Page 3 of 13 results (0.029 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. El código de validación de ruta de tránsito en Heimdal en versiones anteriores a la 7.3 podría permitir que atacantes omitan el mecanismo de protección de política capath aprovechándose del error a la hora de añadir el dominio de salto anterior a la ruta de tránsito de tickets emitidos. • http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html http://www.h5l.org/advisories.html?show=2017-04-13 https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0 • CWE-295: Improper Certificate Validation •

CVSS: 8.1EPSS: 4%CPEs: 10EXPL: 0

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. Heimdal en versiones anteriores a la 7.4 permite que atacantes remotos suplanten servicios con ataques Orpheus' Lyre ya que obtiene nombres de servicios principales, de manera que viola la especificación del protocolo Kerberos 5. • http://www.debian.org/security/2017/dsa-3912 http://www.h5l.org/advisories.html?show=2017-07-11 http://www.securityfocus.com/bid/99551 http://www.securitytracker.com/id/1038876 http://www.securitytracker.com/id/1039427 https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0 https://support.apple.com/HT208112 https://support.apple.com/HT208144 https://support.apple.com/HT208221 https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc https://ww • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 10.0EPSS: 96%CPEs: 21EXPL: 6

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v1.0.2 y anteriores, y Heimdal v1.5.1 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una clave de cifrado larga, como fue explotado en Diciembre 2011. Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd). • https://www.exploit-db.com/exploits/18369 https://www.exploit-db.com/exploits/18368 https://www.exploit-db.com/exploits/18280 https://github.com/hdbreaker/GO-CVE-2011-4862 https://github.com/kpawar2410/CVE-2011-4862 http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html http://lists.fedoraproject.org/p • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •