CVE-2002-1235

EPSS 32.9%

heimdal - buffer overflow

Published: 11/4/2002Modified: 4/28/2026

Also known as:DEBIAN-CVE-2002-1235

Description

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

Affected packages (5)

Debian/heimdalfrom 0, < 0.4e-22
Debian/heimdalfrom 0, < 0.4e-7.woody.5
Debian/krb4from 0, < 1.1-8-2.2
Debian/krb5from 0, < 1.2.6-2
Debian/krb5from 0, < 1.2.4-5woody3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2002-1235