A vulnerability classified as critical has been found in KTH Kerberos 4 1.0.2/4 1.0.3/4 1.0.4/4 1.1.1. This affects some unknown functionality of the component FTP Client. The manipulation of the argument PASV with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.

The weakness was shared 06/18/2002 by Marcell Fodor (Website). It is possible to read the advisory at archives.neohapsis.com. This vulnerability is uniquely identified as CVE-2002-0600. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at X-Force (8938) and SecurityFocus (BID 4592†).

Productinfo

Vendor

• KTH

Name

• Kerberos

Version

• 4 1.0.2
• 4 1.0.3
• 4 1.0.4
• 4 1.1.1

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion