VYPR

Kerberos 5

by Mit

Source repositories

CVEs (139)

  • CVE-2003-0138Mar 24, 2003
    risk 0.00cvss epss 0.04

    Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.

  • CVE-2003-0059Feb 19, 2003
    risk 0.00cvss epss 0.04

    Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.

  • CVE-2003-0058Feb 19, 2003
    risk 0.00cvss epss 0.05

    MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

  • CVE-2002-0036Feb 19, 2003
    risk 0.00cvss epss 0.05

    Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.

  • CVE-2003-0060Feb 19, 2003
    risk 0.00cvss epss 0.06

    Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.

  • CVE-2001-0417Jun 27, 2001
    risk 0.00cvss epss 0.00

    Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.

  • CVE-2001-1323May 16, 2001
    risk 0.00cvss epss 0.04

    Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob…

  • CVE-2000-0514Jun 14, 2000
    risk 0.00cvss epss 0.03

    GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.

  • CVE-2000-0546Jun 9, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

  • CVE-2000-0548Jun 9, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

  • CVE-2000-0550Jun 9, 2000
    risk 0.00cvss epss 0.02

    Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.

  • CVE-2000-0547Jun 9, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.

  • CVE-2000-0549Jun 9, 2000
    risk 0.00cvss epss 0.02

    Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.

  • CVE-2000-0392May 16, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.

  • CVE-2000-0391May 16, 2000
    risk 0.00cvss epss 0.04

    Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

  • CVE-2000-0390May 16, 2000
    risk 0.00cvss epss 0.04

    Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

  • CVE-1999-0713Jun 11, 1999
    risk 0.00cvss epss 0.00

    The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.

  • CVE-1999-1296Apr 29, 1997
    risk 0.00cvss epss 0.00

    Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.

  • CVE-1999-0143Feb 21, 1996
    risk 0.00cvss epss 0.00

    Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

Page 7 of 7