FKIE_CVE-2005-1174

Vulnerability from fkie_nvd - Published: 2005-07-18 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=112122123211974&w=2
cve@mitre.orghttp://secunia.com/advisories/16041
cve@mitre.orghttp://secunia.com/advisories/17899
cve@mitre.orghttp://secunia.com/advisories/20364
cve@mitre.orghttp://securitytracker.com/id?1014460
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1
cve@mitre.orghttp://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txtPatch
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IY85474
cve@mitre.orghttp://www.debian.org/security/2005/dsa-757
cve@mitre.orghttp://www.kb.cert.org/vuls/id/259798Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2005_17_sr.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-567.html
cve@mitre.orghttp://www.securityfocus.com/bid/14240
cve@mitre.orghttp://www.trustix.org/errata/2005/0036
cve@mitre.orghttp://www.turbolinux.com/security/2005/TLSA-2005-78.txt
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/1066
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2074
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/21327
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10229
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A397
cve@mitre.orghttps://usn.ubuntu.com/224-1/
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=112122123211974&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16041
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17899
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20364
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014460
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1
af854a3a-2127-422b-91ae-364da2661108http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txtPatch
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-757
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/259798Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_17_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-567.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14240
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2005/0036
af854a3a-2127-422b-91ae-364da2661108http://www.turbolinux.com/security/2005/TLSA-2005-78.txt
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1066
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2074
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/21327
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10229
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A397
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/224-1/
Impacted products
Vendor Product Version
mit kerberos_5 1.3
mit kerberos_5 1.3.1
mit kerberos_5 1.3.2
mit kerberos_5 1.3.3
mit kerberos_5 1.3.4
mit kerberos_5 1.3.5
mit kerberos_5 1.3.6
mit kerberos_5 1.4
mit kerberos_5 1.4.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F01A83F-3BD1-4DED-979A-B4B6B23039FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACEB5A36-8F72-417A-AC92-149612EC7BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B8704B5-F37B-4C61-A924-3774A29BFEB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F953CEBA-BAC0-48DF-A3D0-1FABCC9963E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED81A044-8A7B-4EEF-A4B3-EA49D76FAAED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "30AA5727-BD83-45CF-B308-BA5F8A577B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E088E64-6FBD-4148-8F78-506364B7BB1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F0EECF-7787-442B-9888-D22F7D36C3DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF344AED-BE00-4A9B-A9DE-C6FB0BEE4617",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory."
    },
    {
      "lang": "es",
      "value": "MIT Kerberos 5 (krb5) 1.3 hasta la 1.4.1 Key Distribution Center (KDC) permite que atacantes remotos causen una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante ciertas conexiones v\u00e1lidas de TCP que provocan la liberaci\u00f3n de memoria no reservada."
    }
  ],
  "id": "CVE-2005-1174",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-07-18T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=112122123211974\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/16041"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17899"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20364"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014460"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2005/dsa-757"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/259798"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_17_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-567.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/14240"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2005/0036"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/1066"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2074"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21327"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10229"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A397"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/224-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=112122123211974\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/16041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2005/dsa-757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/259798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_17_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-567.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/14240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2005/0036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/1066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/224-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.