National Cyber-Alert System

Vulnerability Summary for CVE-2005-1175

Overview

Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#885830

Name: VU#885830

Type: Advisory; Patch Information

Hyperlink:http://www.kb.cert.org/vuls/id/885830

External Source: DEBIAN

Name: DSA-757

Type: Advisory; Patch Information

Hyperlink:http://www.debian.org/security/2005/dsa-757

External Source: CONFIRM

Name: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt

Type: Advisory; Patch Information

Hyperlink:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt

External Source: XF

Name: kerberos-kdc-krb5-udp-tcp-bo(21328)

Hyperlink:http://xforce.iss.net/xforce/xfdb/21328

External Source: UBUNTU

Name: USN-224-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-224-1

External Source: TURBO

Name: TLSA-2005-78

Hyperlink:http://www.turbolinux.com/security/2005/TLSA-2005-78.txt

External Source: TRUSTIX

Name: 2005-0036

Hyperlink:http://www.trustix.org/errata/2005/0036

External Source: BID

Name: 14236

Hyperlink:http://www.securityfocus.com/bid/14236

External Source: REDHAT

Name: RHSA-2005:567

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-567.html

External Source: REDHAT

Name: RHSA-2005:562

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-562.html

External Source: SUSE

Name: SUSE-SR:2005:017

Hyperlink:http://www.novell.com/linux/security/advisories/2005_17_sr.html

External Source: VUPEN

Name: ADV-2006-2074

Hyperlink:http://www.frsirt.com/english/advisories/2006/2074

External Source: VUPEN

Name: ADV-2005-1066

Hyperlink:http://www.frsirt.com/english/advisories/2005/1066

External Source: AIXAPAR

Name: IY85474

Hyperlink:http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474

External Source: SUNALERT

Name: 101809

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1

External Source: SECTRACK

Name: 1014460

Hyperlink:http://securitytracker.com/id?1014460

External Source: SECUNIA

Name: 20364

Hyperlink:http://secunia.com/advisories/20364

External Source: SECUNIA

Name: 17899

Hyperlink:http://secunia.com/advisories/17899

External Source: SECUNIA

Name: 17135

Hyperlink:http://secunia.com/advisories/17135

External Source: SECUNIA

Name: 16041

Hyperlink:http://secunia.com/advisories/16041

External Source: BUGTRAQ

Name: 20050712 MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=112122123211974&w=2

External Source: APPLE

Name: APPLE-SA-2005-08-15

Hyperlink:http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

External Source: APPLE

Name: APPLE-SA-2005-08-17

Hyperlink:http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

External Source: SGI

Name: 20050703-01-U

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc

US Government Resource: oval:org.mitre.oval:def:736

Name: oval:org.mitre.oval:def:736

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:736