CVE-2002-1235

Name: CVE-2002-1235
Creator: NVD / NIST
Published: 2002-11-04T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 15.10%

Last modified Jun 16, 2026

CVE-2002-1235 is a vulnerability of currently unknown severity. The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.. EPSS estimates a 15.10% chance of exploitation in the next 30 days.

Description

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

Metrics

EPSS Probability

15.10%

96.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Kth	Kth Kerberos 4	< 1.2.1
Kth	Kth Kerberos 5	< 0.5.1
Mit	Kerberos 5	>= 1.0, <= 1.2.6
Debian	Debian Linux	3.0

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.ascThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.htmlThird Party Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534Third Party Advisory
http://marc.info/?l=bugtraq&m=103539530729206&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=103564944215101&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=103582517126392&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=103582805330339&w=2Mailing List, Third Party Advisory
http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txtVendor Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txtVendor Advisory
http://www.cert.org/advisories/CA-2002-29.htmlPatch, Third Party Advisory, US Government Resource
http://www.debian.org/security/2002/dsa-183Third Party Advisory
http://www.debian.org/security/2002/dsa-184Patch, Third Party Advisory
http://www.debian.org/security/2002/dsa-185Third Party Advisory
http://www.iss.net/security_center/static/10430.phpThird Party Advisory
http://www.kb.cert.org/vuls/id/875073Third Party Advisory, US Government Resource
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.phpThird Party Advisory
http://www.pdc.kth.se/heimdal/Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2002-242.htmlThird Party Advisory
http://www.securityfocus.com/bid/6024Patch, Third Party Advisory, VDB Entry, Vendor Advisory
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.ascThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.htmlThird Party Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534Third Party Advisory
http://marc.info/?l=bugtraq&m=103539530729206&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=103564944215101&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=103582517126392&w=2Mailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=103582805330339&w=2Mailing List, Third Party Advisory
http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txtVendor Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txtVendor Advisory
http://www.cert.org/advisories/CA-2002-29.htmlPatch, Third Party Advisory, US Government Resource
http://www.debian.org/security/2002/dsa-183Third Party Advisory
http://www.debian.org/security/2002/dsa-184Patch, Third Party Advisory
http://www.debian.org/security/2002/dsa-185Third Party Advisory
http://www.iss.net/security_center/static/10430.phpThird Party Advisory
http://www.kb.cert.org/vuls/id/875073Third Party Advisory, US Government Resource
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.phpThird Party Advisory
http://www.pdc.kth.se/heimdal/Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2002-242.htmlThird Party Advisory
http://www.securityfocus.com/bid/6024Patch, Third Party Advisory, VDB Entry, Vendor Advisory

Timeline

Published: Nov 4, 2002
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2002-1235?

How severe is CVE-2002-1235?

Severity scoring for CVE-2002-1235 is pending analysis. The EPSS model estimates a 15.10% probability of exploitation in the next 30 days.

How do I fix CVE-2002-1235?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-1235?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST