FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0bb7677d-52f3-11d9-a9e7-0001020eed82krb5 -- heap buffer overflow vulnerability in libkadm5srv

A MIT krb5 Security Advisory reports:

The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host. The overflow occurs during a password change of a principal with a certain password history state. An administrator must have performed a certain password policy change in order to create the vulnerable state.

An authenticated user, not necessarily one with administrative privileges, could execute arbitrary code on the KDC host, compromising an entire Kerberos realm.


Discovery 2004-12-06
Entry 2004-12-21
krb5
krb5-beta
< 1.3.6

CVE-2004-1189
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txt