NotCVE - vendor:"Heimdal Project" product:"Heimdal" version:" <= 7.4.0"

Page 4 of 23 results (0.004 seconds)

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2006-3083

https://notcve.org/view.php?id=CVE-2006-3083

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. Las aplicaciones (1) krshd y (2) v4rcp en MIT Kerberos 5 (krb5) hasta 1.5, y 1.4.x anteriores a 1.4.4, cuando se ejecutan en Linux y AIX, no comprueban los códigos de retorno de llamadas 'setuid', lo que permite a usuarios locales fallar en soltar privilegios usando ataques como consumición de recursos. • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt http://secunia.com/advisories/21402 http://secunia.com/advisories/21423 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21441 http://secunia.com/advisories/21456 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/21847 http:& • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 13%CPEs: 9EXPL: 0

CVE-2006-0677

https://notcve.org/view.php?id=CVE-2006-0677

telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. • http://secunia.com/advisories/18894 http://secunia.com/advisories/18961 http://secunia.com/advisories/19005 http://securityreason.com/securityalert/449 http://www.debian.org/security/2006/dsa-977 http://www.osvdb.org/23244 http://www.securityfocus.com/archive/1/426043/100/0/threaded http://www.securityfocus.com/bid/16676 http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html http://www.ubuntu.com/usn/usn-253-1 http://www.vupen.com/english/advisori •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2006-0582

https://notcve.org/view.php?id=CVE-2006-0582

Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors. Vulnerabilidad no especificada en Heimdal 0.6.x anteriores a 0.6.6 y 0.7.x anteriores a 0.7.2 cuando se almacenan credenciales remitidos, permite a atacantes sobreescribir ficheros de su elección y cambiar la propiedad de los ficheros mediante vectores desconocidos. • http://secunia.com/advisories/18733 http://secunia.com/advisories/18806 http://secunia.com/advisories/18894 http://secunia.com/advisories/19005 http://secunia.com/advisories/19302 http://securitytracker.com/id?1015591 http://www.debian.org/security/2006/dsa-977 http://www.gentoo.org/security/en/glsa/glsa-200603-14.xml http://www.osvdb.org/22986 http://www.pdc.kth.se/heimdal/advisory/2006-02-06 http://www.securityfocus.com/archive/1/426043/100/0/threaded http: •

CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0

CVE-2004-0434

https://notcve.org/view.php?id=CVE-2004-0434

k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. k5admind (kadmind) de Heimdal permite a atacantes remotos ejecutar código arbitrario mediante una petición de administración de Kerberos 4 con longitud de marco menor de 2, lo que conduce a un desbordameinte de búfer basado en el montón. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html http://marc.info/?l=bugtraq&m=108386148126457&w=2 http://security.gentoo.org/glsa/glsa-200405-23.xml http://www.debian.org/security/2004/dsa-504 https://exchange.xforce.ibmcloud.com/vulnerabilities/16071 • CWE-131: Incorrect Calculation of Buffer Size •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2004-0371

https://notcve.org/view.php?id=CVE-2004-0371

Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. Heimdal 0.6.x anteriores a 0.6.1 y 0.5.x anteriores a 0.5.3 no realiza adecuadamente ciertas comprobaciones de consistencia de peticiones entre reinos, lo que permite a atacantes remotos con control de un reino impersonar a otros en la ruta de confianza entre reinos. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch http://security.gentoo.org/glsa/glsa-200404-09.xml http://www.debian.org/security/2004/dsa-476 http://www.pdc.kth.se/heimdal/advisory/2004-04-01 https://exchange.xforce.ibmcloud.com/vulnerabilities/15701 •

1 2 3 4 5