Search for vulnerabilities
Vulnerability details: VCID-t21d-z7ma-aaaa
Vulnerability ID VCID-t21d-z7ma-aaaa
Aliases CVE-2002-1235
Summary The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.29359 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.32917 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.37861 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.71929 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.71929 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.71929 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
epss 0.71929 https://api.first.org/data/v1/epss?cve=CVE-2002-1235
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=1616862
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2002-1235
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc
http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534
http://marc.info/?l=bugtraq&m=103539530729206&w=2
http://marc.info/?l=bugtraq&m=103564944215101&w=2
http://marc.info/?l=bugtraq&m=103582517126392&w=2
http://marc.info/?l=bugtraq&m=103582805330339&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1235.json
https://api.first.org/data/v1/epss?cve=CVE-2002-1235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1235
http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt
http://www.cert.org/advisories/CA-2002-29.html
http://www.debian.org/security/2002/dsa-183
http://www.debian.org/security/2002/dsa-184
http://www.debian.org/security/2002/dsa-185
http://www.iss.net/security_center/static/10430.php
http://www.kb.cert.org/vuls/id/875073
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php
http://www.pdc.kth.se/heimdal/
http://www.redhat.com/support/errata/RHSA-2002-242.html
http://www.securityfocus.com/bid/6024
1616862 https://bugzilla.redhat.com/show_bug.cgi?id=1616862
cpe:2.3:a:kth:kth_kerberos_4:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kth:kth_kerberos_4:*:*:*:*:*:*:*:*
cpe:2.3:a:kth:kth_kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kth:kth_kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
CVE-2002-1235 https://nvd.nist.gov/vuln/detail/CVE-2002-1235
RHSA-2002:242 https://access.redhat.com/errata/RHSA-2002:242
RHSA-2002:250 https://access.redhat.com/errata/RHSA-2002:250
RHSA-2003:168 https://access.redhat.com/errata/RHSA-2003:168
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2002-1235
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96986
EPSS Score 0.29359
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.