CVE-2004-0434
CVSS10.0
发布时间 :2004-07-07 00:00:00
修订时间 :2016-10-17 22:45:24
NMCOPS    

[原文]k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.


[CNNVD]Heimdal K5AdminD远程堆缓冲区溢出漏洞(CNNVD-200407-011)

        
        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。Heimdal是Kerberos 5网络验证协议的实现。Kerberos administration daemon(一般成为k5admind(8))处理密码更改和其他修改Kerberos数据库请求。
        k5admind代码中验证kerberos 4网络通信包存在一个输入验证错误,远程攻击者可以利用这个漏洞对守护程序进行基于堆的溢出,可能以进程权限在系统上执行任意指令。
        k5admind处理Kerberos 4的framing兼容管理请求的部分代码存在输入验证错误,代码假定framing中的长度肯定为两或多字节,设置过小的长度值可引起k5admind读取过多的数据到最小长度的缓冲区中,而导致堆发生溢出,精心构建提交数据可能以进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0434
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0434
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-011
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-04:09
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html
(UNKNOWN)  FULLDISC  20040506 Advisory: Heimdal kadmind version4 remote heap overflow
http://marc.info/?l=bugtraq&m=108386148126457&w=2
(UNKNOWN)  BUGTRAQ  20040505 Advisory: Heimdal kadmind version4 remote heap overflow
http://security.gentoo.org/glsa/glsa-200405-23.xml
(UNKNOWN)  GENTOO  GLSA-200405-23
http://www.debian.org/security/2004/dsa-504
(VENDOR_ADVISORY)  DEBIAN  DSA-504
http://xforce.iss.net/xforce/xfdb/16071
(VENDOR_ADVISORY)  XF  heimdal-kadmind-bo(16071)

- 漏洞信息

Heimdal K5AdminD远程堆缓冲区溢出漏洞
危急 输入验证
2004-07-07 00:00:00 2005-10-20 00:00:00
远程  
        
        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。Heimdal是Kerberos 5网络验证协议的实现。Kerberos administration daemon(一般成为k5admind(8))处理密码更改和其他修改Kerberos数据库请求。
        k5admind代码中验证kerberos 4网络通信包存在一个输入验证错误,远程攻击者可以利用这个漏洞对守护程序进行基于堆的溢出,可能以进程权限在系统上执行任意指令。
        k5admind处理Kerberos 4的framing兼容管理请求的部分代码存在输入验证错误,代码假定framing中的长度肯定为两或多字节,设置过小的长度值可引起k5admind读取过多的数据到最小长度的缓冲区中,而导致堆发生溢出,精心构建提交数据可能以进程权限在系统上执行任意指令。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 以'--no-kerberos4'选项标记运行守护进程。
        厂商补丁:
        FreeBSD
        -------
        FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-04:09)以及相应补丁:
        FreeBSD-SA-04:09:heimdal kadmind remote heap buffer overflow
        链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc
        补丁下载:
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:09/kadmind.patch
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:09/kadmind.patch.asc

- 漏洞信息 (F33257)

heimdal.txt (PacketStormID:F33257)
2004-05-07 00:00:00
Evgeny Demidov  
advisory,remote,overflow
CVE-2004-0434
[点击下载]

Heimdal releases prior to 0.6.2 with kadmind version4 have been found vulnerable to a remote pre-auth heap overflow.

Name:          Heimdal kadmind version4 remote heap 
overflow
Date:          6 May 2004
CVE candidate: CAN-2004-0434
Author:        Evgeny Demidov

Description:

There exists a remote preauth heap overflow vulnerability 
in Heimdal kadmind version4 support.
All versions of Heimdal including 0.6.1 are known to be 
vulnerable.

Its recommended to disable Kerberos 4 support by runing 
kadmind with --no-kerberos4 option.

Fix:

FreeBSD has issued an advisory:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc

Latest Heimdal snapshot also fixes the problem.

History:

The vulnerability has been discovered several months ago 
by Evgeny Demidov during Heimdal source code audit.

The details of the vulnerability has been made availabe to 
VulnDisco clients two weeks ago.

Thanks:

Heimdal development team has been ready with a patch in a 
couple of hours after initial contact.
    

- 漏洞信息

5889
Heimdal kadmind Kerberos 4 Heap Overflow
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

A remote overflow exists in kadmind. The product fails to properly handle malformed kerberos 4 communication packets resulting in a heap overflow. With a specially crafted request, an attacker can cause remote code to be executed resulting in a loss of integrity.

- 时间线

2004-05-06 2004-05-05
Unknow Unknow

- 解决方案

FreeBSD has released advisory FreeBSD-SA-04:09 and a patch to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Disable Kerberos 4 support in the daemon by using the --no-kerberos4 option flag.

- 相关参考

- 漏洞作者

- 漏洞信息

Heimdal K5AdminD Remote Heap Buffer Overflow
Input Validation Error 10288
Yes No
2004-05-05 12:00:00 2009-07-12 04:07:00
Discovery of this issue is credited to Evgeny Demidov <demidov@gleg.net>.

- 受影响的程序版本

KTH Heimdal 0.6.1
KTH Heimdal 0.6 .0
KTH Heimdal 0.5.3
KTH Heimdal 0.5.2
KTH Heimdal 0.5.1
+ FreeBSD FreeBSD 5.0
KTH Heimdal 0.5
- Gentoo Linux 1.4 _rc1
- Gentoo Linux 1.2
KTH Heimdal 0.4 e
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
- FreeBSD FreeBSD 4.0
+ S.u.S.E. Linux 8.0
Heimdal Heimdal 0.6.1
Heimdal Heimdal 0.6
Heimdal Heimdal 0.5.3
Heimdal Heimdal 0.5.2
Heimdal Heimdal 0.5.1
Heimdal Heimdal 0.5 .0
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0

- 漏洞讨论

It has been reported that a remote heap overflow vulnerability exists in the k5admind daemon. This issue is due to an input validation error that fails to validate length given in the framing in kerberos 4 network communication packets.

It has been reported that this issue will only affect versions of the daemon that include Kerberos 4 support; If the daemon does not include this compatibility then it is not vulnerable.

The immediate consequences of an attacker will trigger a denial of service condition in the affected server. It might also be possible that this issue could facilitate remote code execution that would take place with the privileges of the affected daemon.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

FreeBSD has released advisory FreeBSD-SA-04:09 and a patch dealing with this issue. Please see the referenced advisory for more information and details on obtaining the patch.

It has been reported that the latest Heimdal snapshot, available from the vendor, resolves this issue. Please see the referenced web site for the vendor for more information and details on obtaining the snapshot.

Debian has released a security advisory (DSA 504-1) dealing with this issue. Please see the referenced advisory for further information and fixes.

Gentoo has released a security advisory (GLSA 200405-23) dealing with this issue. Please see the referenced advisory for further information and fixes. Gentoo users may carry out the following commands to update their computers:

# emerge sync
# emerge -pv ">=app-crypt/heimdal-0.6.2"
# emerge ">=app-crypt/heimdal-0.6.2"


KTH Heimdal 0.4 e

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站