FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0371

This CVE name corresponds to:

Entered Topic
2004-04-02 Incorrect cross-realm trust handling in Heimdal

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0371 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0371
Phase Assigned(20040324)

Description

Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.

References

Source Reference
CONFIRM http://www.pdc.kth.se/heimdal/advisory/2004-04-01/
DEBIAN DSA-476
FREEBSD FreeBSD-SA-04:08
OPENBSD 20040530 009: SECURITY FIX: May 30, 2004
GENTOO GLSA-200404-09
XF heimdal-cross-realm-spoofing(15701)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.