CVE-2004-0523

Published: Aug 18, 2004Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

Affected (31)

Products: Mit: Kerberos, Kerberos 5 · Sgi: Propack · Sun: Seam, Solaris, Sunos · +1 more

Show all products

Mit: Kerberos, Kerberos 5 · Sgi: Propack · Sun: Seam, Solaris, Sunos · Tinysofa: Tinysofa Enterprise Server

2 products

1 product

3 products

1 product

Tinysofa Enterprise Server

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Mit Kerberos	Version 1.0.8
Mit Kerberos	Version 1.0
Mit Kerberos	Version 1.2.2.beta1
Mit Kerberos 5	Version 1.0.6
Mit Kerberos 5	Version 1.0
Mit Kerberos 5	Version 1.1.1
Mit Kerberos 5	Version 1.1
Mit Kerberos 5	Version 1.2.1
Mit Kerberos 5	Version 1.2.2
Mit Kerberos 5	Version 1.2.3
Mit Kerberos 5	Version 1.2.4
Mit Kerberos 5	Version 1.2.5
Mit Kerberos 5	Version 1.2.6
Mit Kerberos 5	Version 1.2.7
Mit Kerberos 5	Version 1.2
Mit Kerberos 5	Version 1.2 beta1
Mit Kerberos 5	Version 1.2 beta2
Mit Kerberos 5	Version 1.3.3
Mit Kerberos 5	Version 1.3
Mit Kerberos 5	Version 1.3 alpha1
Sgi Propack	Version 2.4
Sgi Propack	Version 3.0
Sun Seam	Version 1.0.1
Sun Seam	Version 1.0.2
Sun Seam	Version 1.0
Tinysofa Tinysofa Enterprise Server	Version 1.0
Tinysofa Tinysofa Enterprise Server	Version 1.0_u1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Sun Solaris	Version 8.0
Sun Solaris	Version 9.0
Sun Solaris	Version 9.0
Sun Sunos	Version 5.8

References (38)

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc (unsafe URL)

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc (unsafe URL)

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860

Source: cve@mitre.org

http://lwn.net/Articles/88206/

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108612325909496&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108619161815320&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108619250923790&w=2

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-520

Source: cve@mitre.org

PatchVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/686862

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-236.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/10448

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/16268

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860

Source: af854a3a-2127-422b-91ae-364da2661108

http://lwn.net/Articles/88206/

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=108612325909496&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=108619161815320&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=108619250923790&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-520

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/686862

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-236.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/10448

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/16268

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.