CVE-2011-4862 – FreeBSD - Telnet Service Encryption Key ID Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-4862
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v1.0.2 y anteriores, y Heimdal v1.5.1 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una clave de cifrado larga, como fue explotado en Diciembre 2011. Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd). • https://www.exploit-db.com/exploits/18369 https://www.exploit-db.com/exploits/18368 https://www.exploit-db.com/exploits/18280 https://github.com/hdbreaker/GO-CVE-2011-4862 https://github.com/kpawar2410/CVE-2011-4862 http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html http://lists.fedoraproject.org/p • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2007-5939
https://notcve.org/view.php?id=CVE-2007-5939
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect. La función gss_userok de appl/ftp/ftpd/gss_userok.c en Heimdal 0.7.2 no reserva memoria para el puntero ticketfile antes de llamar a la función free, lo cual permite a atacantes remotos tener impacto desconocido mediante un nombre de usuario inválido. NOTA: la vulnerabilidad fue originalmente reportada para ftpd.c, pero esto es incorrecto. • http://bugs.gentoo.org/show_bug.cgi?id=199207 http://marc.info/?l=full-disclosure&m=119704362903699&w=2 http://osvdb.org/44750 http://securitytracker.com/id?1019057 http://www.mandriva.com/security/advisories?name=MDKSA-2007:239 http://www.securityfocus.com/bid/26758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-3083
https://notcve.org/view.php?id=CVE-2006-3083
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. Las aplicaciones (1) krshd y (2) v4rcp en MIT Kerberos 5 (krb5) hasta 1.5, y 1.4.x anteriores a 1.4.4, cuando se ejecutan en Linux y AIX, no comprueban los códigos de retorno de llamadas 'setuid', lo que permite a usuarios locales fallar en soltar privilegios usando ataques como consumición de recursos. • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt http://secunia.com/advisories/21402 http://secunia.com/advisories/21423 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21441 http://secunia.com/advisories/21456 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/21847 http:& • CWE-399: Resource Management Errors •
CVE-2006-3084
https://notcve.org/view.php?id=CVE-2006-3084
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. Los programas (1) ftpd y (2) ksu en MIT Kerberos 5 (krb5) actualizado a 1.5, y 1.4.X anterior a 1.4.4, no valida el código de retorno para las llamadas setuid, lo cual permite a un usuario local ganar privilegios provocando fallos del setuid para subir privilegios. NOTA: con en 20060808, no se conoce si existe un panorama explotable para estas ediciones. • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt http://fedoranews.org/cms/node/2376 http://secunia.com/advisories/21402 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/23707 http://security.gentoo.org/glsa/glsa-200608-21.xml http://securitytracker.c • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-0677
https://notcve.org/view.php?id=CVE-2006-0677
telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. • http://secunia.com/advisories/18894 http://secunia.com/advisories/18961 http://secunia.com/advisories/19005 http://securityreason.com/securityalert/449 http://www.debian.org/security/2006/dsa-977 http://www.osvdb.org/23244 http://www.securityfocus.com/archive/1/426043/100/0/threaded http://www.securityfocus.com/bid/16676 http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html http://www.ubuntu.com/usn/usn-253-1 http://www.vupen.com/english/advisori •