CVE-2004-1189

by Fred · 31/12/2004

The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy’s history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.

Date published : 2004-12-31

http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

CVE-2004-1189

Related

Recent Posts

Categories

Latest CWE

CVE-2004-1189

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE