CVE-2004-1189

The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2024-02-04 16:31


NVD link : CVE-2004-1189

Mitre link : CVE-2004-1189

CVE.ORG link : CVE-2004-1189


JSON object : View

Products Affected

mit

  • kerberos_5
CWE
CWE-787

Out-of-bounds Write