PublicDate: 2004-12-31 05:00:00 UTC
Candidate: CVE-2004-1189
References:
 https://ubuntu.com/security/notices/USN-58-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1189
Description:
 The add_to_history function in svr_principal.c in libkadm5srv for MIT
 Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not
 properly track the password policy's history count and the maximum number
 of keys, which can cause an array index out-of-bounds error and may allow
 authenticated users to execute arbitrary code via a heap-based buffer
 overflow.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_krb5: released (1.4.3-5ubuntu0.6)
edgy_krb5: released (1.4.3-9ubuntu1.5)
feisty_krb5: released (1.4.4-5ubuntu3.3)
devel_krb5: released (1.6.dfsg.1-7)
upstream_krb5: needs-triage