VYPR

Kerberos

by Mit

Source repositories

CVEs (40)

  • CVE-2018-5709HigJan 16, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this…

  • CVE-2018-5710MedJan 16, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to…

  • CVE-2017-11368MedAug 9, 2017
    risk 0.42cvss 6.5epss 0.02

    In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

  • CVE-2025-3576MedApr 15, 2025
    risk 0.38cvss 5.9epss 0.00

    A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message…

  • CVE-2010-1323LowDec 2, 2010
    risk 0.24cvss 3.7epss 0.03

    MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge…

  • CVE-2001-0554Aug 14, 2001
    risk 0.06cvss epss 0.38

    Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

  • CVE-2000-0389May 16, 2000
    risk 0.04cvss epss 0.17

    Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

  • CVE-2009-4212Jan 13, 2010
    risk 0.01cvss epss 0.07

    Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by…

  • CVE-2007-2798Jun 26, 2007
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

  • CVE-2004-0523Aug 18, 2004
    risk 0.01cvss epss 0.12

    Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

  • CVE-2024-2698Jun 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If…

  • CVE-2018-20217Dec 26, 2018
    risk 0.00cvss epss 0.02

    A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

  • CVE-2014-5354Dec 16, 2014
    risk 0.00cvss epss 0.02

    plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a…

  • CVE-2014-4342Jul 20, 2014
    risk 0.00cvss epss 0.07

    MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

  • CVE-2013-6800Nov 18, 2013
    risk 0.00cvss epss 0.03

    An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than…

  • CVE-2011-1530Dec 8, 2011
    risk 0.00cvss epss 0.02

    The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an…

  • CVE-2011-0282Feb 10, 2011
    risk 0.00cvss epss 0.03

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.

  • CVE-2011-0281Feb 10, 2011
    risk 0.00cvss epss 0.04

    The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use…

  • CVE-2010-0283Feb 22, 2010
    risk 0.00cvss epss 0.02

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

  • CVE-2009-0847Apr 9, 2009
    risk 0.00cvss epss 0.03

    The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations…

Page 1 of 2