CVE-2005-1175 - Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and e

CVE-2005-1175

Summary

Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.

References

Vulnerable Configurations

cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 21-01-2020 - 15:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2007-03-21T16:17:25.886-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Nabil Ouchn
organization Security-Database

description

Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.

family

unix

oval:org.mitre.oval:def:736

status

accepted

submitted

2006-09-22T05:52:00.000-04:00

title

MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability

version

accepted

2013-04-29T04:23:12.197-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:9902

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2005:562
rhsa
id RHSA-2005:567

rpms

krb5-debuginfo-0:1.2.7-47
krb5-devel-0:1.2.7-47
krb5-libs-0:1.2.7-47
krb5-server-0:1.2.7-47
krb5-workstation-0:1.2.7-47
krb5-debuginfo-0:1.3.4-17
krb5-devel-0:1.3.4-17
krb5-libs-0:1.3.4-17
krb5-server-0:1.3.4-17
krb5-workstation-0:1.3.4-17

refmap via4

aixapar	IY85474
apple	APPLE-SA-2005-08-15 APPLE-SA-2005-08-17
bid	14236
bugtraq	20050712 MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC
cert-vn	VU#885830
confirm	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt
debian	DSA-757
sectrack	1014460
secunia	16041 17135 17899 20364
sgi	20050703-01-U
sunalert	101809
suse	SUSE-SR:2005:017
trustix	2005-0036
turbo	TLSA-2005-78
ubuntu	USN-224-1
vupen	ADV-2005-1066 ADV-2006-2074
xf	kerberos-kdc-krb5-udp-tcp-bo(21328)

Last major update

21-01-2020 - 15:45

Published

18-07-2005 - 04:00

Last modified

21-01-2020 - 15:45