FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

heimdal kadmind remote heap buffer overflow

Affected packages
heimdal < 0.6.1_1
Affected systems
4.9 <= FreeBSD < 4.9_7
4.0 <= FreeBSD < 4.8_20

Details

VuXML ID 446dbecb-9edc-11d8-9366-0020ed76ef5a
Discovery 2004-05-05
Entry 2004-05-05

An input validation error was discovered in the kadmind code that handles the framing of Kerberos 4 compatibility administration requests. The code assumed that the length given in the framing was always two or more bytes. Smaller lengths will cause kadmind to read an arbitrary amount of data into a minimally-sized buffer on the heap.

A remote attacker may send a specially formatted message to kadmind, causing it to crash or possibly resulting in arbitrary code execution.

The kadmind daemon is part of Kerberos 5 support. However, this bug will only be present if kadmind was built with additional Kerberos 4 support. Thus, only systems that have *both* Heimdal Kerberos 5 and Kerberos 4 installed might be affected.

NOTE: On FreeBSD 4 systems, `kadmind' may be installed as `k5admind'.

References

CVE Name CVE-2004-0434
FreeBSD Advisory SA-04:09.kadmind