Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0644

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0644
Last Modified 21 Aug 2010 12:20:56
Published 28 Sep 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0644

Summary

The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.

Vulnerable Systems

Application

  • Mit Kerberos 5-1.2.2

  • Mit Kerberos 5-1.2.3

  • Mit Kerberos 5-1.2.4

  • Mit Kerberos 5-1.2.5

  • Mit Kerberos 5-1.2.6

  • Mit Kerberos 5-1.2.7

  • Mit Kerberos 5-1.2.8

  • Mit Kerberos 5-1.3

  • Mit Kerberos 5-1.3.1

  • Mit Kerberos 5-1.3.2

  • Mit Kerberos 5-1.3.3

  • Mit Kerberos 5-1.3.4


References

CERT - TA04-247A

CERT-VN - VU#550464

XF - kerberos-asn1-library-dos(17160)

TRUSTIX - 2004-0045

GENTOO - GLSA-200409-09

BID - 11079

DEBIAN - DSA-543

CONFIRM - http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-003-asn1.txt

REDHAT - RHSA-2004:350

BUGTRAQ - 20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)

CONECTIVA - CLA-2004:860


Last Updated: 27 May 2016 10:38:42