CVE-2004-1189
published 2004-12-31CVE-2004-1189: The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track…
PriorityP428high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.73%
49.8th percentile
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.3.6-1 (bookworm) | krb5 1.3.6-1 (bookworm) |
| mit | kerberos_5 | <= 1.3.5 | — |
| mit | krb5 | >= 0 < 1.3.6-1 | 1.3.6-1 |
| mit | krb5 | >= 0 < 1.3.6-1 | 1.3.6-1 |
| mit | krb5 | >= 0 < 1.3.6-1 | 1.3.6-1 |
| mit | krb5 | >= 0 < 1.3.6-1 | 1.3.6-1 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MIT Kerberos server vulnerability
vendor_ubuntu·2005-01-10
CVE-2004-1189 MIT Kerberos server vulnerability
Title: MIT Kerberos server vulnerability
Summary: MIT Kerberos server vulnerability
Michael Tautschnig discovered a possible buffer overflow in the
add_to_history() function in the MIT Kerberos 5 implementation.
Performing a password change did not properly track the password
policy's history count and the maximum number of keys. This could
cause an array overflow and may have allowed authenticated users (not
necessarily one with administrative privileges) to execute arbitrary
code on the KDC host, compromising an entire Kerberos realm.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2004-12-21·CVSS 7.2
CVE-2004-1189 [HIGH] security flaw
security flaw
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
Debian
CVE-2004-1189: krb5 - The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5...
vendor_debian·2004·CVSS 7.2
CVE-2004-1189 [HIGH] CVE-2004-1189: krb5 - The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5...
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 1.3.6-1)
bullseye: resolved (fixed in 1.3.6-1)
forky: resolved (fixed in 1.3.6-1)
sid: resolved (fixed in 1.3.6-1)
trixie: resolved (fixed in 1.3.6-1)
GHSA
GHSA-jq9g-4vpq-449j: The add_to_history function in svr_principal
ghsa_unreviewed·2022-04-29
CVE-2004-1189 [HIGH] CWE-787 GHSA-jq9g-4vpq-449j: The add_to_history function in svr_principal
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
OSV
CVE-2004-1189: The add_to_history function in svr_principal
osv·2004-12-31·CVSS 7.2
CVE-2004-1189 [HIGH] CVE-2004-1189: The add_to_history function in svr_principal
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000917http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlhttp://marc.info/?l=bugtraq&m=110358420909358&w=2http://marc.info/?l=bugtraq&m=110548298407590&w=2http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2004:156http://www.redhat.com/support/errata/RHSA-2005-012.htmlhttp://www.redhat.com/support/errata/RHSA-2005-045.htmlhttp://www.trustix.org/errata/2004/0069https://exchange.xforce.ibmcloud.com/vulnerabilities/18621https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11911http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000917http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlhttp://marc.info/?l=bugtraq&m=110358420909358&w=2http://marc.info/?l=bugtraq&m=110548298407590&w=2http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2004:156http://www.redhat.com/support/errata/RHSA-2005-012.htmlhttp://www.redhat.com/support/errata/RHSA-2005-045.htmlhttp://www.trustix.org/errata/2004/0069https://exchange.xforce.ibmcloud.com/vulnerabilities/18621https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11911
2004-12-31
Published