VYPR

Kerberos

by Mit

Source repositories

CVEs (40)

  • CVE-2009-0844Apr 9, 2009
    risk 0.00cvss epss 0.04

    The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

  • CVE-2009-0845Mar 27, 2009
    risk 0.00cvss epss 0.06

    The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in…

  • CVE-2003-0082Apr 2, 2003
    risk 0.00cvss epss 0.03

    The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").

  • CVE-2003-0072Apr 2, 2003
    risk 0.00cvss epss 0.02

    The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

  • CVE-2003-0138Mar 24, 2003
    risk 0.00cvss epss 0.04

    Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.

  • CVE-2003-0139Mar 24, 2003
    risk 0.00cvss epss 0.04

    Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket…

  • CVE-2003-0058Feb 19, 2003
    risk 0.00cvss epss 0.05

    MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

  • CVE-2002-0036Feb 19, 2003
    risk 0.00cvss epss 0.05

    Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.

  • CVE-2003-0059Feb 19, 2003
    risk 0.00cvss epss 0.04

    Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.

  • CVE-2001-0417Jun 27, 2001
    risk 0.00cvss epss 0.00

    Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.

  • CVE-2000-0547Jun 9, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.

  • CVE-2000-0549Jun 9, 2000
    risk 0.00cvss epss 0.02

    Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.

  • CVE-2000-0550Jun 9, 2000
    risk 0.00cvss epss 0.02

    Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.

  • CVE-2000-0546Jun 9, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

  • CVE-2000-0548Jun 9, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

  • CVE-2000-0390May 16, 2000
    risk 0.00cvss epss 0.04

    Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

  • CVE-2000-0392May 16, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.

  • CVE-2000-0391May 16, 2000
    risk 0.00cvss epss 0.04

    Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

  • CVE-1999-1321Nov 5, 1998
    risk 0.00cvss epss 0.02

    Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.

  • CVE-1999-0143Feb 21, 1996
    risk 0.00cvss epss 0.00

    Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

Page 2 of 2