CVSS: 10.0EPSS: 92%CPEs: 21EXPL: 8CVE-2011-4862 – FreeBSD - Telnet Service Encryption Key ID Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-4862
25 Dec 2011 — Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v... • https://packetstorm.news/files/id/180955 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-5939
https://notcve.org/view.php?id=CVE-2007-5939
06 Dec 2007 — The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect. La función gss_userok de appl/ftp/ftpd/gss_userok.c en Heimdal 0.7.2 no reserva memoria para el puntero ticketfile antes de llamar a la función free, lo cual permite a atacantes remotos tener impacto desc... • http://bugs.gentoo.org/show_bug.cgi?id=199207 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2006-3083
https://notcve.org/view.php?id=CVE-2006-3083
09 Aug 2006 — The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. Las aplicaciones (1) krshd y (2) v4rcp en MIT Kerberos 5 (krb5) hasta 1.5, y 1.4.x anteriores a 1.4.4, cuando se ejecutan en Linux y AIX, no comprueban los códigos d... • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2006-3084
https://notcve.org/view.php?id=CVE-2006-3084
09 Aug 2006 — The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. Los programas (1) ftpd y (2) ksu en MIT Kerberos 5 (krb5) actualizado a 1.5, y 1.4.X anterior a 1.4.4, no valida el código de retorno para... • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 7%CPEs: 9EXPL: 0CVE-2006-0677
https://notcve.org/view.php?id=CVE-2006-0677
14 Feb 2006 — telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. • http://secunia.com/advisories/18894 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2006-0582
https://notcve.org/view.php?id=CVE-2006-0582
08 Feb 2006 — Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors. Vulnerabilidad no especificada en Heimdal 0.6.x anteriores a 0.6.6 y 0.7.x anteriores a 0.7.2 cuando se almacenan credenciales remitidos, permite a atacantes sobreescribir ficheros de su elección y cambiar la propiedad de los ficheros mediante vectores desconocidos. • http://secunia.com/advisories/18733 •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 0CVE-2004-0434
https://notcve.org/view.php?id=CVE-2004-0434
12 May 2004 — k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. k5admind (kadmind) de Heimdal permite a atacantes remotos ejecutar código arbitrario mediante una petición de administración de Kerberos 4 con longitud de marco menor de 2, lo que conduce a un desbordameinte de búfer basado en el montón. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2004-0371
https://notcve.org/view.php?id=CVE-2004-0371
06 Apr 2004 — Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. Heimdal 0.6.x anteriores a 0.6.1 y 0.5.x anteriores a 0.5.3 no realiza adecuadamente ciertas comprobaciones de consistencia de peticiones entre reinos, lo que permite a atacantes remotos con control de un reino impersonar a otros en la ruta de confianza entre reinos. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2002-1225
https://notcve.org/view.php?id=CVE-2002-1225
21 Oct 2002 — Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access. • http://marc.info/?l=bugtraq&m=103341355708817&w=2 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2002-1226
https://notcve.org/view.php?id=CVE-2002-1226
21 Oct 2002 — Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225). • http://marc.info/?l=bugtraq&m=103341355708817&w=2 •