FreeBSD : heimdal kadmind remote heap buffer overflow (446dbecb-9edc-11d8-9366-0020ed76ef5a)

critical Nessus Plugin ID 36947

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

An input validation error was discovered in the kadmind code that handles the framing of Kerberos 4 compatibility administration requests. The code assumed that the length given in the framing was always two or more bytes. Smaller lengths will cause kadmind to read an arbitrary amount of data into a minimally-sized buffer on the heap.

A remote attacker may send a specially formatted message to kadmind, causing it to crash or possibly resulting in arbitrary code execution.

The kadmind daemon is part of Kerberos 5 support. However, this bug will only be present if kadmind was built with additional Kerberos 4 support. Thus, only systems that have *both* Heimdal Kerberos 5 and Kerberos 4 installed might be affected.

NOTE: On FreeBSD 4 systems, `kadmind' may be installed as `k5admind'.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?4b076a3b

Plugin Details

Severity: Critical

ID: 36947

File Name: freebsd_pkg_446dbecb9edc11d893660020ed76ef5a.nasl

Version: 1.11

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:heimdal, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/5/2004

Vulnerability Publication Date: 5/5/2004

Reference Information

CVE: CVE-2004-0434

FreeBSD: SA-04:09.kadmind