Total
130 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0036 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 5.0 MEDIUM | N/A |
| Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. | |||||
| CVE-2008-0948 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 9.3 HIGH | N/A |
| Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. | |||||
| CVE-2007-5902 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 10.0 HIGH | N/A |
| Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request. | |||||
| CVE-2007-5894 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 9.3 HIGH | N/A |
| ** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code." | |||||
| CVE-2007-3149 | 2 Mit, Todd Miller | 2 Kerberos 5, Sudo | 2020-01-21 | 7.2 HIGH | N/A |
| sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo." | |||||
| CVE-2003-0060 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 7.5 HIGH | N/A |
| Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. | |||||
| CVE-2008-0063 | 2 Apple, Mit | 3 Mac Os X, Mac Os X Server, Kerberos 5 | 2018-10-15 | 4.3 MEDIUM | N/A |
| The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | |||||
| CVE-2008-0062 | 2 Apple, Mit | 3 Mac Os X, Mac Os X Server, Kerberos 5 | 2018-10-15 | 9.3 HIGH | N/A |
| KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | |||||
| CVE-2007-5971 | 2 Apple, Mit | 3 Mac Os X, Mac Os X Server, Kerberos 5 | 2018-10-15 | 6.9 MEDIUM | N/A |
| Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. | |||||
| CVE-2007-5901 | 2 Apple, Mit | 3 Mac Os X, Mac Os X Server, Kerberos 5 | 2017-09-28 | 6.9 MEDIUM | N/A |
| Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. | |||||