VYPR

Heimdal

by Heimdal

Source repositories

CVEs (30)

  • CVE-2006-3084Aug 9, 2006
    risk 0.00cvss epss 0.00

    The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE:…

  • CVE-2006-3083Aug 9, 2006
    risk 0.00cvss epss 0.01

    The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to…

  • CVE-2006-0677Feb 14, 2006
    risk 0.00cvss epss 0.03

    telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.

  • CVE-2006-0582Feb 8, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.

  • CVE-2005-2040Jun 20, 2005
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469.

  • CVE-2004-0371May 4, 2004
    risk 0.00cvss epss 0.02

    Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.

  • CVE-2003-0138Mar 24, 2003
    risk 0.00cvss epss 0.04

    Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.

  • CVE-2002-1226Oct 28, 2002
    risk 0.00cvss epss 0.02

    Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).

  • CVE-2002-1225Oct 28, 2002
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.

  • CVE-2002-0754Aug 12, 2002
    risk 0.00cvss epss 0.00

    Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

Page 2 of 2