aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-04-03 07:24:50 +0800
committernectar <nectar@FreeBSD.org>2004-04-03 07:24:50 +0800
commitc03bbf5eb61b4d628018fc3fe2385f73aeac1158 (patch)
treed292fce291bf9e123e1a6608a40729ce28657c31 /security
parentc3597f60fcadf1b7bf455f22e9cbb061d88f5441 (diff)
downloadfreebsd-ports-gnome-c03bbf5eb61b4d628018fc3fe2385f73aeac1158.tar.gz
freebsd-ports-gnome-c03bbf5eb61b4d628018fc3fe2385f73aeac1158.tar.zst
freebsd-ports-gnome-c03bbf5eb61b4d628018fc3fe2385f73aeac1158.zip
Add Heimdal cross-realm validation issue.
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml31
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index f3241b4d5ff4..aa8956ce39aa 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -31,6 +31,37 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="bfb36941-84fa-11d8-a41f-0020ed76ef5a">
+ <topic>Incorrect cross-realm trust handling in Heimdal</topic>
+ <affects>
+ <package>
+ <name>heimdal</name>
+ <range><lt>0.6.1</lt></range>
+ </package>
+ <system>
+ <name>FreeBSD</name>
+ <range><ge>4.0</ge></range>
+ </system>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Heimdal does not correctly validate the `transited' field of
+ Kerberos tickets when computing the authentication path. This
+ could allow a rogue KDC with which cross-realm relationships
+ have been established to impersonate any KDC in the
+ authentication path.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2004-0371</cvename>
+ <url>http://www.pdc.kth.se/heimdal/advisory/2004-04-01/</url>
+ </references>
+ <dates>
+ <discovery>2004-04-01</discovery>
+ <entry>2004-04-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="98bd69c3-834b-11d8-a41f-0020ed76ef5a">
<topic>Courier mail services: remotely exploitable buffer overflows</topic>
<affects>