Debian Heimdal vulnerabilities

CVE-2005-0469 [HIGH] CVE-2005-0469: heimdal - Buffer overflow in the slc_add_reply function in various BSD-based Telnet client... Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. Scope: local bookworm: resolved (fixed in 0.6.3-10) bullseye: resolved (fixed in 0.6.3-10) forky: resolved (fixed in 0.6.3-10) sid:

CVE-2004-0434 [CRITICAL] CVE-2004-0434: heimdal - k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code... k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 0.6.2-1) bullseye: resolved (fixed in 0.6.2-1) forky: resolved (fixed in 0.6.2-1) sid: resolved (fixed in 0

CVE-2004-0371 [MEDIUM] CVE-2004-0371: heimdal - Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform cert... Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. Scope: local bookworm: resolved (fixed in 0.6.1-1) bullseye: resolved (fixed in 0.6.1-1) forky: resolved (fixed in 0.6.1-1) sid: res

CVE-2003-0138 [HIGH] CVE-2003-0138: heimdal - Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages... Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. Scope: local bookworm: resolved (fixed in 0.5.2-1) bullseye: resolved (fixed in 0.5.2-1) forky: resolved (fixed in 0.5.2-1) sid: resolved (fixed in 0.5.2-1) trixie: resolved (fixed in 0.5.2-1)

CVE-2002-1235 [CRITICAL] CVE-2002-1235: heimdal - The kadm_ser_in function in (1) the Kerberos v4compatibility administration daem... The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows r

CVE-2002-1225 [CRITICAL] CVE-2002-1225: heimdal - Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmin... Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access. Scope: local bookworm: resolved (fixed in 0.4e-21) bullseye: resolved (fixed in 0.4e-21) forky: resolved (fixed in 0.4e-21) sid: resolved (fixed in 0.4e-21) trixie: resolved (fixed in 0.4e-21)

CVE-2002-1226 [CRITICAL] CVE-2002-1226: heimdal - Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in t... Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225). Scope: local bookworm: resolved (fixed in 0.4e-21) bullseye: resolved (fixed in 0.4e-21) forky: resolved (fixed in 0.4e-21) sid: resolved