CVE-2007-5939
https://notcve.org/view.php?id=CVE-2007-5939
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect. La función gss_userok de appl/ftp/ftpd/gss_userok.c en Heimdal 0.7.2 no reserva memoria para el puntero ticketfile antes de llamar a la función free, lo cual permite a atacantes remotos tener impacto desconocido mediante un nombre de usuario inválido. NOTA: la vulnerabilidad fue originalmente reportada para ftpd.c, pero esto es incorrecto. • http://bugs.gentoo.org/show_bug.cgi?id=199207 http://marc.info/?l=full-disclosure&m=119704362903699&w=2 http://osvdb.org/44750 http://securitytracker.com/id?1019057 http://www.mandriva.com/security/advisories?name=MDKSA-2007:239 http://www.securityfocus.com/bid/26758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-3083
https://notcve.org/view.php?id=CVE-2006-3083
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. Las aplicaciones (1) krshd y (2) v4rcp en MIT Kerberos 5 (krb5) hasta 1.5, y 1.4.x anteriores a 1.4.4, cuando se ejecutan en Linux y AIX, no comprueban los códigos de retorno de llamadas 'setuid', lo que permite a usuarios locales fallar en soltar privilegios usando ataques como consumición de recursos. • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt http://secunia.com/advisories/21402 http://secunia.com/advisories/21423 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21441 http://secunia.com/advisories/21456 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/21847 http:& • CWE-399: Resource Management Errors •
CVE-2006-3084
https://notcve.org/view.php?id=CVE-2006-3084
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. Los programas (1) ftpd y (2) ksu en MIT Kerberos 5 (krb5) actualizado a 1.5, y 1.4.X anterior a 1.4.4, no valida el código de retorno para las llamadas setuid, lo cual permite a un usuario local ganar privilegios provocando fallos del setuid para subir privilegios. NOTA: con en 20060808, no se conoce si existe un panorama explotable para estas ediciones. • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt http://fedoranews.org/cms/node/2376 http://secunia.com/advisories/21402 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/23707 http://security.gentoo.org/glsa/glsa-200608-21.xml http://securitytracker.c • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-0677
https://notcve.org/view.php?id=CVE-2006-0677
telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. • http://secunia.com/advisories/18894 http://secunia.com/advisories/18961 http://secunia.com/advisories/19005 http://securityreason.com/securityalert/449 http://www.debian.org/security/2006/dsa-977 http://www.osvdb.org/23244 http://www.securityfocus.com/archive/1/426043/100/0/threaded http://www.securityfocus.com/bid/16676 http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html http://www.ubuntu.com/usn/usn-253-1 http://www.vupen.com/english/advisori •
CVE-2006-0582
https://notcve.org/view.php?id=CVE-2006-0582
Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors. Vulnerabilidad no especificada en Heimdal 0.6.x anteriores a 0.6.6 y 0.7.x anteriores a 0.7.2 cuando se almacenan credenciales remitidos, permite a atacantes sobreescribir ficheros de su elección y cambiar la propiedad de los ficheros mediante vectores desconocidos. • http://secunia.com/advisories/18733 http://secunia.com/advisories/18806 http://secunia.com/advisories/18894 http://secunia.com/advisories/19005 http://secunia.com/advisories/19302 http://securitytracker.com/id?1015591 http://www.debian.org/security/2006/dsa-977 http://www.gentoo.org/security/en/glsa/glsa-200603-14.xml http://www.osvdb.org/22986 http://www.pdc.kth.se/heimdal/advisory/2006-02-06 http://www.securityfocus.com/archive/1/426043/100/0/threaded http: •