Page 2 of 16 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. • https://security.netapp.com/advisory/ntap-20230505-0010 https://www.kb.cert.org/vuls/id/730793 • CWE-476: NULL Pointer Dereference •

CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. En el lado del cliente de Heimdal anterior de la versión 7.6.0, el fallo en la comprobación anónima del intercambio de claves PKINIT PA-PKINIT-KX permite un ataque de tipo man-in-the-middle. Este problema está en krb5_init_creds_step en lib/krb5/init_creds_pw.c. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf https://github.com/heimdal/heimdal/compare/3e58559...bbafe72 https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0 https:/&# •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. Se encontró un fallo en la implementación de Heimdal KDC de samba, versiones 4.8.x hasta 4.8.12 excluyéndola, versiones 4.9.x hasta 4.9.8 excluyéndola, y versiones 4.10.x hasta 4.10.3 excluyéndola, cuando es usado en modo AD DC . Un atacante de tipo man in the middle podría usar este fallo para interceptar la petición al KDC y reemplazar el nombre de usuario (principal) en la petición con cualquier nombre de usuario (principal) deseado que exista en el KDC obteniendo efectivamente un ticket para este principal. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860 https://seclists.org/bugtraq/2019/Aug/21 https://seclists.org/bugtraq/2019/Aug/22 https://seclists.org/bugtraq/2019/Aug/23 https://seclists.org/bugtr • CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 7.5EPSS: 66%CPEs: 2EXPL: 0

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. En Heimdal hasta la versión 7.4 atacantes remotos no autenticados pueden provocar el cierre inesperado del KDC enviando un paquete UDP manipulado que contenga campos de datos vacíos para el nombre del cliente o para el realm. En ese caso, el analizador sintáctico desreferenciará punteros NULL incondicionalmente, lo que dará lugar a un fallo de segmentación. • http://h5l.org/advisories.html?show=2017-12-08 http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144 https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887 https://github.com/heimdal/heimdal/issues/353 https://www.debian.org/security/2017/dsa-4055 • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. El código de validación de ruta de tránsito en Heimdal en versiones anteriores a la 7.3 podría permitir que atacantes omitan el mecanismo de protección de política capath aprovechándose del error a la hora de añadir el dominio de salto anterior a la ruta de tránsito de tickets emitidos. • http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html http://www.h5l.org/advisories.html?show=2017-04-13 https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0 • CWE-295: Improper Certificate Validation •