Page 3 of 16 results (0.010 seconds)

CVSS: 8.1EPSS: 4%CPEs: 10EXPL: 0

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. Heimdal en versiones anteriores a la 7.4 permite que atacantes remotos suplanten servicios con ataques Orpheus' Lyre ya que obtiene nombres de servicios principales, de manera que viola la especificación del protocolo Kerberos 5. • http://www.debian.org/security/2017/dsa-3912 http://www.h5l.org/advisories.html?show=2017-07-11 http://www.securityfocus.com/bid/99551 http://www.securitytracker.com/id/1038876 http://www.securitytracker.com/id/1039427 https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0 https://support.apple.com/HT208112 https://support.apple.com/HT208144 https://support.apple.com/HT208221 https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc https://ww • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 10.0EPSS: 96%CPEs: 21EXPL: 6

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v1.0.2 y anteriores, y Heimdal v1.5.1 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una clave de cifrado larga, como fue explotado en Diciembre 2011. Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd). • https://www.exploit-db.com/exploits/18369 https://www.exploit-db.com/exploits/18368 https://www.exploit-db.com/exploits/18280 https://github.com/hdbreaker/GO-CVE-2011-4862 https://github.com/kpawar2410/CVE-2011-4862 http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html http://lists.fedoraproject.org/p • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect. La función gss_userok de appl/ftp/ftpd/gss_userok.c en Heimdal 0.7.2 no reserva memoria para el puntero ticketfile antes de llamar a la función free, lo cual permite a atacantes remotos tener impacto desconocido mediante un nombre de usuario inválido. NOTA: la vulnerabilidad fue originalmente reportada para ftpd.c, pero esto es incorrecto. • http://bugs.gentoo.org/show_bug.cgi?id=199207 http://marc.info/?l=full-disclosure&m=119704362903699&w=2 http://osvdb.org/44750 http://securitytracker.com/id?1019057 http://www.mandriva.com/security/advisories?name=MDKSA-2007:239 http://www.securityfocus.com/bid/26758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. Las aplicaciones (1) krshd y (2) v4rcp en MIT Kerberos 5 (krb5) hasta 1.5, y 1.4.x anteriores a 1.4.4, cuando se ejecutan en Linux y AIX, no comprueban los códigos de retorno de llamadas 'setuid', lo que permite a usuarios locales fallar en soltar privilegios usando ataques como consumición de recursos. • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt http://secunia.com/advisories/21402 http://secunia.com/advisories/21423 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21441 http://secunia.com/advisories/21456 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/21847 http:& • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. Los programas (1) ftpd y (2) ksu en MIT Kerberos 5 (krb5) actualizado a 1.5, y 1.4.X anterior a 1.4.4, no valida el código de retorno para las llamadas setuid, lo cual permite a un usuario local ganar privilegios provocando fallos del setuid para subir privilegios. NOTA: con en 20060808, no se conoce si existe un panorama explotable para estas ediciones. • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt http://fedoranews.org/cms/node/2376 http://secunia.com/advisories/21402 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/23707 http://security.gentoo.org/glsa/glsa-200608-21.xml http://securitytracker.c • CWE-264: Permissions, Privileges, and Access Controls •