First published: Fri Oct 25 2002(Updated: )
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MIT Kerberos 5 | >=1.0<=1.2.6 | |
Kth Kth Kerberos 4 | <1.2.1 | |
Kth Kth Kerberos 5 | <0.5.1 | |
Debian Debian Linux | =3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.