CVE

CVE-2005-1175

Date: (C)2005-07-18   (M)2023-12-22

Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1014460

SUNALERT-101809

BID-14236

SECUNIA-16041

SECUNIA-17135

SECUNIA-17899

2005-0036

20050703-01-U

http://marc.info/?l=bugtraq&m=112122123211974&w=2

SECUNIA-20364

ADV-2005-1066

ADV-2006-2074

APPLE-SA-2005-08-15

APPLE-SA-2005-08-17

DSA-757

IY85474

RHSA-2005:562

RHSA-2005:567

SUSE-SR:2005:017

TLSA-2005-78

USN-224-1

VU#885830

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt

kerberos-kdc-krb5-udp-tcp-bo(21328)

oval:org.mitre.oval:def:736

oval:org.mitre.oval:def:9902