diff options
author | nectar <nectar@FreeBSD.org> | 2004-04-03 07:24:50 +0800 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2004-04-03 07:24:50 +0800 |
commit | c03bbf5eb61b4d628018fc3fe2385f73aeac1158 (patch) | |
tree | d292fce291bf9e123e1a6608a40729ce28657c31 /security | |
parent | c3597f60fcadf1b7bf455f22e9cbb061d88f5441 (diff) | |
download | freebsd-ports-gnome-c03bbf5eb61b4d628018fc3fe2385f73aeac1158.tar.gz freebsd-ports-gnome-c03bbf5eb61b4d628018fc3fe2385f73aeac1158.tar.zst freebsd-ports-gnome-c03bbf5eb61b4d628018fc3fe2385f73aeac1158.zip |
Add Heimdal cross-realm validation issue.
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f3241b4d5ff4..aa8956ce39aa 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -31,6 +31,37 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="bfb36941-84fa-11d8-a41f-0020ed76ef5a"> + <topic>Incorrect cross-realm trust handling in Heimdal</topic> + <affects> + <package> + <name>heimdal</name> + <range><lt>0.6.1</lt></range> + </package> + <system> + <name>FreeBSD</name> + <range><ge>4.0</ge></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Heimdal does not correctly validate the `transited' field of + Kerberos tickets when computing the authentication path. This + could allow a rogue KDC with which cross-realm relationships + have been established to impersonate any KDC in the + authentication path.</p> + </body> + </description> + <references> + <cvename>CAN-2004-0371</cvename> + <url>http://www.pdc.kth.se/heimdal/advisory/2004-04-01/</url> + </references> + <dates> + <discovery>2004-04-01</discovery> + <entry>2004-04-02</entry> + </dates> + </vuln> + <vuln vid="98bd69c3-834b-11d8-a41f-0020ed76ef5a"> <topic>Courier mail services: remotely exploitable buffer overflows</topic> <affects> |