CVE-2004-0644
published 2004-09-28CVE-2004-0644: The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
5.58%
91.9th percentile
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.3.4-3 (bookworm) | krb5 1.3.4-3 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.3.4-3 | 1.3.4-3 |
| mit | krb5 | >= 0 < 1.3.4-3 | 1.3.4-3 |
| mit | krb5 | >= 0 < 1.3.4-3 | 1.3.4-3 |
| mit | krb5 | >= 0 < 1.3.4-3 | 1.3.4-3 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Vulnerabilities in Kerberos 5 Implementation
vendor_cisco·2004-08-31
CVE-2004-0642 Vulnerabilities in Kerberos 5 Implementation
Vulnerabilities in Kerberos 5 Implementation
Two vulnerabilities in the
Massachusetts Institute
of Technology (MIT) Kerberos 5
implementation that affect Cisco VPN 3000
Series Concentrators have been announced by the MIT Kerberos Team.
Cisco VPN 3000 Series Concentrators authenticating users against a
Kerberos Key Distribution Center (KDC) may be vulnerable to remote code
execution and to Denial of Service (DoS) attacks. Cisco has made free software
available to address these problems.
Cisco VPN 3000 Series Concentrators not authenticating users against a
Kerberos Key Distribution Center (KDC) are not impacted.
No exploitations of these vulnerabilities have been reported.
This advisory is available at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa
Red Hat
security flaw
vendor_redhat·2004-08-31·CVSS 5.0
CVE-2004-0644 [MEDIUM] security flaw
security flaw
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
Debian
CVE-2004-0644: krb5 - The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (k...
vendor_debian·2004·CVSS 5.0
CVE-2004-0644 [MEDIUM] CVE-2004-0644: krb5 - The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (k...
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
Scope: local
bookworm: resolved (fixed in 1.3.4-3)
bullseye: resolved (fixed in 1.3.4-3)
forky: resolved (fixed in 1.3.4-3)
sid: resolved (fixed in 1.3.4-3)
trixie: resolved (fixed in 1.3.4-3)
Cisco
Vulnerabilities in Kerberos 5 Implementation
vendor_cisco
CVE-2004-0644 Vulnerabilities in Kerberos 5 Implementation
CVE-2004-0644: Vulnerabilities in Kerberos 5 Implementation
Two vulnerabilities in the Massachusetts Institute of Technology (MIT) Kerberos 5 implementation that affect Cisco VPN 3000 Series Concentrators have been announced by the MIT Kerberos Team. Cisco VPN 3000 Series Concentrators authenticating users against a Kerberos Key Distribution Center (KDC) may be vulnerable to remote code execution and to Denial of Service (DoS) attacks. Cisco has made free software available to address these problems. Cisco VPN 3000 Series Concentrators not authenticating users against a Kerberos Key Distribution Center (KDC) are not impacted. No exploitations of these vulnerabilities have been reported. This advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvis
GHSA
GHSA-gh6c-7j72-v6m8: The asn1buf_skiptail function in the ASN
ghsa_unreviewed·2022-04-29
CVE-2004-0644 [MEDIUM] GHSA-gh6c-7j72-v6m8: The asn1buf_skiptail function in the ASN
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
OSV
CVE-2004-0644: The asn1buf_skiptail function in the ASN
osv·2004-09-28·CVSS 5.0
CVE-2004-0644 [MEDIUM] CVE-2004-0644: The asn1buf_skiptail function in the ASN
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
No detection rules found.
No public exploits indexed.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860http://marc.info/?l=bugtraq&m=109508872524753&w=2http://rhn.redhat.com/errata/RHSA-2004-350.htmlhttp://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-003-asn1.txthttp://www.debian.org/security/2004/dsa-543http://www.gentoo.org/security/en/glsa/glsa-200409-09.xmlhttp://www.kb.cert.org/vuls/id/550464http://www.securityfocus.com/bid/11079http://www.trustix.net/errata/2004/0045/http://www.us-cert.gov/cas/techalerts/TA04-247A.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17160https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10014https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2139http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860http://marc.info/?l=bugtraq&m=109508872524753&w=2http://rhn.redhat.com/errata/RHSA-2004-350.htmlhttp://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-003-asn1.txthttp://www.debian.org/security/2004/dsa-543http://www.gentoo.org/security/en/glsa/glsa-200409-09.xmlhttp://www.kb.cert.org/vuls/id/550464http://www.securityfocus.com/bid/11079http://www.trustix.net/errata/2004/0045/http://www.us-cert.gov/cas/techalerts/TA04-247A.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/17160https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10014https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2139
2004-09-28
Published