CVE-2002-1235
heimdal - buffer overflow
EPSS 32.9%
Description
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
How to fix CVE-2002-1235
To remediate CVE-2002-1235, upgrade the affected package to a fixed version below.
- Debian/heimdal—upgrade to 0.4e-22 or later
- —upgrade to 0.4e-7.woody.5 or later
- —upgrade to 1.1-8-2.2 or later
- —upgrade to 1.2.6-2 or later
- —upgrade to 1.2.4-5woody3 or later
Is CVE-2002-1235 being exploited?
Moderate — EPSS is 32.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (5)
- from 0, < 0.4e-22
- from 0, < 0.4e-7.woody.5
- from 0, < 1.1-8-2.2
- from 0, < 1.2.6-2
- from 0, < 1.2.4-5woody3