FreeBSD : heimdal kadmind remote heap buffer overflow (446dbecb-9edc-11d8-9366-0020ed76ef5a)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

An input validation error was discovered in the kadmind code that
handles the framing of Kerberos 4 compatibility administration
requests. The code assumed that the length given in the framing was
always two or more bytes. Smaller lengths will cause kadmind to read
an arbitrary amount of data into a minimally-sized buffer on the heap.

A remote attacker may send a specially formatted message to kadmind,
causing it to crash or possibly resulting in arbitrary code execution.

The kadmind daemon is part of Kerberos 5 support. However, this bug
will only be present if kadmind was built with additional Kerberos 4
support. Thus, only systems that have *both* Heimdal Kerberos 5 and
Kerberos 4 installed might be affected.

NOTE: On FreeBSD 4 systems, `kadmind' may be installed as `k5admind'.

See also :

http://www.nessus.org/u?2a57ff98

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36947 (freebsd_pkg_446dbecb9edc11d893660020ed76ef5a.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0434

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now