FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Incorrect cross-realm trust handling in Heimdal

Affected packages
heimdal < 0.6.1
Affected systems
5.0 <= FreeBSD < 5.2_6
4.9 <= FreeBSD < 4.9_6
4.0 <= FreeBSD < 4.8_19

Details

VuXML ID bfb36941-84fa-11d8-a41f-0020ed76ef5a
Discovery 2004-04-01
Entry 2004-04-02
Modified 2004-05-05

Heimdal does not correctly validate the `transited' field of Kerberos tickets when computing the authentication path. This could allow a rogue KDC with which cross-realm relationships have been established to impersonate any KDC in the authentication path.

References

CVE Name CVE-2004-0371
FreeBSD Advisory SA-04:08.heimdal
URL http://www.pdc.kth.se/heimdal/advisory/2004-04-01/