diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2004-04-02 23:24:50 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2004-04-02 23:24:50 +0000 |
| commit | 8afc414500220aabb2587fff0c666b0ae9688c43 (patch) | |
| tree | 35a7612d7fbe9ad8acb5f263a279d3a1edbbdfd7 /security | |
| parent | e4f2d52c07379e2fe2f96ace6fe8c6f63b2a56fc (diff) | |
| download | ports-8afc414500220aabb2587fff0c666b0ae9688c43.tar.gz ports-8afc414500220aabb2587fff0c666b0ae9688c43.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f3241b4d5ff4..aa8956ce39aa 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -31,6 +31,37 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="bfb36941-84fa-11d8-a41f-0020ed76ef5a"> + <topic>Incorrect cross-realm trust handling in Heimdal</topic> + <affects> + <package> + <name>heimdal</name> + <range><lt>0.6.1</lt></range> + </package> + <system> + <name>FreeBSD</name> + <range><ge>4.0</ge></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Heimdal does not correctly validate the `transited' field of + Kerberos tickets when computing the authentication path. This + could allow a rogue KDC with which cross-realm relationships + have been established to impersonate any KDC in the + authentication path.</p> + </body> + </description> + <references> + <cvename>CAN-2004-0371</cvename> + <url>http://www.pdc.kth.se/heimdal/advisory/2004-04-01/</url> + </references> + <dates> + <discovery>2004-04-01</discovery> + <entry>2004-04-02</entry> + </dates> + </vuln> + <vuln vid="98bd69c3-834b-11d8-a41f-0020ed76ef5a"> <topic>Courier mail services: remotely exploitable buffer overflows</topic> <affects> |