| Vulnerability Name: | CVE-2004-0371 (CCN-15701) | ||||||||||||
| Assigned: | 2004-04-01 | ||||||||||||
| Published: | 2004-04-01 | ||||||||||||
| Updated: | 2017-07-11 | ||||||||||||
| Summary: | Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-04:08.heimdal heimdal cross-realm trust vulnerability Source: FREEBSD Type: UNKNOWN FreeBSD-SA-04:08 Source: OPENBSD Type: UNKNOWN 20040530 009: SECURITY FIX: May 30, 2004 Source: MITRE Type: CNA CVE-2004-0371 Source: GENTOO Type: Vendor Advisory GLSA-200404-09 Source: DEBIAN Type: Patch, Vendor Advisory DSA-476 Source: DEBIAN Type: DSA-476 heimdal -- cross-realm Source: CCN Type: GLSA-200404-09 Cross-realm trust vulnerability in Heimdal Source: CCN Type: GLSA 200404-09 Cross-realm trust vulnerability in Heimdal Source: CCN Type: OSVDB ID: 4839 Heimdal Cross-Realm Trust Spoofing Source: CCN Type: Heimdal Web page Heimdal Source: CCN Type: Heimdal Security Advisory 2004-04-01 Cross-realm trust vulnerability in Heimdal Source: CONFIRM Type: UNKNOWN http://www.pdc.kth.se/heimdal/advisory/2004-04-01/ Source: CCN Type: BID-10035 Heimdal Kerberos Cross-Realm Trust Impersonation Vulnerability Source: XF Type: UNKNOWN heimdal-cross-realm-spoofing(15701) Source: XF Type: UNKNOWN heimdal-cross-realm-spoofing(15701) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||