Vulnerability Name:

CVE-2002-1225 (CCN-10116)

Assigned:2002-09-17
Published:2002-09-17
Updated:2016-10-18
Summary:Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: NetBSD Security Advisory 2002-018
Multiple security isses with kfd daemon

Source: CCN
Type: Gentoo Linux Security Announcement 2002-10-14 15:30 UTC
heimdal

Source: MITRE
Type: CNA
CVE-2002-1225

Source: SUSE
Type: UNKNOWN
SuSE-SA:2002:034

Source: BUGTRAQ
Type: UNKNOWN
20021014 GLSA: heimdal

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-178

Source: DEBIAN
Type: DSA-178
heimdal -- remote command execution

Source: XF
Type: Vendor Advisory
heimdal-kf-kfd-bo(10116)

Source: CCN
Type: OSVDB ID: 4899
Heimdal Kerberos Forwarding Daemon Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 5616
Heimdal Kerberos kadmind Multiple Buffer Overflows

Source: CCN
Type: Heimdal Web site
Heimdal

Source: BID
Type: Patch, Vendor Advisory
5729

Source: CCN
Type: BID-5729
Heimdal Kerberos Forwarding Daemon File Overwriting Vulnerability

Source: CCN
Type: BID-5731
Heimdal Kerberos Forwarding Daemon Zero Terminated String Passing Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
heimdal-kf-kfd-bo(10116)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:kth:heimdal:0.3e:*:*:*:*:*:*:*
  • OR cpe:/a:kth:heimdal:0.4a:*:*:*:*:*:*:*
  • OR cpe:/a:kth:heimdal:0.4b:*:*:*:*:*:*:*
  • OR cpe:/a:kth:heimdal:0.4c:*:*:*:*:*:*:*
  • OR cpe:/a:kth:heimdal:0.4d:*:*:*:*:*:*:*
  • OR cpe:/a:kth:heimdal:0.4e:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:current:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:178
    V
    remote command execution
    2002-10-17
    BACK
    kth heimdal 0.3e
    kth heimdal 0.4a
    kth heimdal 0.4b
    kth heimdal 0.4c
    kth heimdal 0.4d
    kth heimdal 0.4e
    debian debian linux 2.2
    suse suse linux 7.2
    netbsd netbsd 1.5.1
    suse suse linux 7.3
    netbsd netbsd 1.5.2
    suse suse email server iii
    suse suse linux connectivity server *
    suse suse linux 8.0
    debian debian linux 3.0
    suse suse linux office server *
    netbsd netbsd 1.5.3
    netbsd netbsd 1.6
    netbsd netbsd current