Total
130 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1689 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 7.5 HIGH | N/A |
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. | |||||
CVE-2006-3083 | 2 Heimdal, Mit | 2 Heimdal, Kerberos 5 | 2020-01-21 | 7.2 HIGH | N/A |
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. | |||||
CVE-2006-3084 | 2 Heimdal, Mit | 2 Heimdal, Kerberos 5 | 2020-01-21 | 7.2 HIGH | N/A |
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. | |||||
CVE-2006-6143 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 9.3 HIGH | N/A |
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2007-3999 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message. | |||||
CVE-2007-4000 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 8.5 HIGH | N/A |
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | |||||
CVE-2007-4743 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 10.0 HIGH | N/A |
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. | |||||
CVE-2007-5972 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 9.0 HIGH | N/A |
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key. | |||||
CVE-2008-0947 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 10.0 HIGH | N/A |
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. | |||||
CVE-2009-0844 | 1 Mit | 2 Kerberos, Kerberos 5 | 2020-01-21 | 5.8 MEDIUM | N/A |
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. | |||||
CVE-2009-0845 | 1 Mit | 2 Kerberos, Kerberos 5 | 2020-01-21 | 5.0 MEDIUM | N/A |
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. | |||||
CVE-2009-3295 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 5.0 MEDIUM | N/A |
The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request. | |||||
CVE-2009-4212 | 1 Mit | 2 Kerberos, Kerberos 5 | 2020-01-21 | 10.0 HIGH | N/A |
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | |||||
CVE-2010-0283 | 1 Mit | 2 Kerberos, Kerberos 5 | 2020-01-21 | 7.8 HIGH | N/A |
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request. | |||||
CVE-2010-0628 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 5.0 MEDIUM | N/A |
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token. | |||||
CVE-2010-1320 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 4.0 MEDIUM | N/A |
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. | |||||
CVE-2010-4021 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 2.1 LOW | N/A |
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." | |||||
CVE-1999-0713 | 4 Cde, Digital, Mit and 1 more | 4 Cde, Unix, Kerberos 5 and 1 more | 2020-01-21 | 7.2 HIGH | N/A |
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. | |||||
CVE-2003-0059 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 7.5 HIGH | N/A |
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. | |||||
CVE-2003-0058 | 2 Mit, Sun | 4 Kerberos 5, Enterprise Authentication Mechanism, Solaris and 1 more | 2020-01-21 | 5.0 MEDIUM | N/A |
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. |