascftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860http://lwn.net/Articles/88206/http://marc.info/?l=bugtraq&m=108612325909496&w=2http://marc.info/?l=bugtraq&m=108619161815320&w=2http://marc.info/?l=bugtraq&m=108619250923790&w=2http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1http://www.debian.org/security/2004/dsa-520http://www.gentoo.org/security/en/glsa/glsa-200406-21.xmlhttp://www.kb.cert.org/vuls/id/686862http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056http://www.redhat.com/support/errata/RHSA-2004-236.htmlhttp://www.securityfocus.com/bid/10448https://exchange.xforce.ibmcloud.com/vulnerabilities/16268https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991
2004-08-18
Published