MidnightBSD

Advisories for kth

CVE-1999-1099 MEDIUM

Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth kth_kerberos 4
CVE-2001-0033 HIGH

KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd 1.5
kth kth_kerberos 4
CVE-2001-0034 HIGH

KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth kth_kerberos *
CVE-2001-0035 HIGH

Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth kth_kerberos 4
CVE-2001-0036 LOW

KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth kth_kerberos 4
CVE-2001-1443 MEDIUM

KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth kth_kerberos 5
kth kth_kerberos 4
CVE-2001-1444 HIGH

The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth kth_kerberos 5
kth kth_kerberos 4
CVE-2002-0600 HIGH

Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth kth_kerberos 4_1.0.4
luke_mewburn lukemftp 1.5
kth kth_kerberos 4_1.1.1
kth kth_kerberos 4_1.0.2
kth kth_kerberos 4_1.0.3
CVE-2002-0754 HIGH

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.2
freebsd freebsd 4.1
kth heimdal 0.4e
freebsd freebsd 4.0
freebsd heimdal 0.4e
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.1.1
CVE-2002-1225 HIGH

Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth heimdal 0.4a
kth heimdal 0.4c
kth heimdal 0.4d
kth heimdal 0.4e
kth heimdal 0.4b
kth heimdal 0.3e
CVE-2002-1226 HIGH

Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth heimdal 0.4a
kth heimdal 0.4c
kth heimdal 0.4d
kth heimdal 0.4e
kth heimdal 0.4b
kth heimdal 0.3e
CVE-2002-1235 HIGH

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mit kerberos_5 *
kth kth_kerberos_5 *
kth kth_kerberos_4 *
debian debian_linux 3.0
CVE-2004-0371 MEDIUM

Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth heimdal 0.4a
kth heimdal 0.5.1
kth heimdal 0.4c
kth heimdal 0.4d
kth heimdal 0.4e
kth heimdal 0.5
kth heimdal 0.4b
kth heimdal 0.5.2
kth heimdal 0.6.0
CVE-2006-0582 LOW

Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
kth heimdal 0.6.3
kth heimdal 0.6.1
kth heimdal 0.7.1.1
kth heimdal 0.6.2
kth heimdal 0.6.5
kth heimdal 0.6.4
kth heimdal 0.7.1.3
kth heimdal 0.7.1
kth heimdal 0.7.1.2
CVE-2006-0677 HIGH

telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kth heimdal 0.6.3
kth heimdal 0.6.1
kth heimdal 0.7.1.1
kth heimdal 0.6.2
kth heimdal 0.6.5
kth heimdal 0.6.4
kth heimdal 0.7.1.3
kth heimdal 0.7.1
kth heimdal 0.7.1.2
CVE-2012-6303 MEDIUM

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
kth snack_sound_toolkit 2.2.10
opensuse opensuse 13.1
kth wavesurfer 1.8.8
opensuse opensuse 13.2