Vulnerability Name:

CVE-2002-1235 (CCN-10430)

Assigned:2002-10-21
Published:2002-10-21
Updated:2020-01-21
Summary:The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-02:40
Buffer overflow in kadmind daemon

Source: NETBSD
Type: Third Party Advisory
NetBSD-SA2002-026

Source: CCN
Type: NetBSD Security Advisory 2002-026
Buffer overflow in kadmind daemon

Source: BUGTRAQ
Type: Third Party Advisory
20021027 KRB5-SORCERER2002-10-27 Security Update

Source: CCN
Type: BugTraq Mailing List, Sun Oct 27 2002 - 17:38:19 CST
KRB5-SORCERER2002-10-27 Security Update

Source: MITRE
Type: CNA
CVE-2002-1235

Source: CONECTIVA
Type: Third Party Advisory
CLA-2002:534

Source: CCN
Type: Conectiva Linux Announcement CLA-2002:534
Buffer overflow vulnerability in the Kerberos 4 administration daemon

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20021028 GLSA: krb5

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20021027 Re: Buffer overflow in kadmind4

Source: CCN
Type: RHSA-2002-242
Updated kerberos packages available

Source: CCN
Type: RHSA-2002-250
krb5 security update

Source: CCN
Type: RHSA-2003-168
Updated kerberos packages fix various vulnerabilities

Source: CCN
Type: MIT Kerberos Web site
Description of kadmind4 Attack Signature

Source: CONFIRM
Type: Vendor Advisory
http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt

Source: CCN
Type: MIT krb5 Security Advisory 2002-002
Buffer overflow in kadmind4

Source: CONFIRM
Type: Vendor Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt

Source: CCN
Type: CERT Advisory CA-2002-29
Buffer Overflow in Kerberos Administration Daemon

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2002-29

Source: CCN
Type: CIAC Information Bulletin N-009
Buffer Overflow in kadmind4

Source: DEBIAN
Type: Third Party Advisory
DSA-183

Source: DEBIAN
Type: Patch, Third Party Advisory
DSA-184

Source: DEBIAN
Type: Third Party Advisory
DSA-185

Source: DEBIAN
Type: DSA-183
krb5 -- buffer overflow

Source: DEBIAN
Type: DSA-184
krb4 -- buffer overflow

Source: DEBIAN
Type: DSA-185
heimdal -- buffer overflow

Source: XF
Type: Third Party Advisory
kerberos-kadmind-bo(10430)

Source: CCN
Type: US-CERT VU#875073
Kerberos administration daemon vulnerable to buffer overflow

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#875073

Source: MANDRAKE
Type: Third Party Advisory
MDKSA-2002:073

Source: CCN
Type: OpenBSD Web site
OpenBSD 3.1 errata

Source: CCN
Type: Heimdal Web site
Heimdal

Source: CONFIRM
Type: Third Party Advisory
http://www.pdc.kth.se/heimdal/

Source: REDHAT
Type: Third Party Advisory
RHSA-2002:242

Source: BID
Type: Patch, Third Party Advisory, VDB Entry, Vendor Advisory
6024

Source: CCN
Type: BID-6024
Multiple Vendor kadmind Remote Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
kerberos-kadmind-bo(10430)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:kth:kth_kerberos_4:*:*:*:*:*:*:*:* (Version < 1.2.1)
  • OR cpe:/a:kth:kth_kerberos_5:*:*:*:*:*:*:*:* (Version < 0.5.1)
  • OR cpe:/a:mit:kerberos_5:*:*:*:*:*:*:*:* (Version >= 1.0 and <= 1.2.6)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:mit:kerberos_5:1.2:-:*:*:*:*:*:*
  • OR cpe:/a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:current:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:185
    V
    		buffer overflow
    2002-10-31
    oval:org.debian:def:184
    V
    		buffer overflow
    2002-10-30
    oval:org.debian:def:183
    V
    		buffer overflow
    2002-10-29
    BACK
    kth kth kerberos 4 *
    kth kth kerberos 5 *
    mit kerberos 5 *
    debian debian linux 3.0
    mit kerberos 5-1.2.2
    mit kerberos 5-1.2
    mit kerberos 5-1.2.1
    mit kerberos 5-1.2.3
    mit kerberos 5-1.2.4
    mit kerberos 5-1.2.5
    mit kerberos 5-1.2.6
    redhat linux 6.2
    debian debian linux 2.2
    redhat linux 7
    netbsd netbsd 1.5
    redhat linux 7.1
    netbsd netbsd 1.5.1
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    openbsd openbsd 3.0
    netbsd netbsd 1.5.2
    mandrakesoft mandrake linux 8.2
    conectiva linux 8.0
    openbsd openbsd 3.1
    redhat linux 7.3
    debian debian linux 3.0
    gentoo linux *
    netbsd netbsd 1.5.3
    netbsd netbsd 1.6
    redhat linux 8.0
    mandrakesoft mandrake linux 9.0
    netbsd netbsd current
    redhat enterprise linux 2.1
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2