CVE-2002-1235
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
La función kadm_ser en el demonio de administración de compatibildad de Kerberos v4 (kadmind4) en el MIT Kerberos 5 (krb5) krb5-1.2.6 y anteriores kadmind en KTH Kerberos 4 (eBones) anteriores a 1.2.1, y kadmind en KTH Kerberos 5 (Heimdal) anteriores a 0.5.1 compilados con soporte de Kerberos 4, no verifica adecuadamente la longitud de un campo de petición, lo que permite a atacantes remotos ejecutar código arbitrario mediante un ataque de desbordamiento de búfer.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2002-10-24 CVE Reserved
- 2002-10-25 CVE Published
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html | Mailing List | |
| http://marc.info/?l=bugtraq&m=103539530729206&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=103564944215101&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=103582517126392&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=103582805330339&w=2 | Mailing List | |
| http://www.iss.net/security_center/static/10430.php | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/875073 | Third Party Advisory |
|
| http://www.pdc.kth.se/heimdal | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-29.html | 2020-01-21 | |
| http://www.debian.org/security/2002/dsa-184 | 2020-01-21 | |
| http://www.securityfocus.com/bid/6024 | 2020-01-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kth Search vendor "Kth" | Kth Kerberos 4 Search vendor "Kth" for product "Kth Kerberos 4" | < 1.2.1 Search vendor "Kth" for product "Kth Kerberos 4" and version " < 1.2.1" | - |
Affected
| ||||||
| Kth Search vendor "Kth" | Kth Kerberos 5 Search vendor "Kth" for product "Kth Kerberos 5" | < 0.5.1 Search vendor "Kth" for product "Kth Kerberos 5" and version " < 0.5.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | >= 1.0 <= 1.2.6 Search vendor "Mit" for product "Kerberos 5" and version " >= 1.0 <= 1.2.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | - |
Affected
| ||||||