This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
Revision: 520069 Date: 2019-12-13 Time: 20:34:37Z Committer: swills
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|40a8d798-4615-11e7-8080-a4badb2f4699||heimdal -- bypass of capath policy|
Viktor Dukhovni reports:
|446dbecb-9edc-11d8-9366-0020ed76ef5a||heimdal kadmind remote heap buffer overflow|
An input validation error was discovered in the kadmind code that handles the framing of Kerberos 4 compatibility administration requests. The code assumed that the length given in the framing was always two or more bytes. Smaller lengths will cause kadmind to read an arbitrary amount of data into a minimally-sized buffer on the heap.
A remote attacker may send a specially formatted message to kadmind, causing it to crash or possibly resulting in arbitrary code execution.
The kadmind daemon is part of Kerberos 5 support. However, this bug will only be present if kadmind was built with additional Kerberos 4 support. Thus, only systems that have *both* Heimdal Kerberos 5 and Kerberos 4 installed might be affected.
NOTE: On FreeBSD 4 systems, `kadmind' may be installed as `k5admind'.
ge 4.9 lt 4.9_7
ge 4.0 lt 4.8_20
|b62c80c2-b81a-11da-bec5-00123ffe8333||heimdal -- Multiple vulnerabilities|
A Project heimdal Security Advisory reports:
|bfb36941-84fa-11d8-a41f-0020ed76ef5a||Incorrect cross-realm trust handling in Heimdal|
Heimdal does not correctly validate the `transited' field of Kerberos tickets when computing the authentication path. This could allow a rogue KDC with which cross-realm relationships have been established to impersonate any KDC in the authentication path.
ge 5.0 lt 5.2_6
ge 4.9 lt 4.9_6
ge 4.0 lt 4.8_19