Product:

Heimdal

(Heimdal_project)
Repositories https://github.com/heimdal/heimdal
#Vulnerabilities 13
Date Id Summary Products Score Patch Annotated
2022-12-26 CVE-2021-44758 Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. Heimdal 7.5
2023-03-06 CVE-2022-45142 The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. Heimdal 7.5
2023-03-27 CVE-2022-3116 The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. Heimdal 7.5
2004-07-07 CVE-2004-0434 k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. Debian_linux, Heimdal 9.8
2019-05-15 CVE-2019-12098 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. Debian_linux, Fedora, Heimdal, Backports_sle, Leap 7.4
2017-08-28 CVE-2017-6594 The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. Heimdal, Leap 7.5
2011-12-25 CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Debian_linux, Fedora, Freebsd, Inetutils, Heimdal, Krb5\-Appl, Opensuse, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2017-07-13 CVE-2017-11103 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE... Iphone_os, Mac_os_x, Debian_linux, Freebsd, Heimdal, Samba N/A
2019-07-31 CVE-2018-16860 A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. Heimdal, Samba 7.5
2017-12-06 CVE-2017-17439 In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. Debian_linux, Heimdal 7.5