VYPR

rpm package

opensuse/krb5&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/krb5&distro=openSUSE%20Tumbleweed

Vulnerabilities (87)

  • CVE-2014-4341Jul 20, 2014
    affected < 1.15-1.1fixed 1.15-1.1

    MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

  • CVE-2013-1417Nov 20, 2013
    affected < 1.15-1.1fixed 1.15-1.1

    do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-real

  • CVE-2013-1418Nov 18, 2013
    affected < 1.15-1.1fixed 1.15-1.1

    The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

  • CVE-2002-2443May 29, 2013
    affected < 1.15-1.1fixed 1.15-1.1

    schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a com

  • CVE-2013-1415Mar 5, 2013
    affected < 1.15-1.1fixed 1.15-1.1

    The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields f

  • CVE-2012-1016Mar 5, 2013
    affected < 1.15-1.1fixed 1.15-1.1

    The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows rem

  • CVE-2012-1013Jun 7, 2012
    affected < 1.15-1.1fixed 1.15-1.1

    The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW

  • CVE-2012-1012Jun 7, 2012
    affected < 1.15-1.1fixed 1.15-1.1

    server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attribute

  • CVE-2011-1530Dec 8, 2011
    affected < 1.15-1.1fixed 1.15-1.1

    The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an e

  • CVE-2011-1529Oct 20, 2011
    affected < 1.15-1.1fixed 1.15-1.1

    The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference an

  • CVE-2011-1528Oct 20, 2011
    affected < 1.15-1.1fixed 1.15-1.1

    The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified

  • CVE-2011-1527Oct 20, 2011
    affected < 1.15-1.1fixed 1.15-1.1

    The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string ca

  • CVE-2011-0285Apr 15, 2011
    affected < 1.15-1.1fixed 1.15-1.1

    The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted

  • CVE-2011-0284Mar 20, 2011
    affected < 1.15-1.1fixed 1.15-1.1

    Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute

  • CVE-2011-0282Feb 10, 2011
    affected < 1.15-1.1fixed 1.15-1.1

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.

  • CVE-2011-0281Feb 10, 2011
    affected < 1.15-1.1fixed 1.15-1.1

    The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use o

  • CVE-2010-4022Feb 10, 2011
    affected < 1.15-1.1fixed 1.15-1.1

    The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service

  • CVE-2010-4021Dec 2, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue.

  • CVE-2010-4020MedDec 2, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from

  • CVE-2010-1324LowDec 2, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum,