Kerberos 5
by Mit
Source repositories
CVEs (139)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0138 | 0.00 | — | 0.04 | Mar 24, 2003 | Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | |||
| CVE-2003-0059 | 0.00 | — | 0.04 | Feb 19, 2003 | Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. | |||
| CVE-2003-0058 | 0.00 | — | 0.05 | Feb 19, 2003 | MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | |||
| CVE-2002-0036 | 0.00 | — | 0.05 | Feb 19, 2003 | Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. | |||
| CVE-2003-0060 | 0.00 | — | 0.06 | Feb 19, 2003 | Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. | |||
| CVE-2001-0417 | 0.00 | — | 0.00 | Jun 27, 2001 | Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. | |||
| CVE-2001-1323 | 0.00 | — | 0.04 | May 16, 2001 | Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob… | |||
| CVE-2000-0514 | 0.00 | — | 0.03 | Jun 14, 2000 | GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. | |||
| CVE-2000-0546 | 0.00 | — | 0.03 | Jun 9, 2000 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function. | |||
| CVE-2000-0548 | 0.00 | — | 0.03 | Jun 9, 2000 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. | |||
| CVE-2000-0550 | 0.00 | — | 0.02 | Jun 9, 2000 | Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service. | |||
| CVE-2000-0547 | 0.00 | — | 0.03 | Jun 9, 2000 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function. | |||
| CVE-2000-0549 | 0.00 | — | 0.02 | Jun 9, 2000 | Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. | |||
| CVE-2000-0392 | 0.00 | — | 0.00 | May 16, 2000 | Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. | |||
| CVE-2000-0391 | 0.00 | — | 0.04 | May 16, 2000 | Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. | |||
| CVE-2000-0390 | 0.00 | — | 0.04 | May 16, 2000 | Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. | |||
| CVE-1999-0713 | 0.00 | — | 0.00 | Jun 11, 1999 | The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. | |||
| CVE-1999-1296 | 0.00 | — | 0.00 | Apr 29, 1997 | Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable. | |||
| CVE-1999-0143 | 0.00 | — | 0.00 | Feb 21, 1996 | Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. |
- CVE-2003-0138Mar 24, 2003risk 0.00cvss —epss 0.04
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
- CVE-2003-0059Feb 19, 2003risk 0.00cvss —epss 0.04
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.
- CVE-2003-0058Feb 19, 2003risk 0.00cvss —epss 0.05
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
- CVE-2002-0036Feb 19, 2003risk 0.00cvss —epss 0.05
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
- CVE-2003-0060Feb 19, 2003risk 0.00cvss —epss 0.06
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
- CVE-2001-0417Jun 27, 2001risk 0.00cvss —epss 0.00
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
- CVE-2001-1323May 16, 2001risk 0.00cvss —epss 0.04
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob…
- CVE-2000-0514Jun 14, 2000risk 0.00cvss —epss 0.03
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.
- CVE-2000-0546Jun 9, 2000risk 0.00cvss —epss 0.03
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
- CVE-2000-0548Jun 9, 2000risk 0.00cvss —epss 0.03
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
- CVE-2000-0550Jun 9, 2000risk 0.00cvss —epss 0.02
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
- CVE-2000-0547Jun 9, 2000risk 0.00cvss —epss 0.03
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
- CVE-2000-0549Jun 9, 2000risk 0.00cvss —epss 0.02
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
- CVE-2000-0392May 16, 2000risk 0.00cvss —epss 0.00
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
- CVE-2000-0391May 16, 2000risk 0.00cvss —epss 0.04
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
- CVE-2000-0390May 16, 2000risk 0.00cvss —epss 0.04
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
- CVE-1999-0713Jun 11, 1999risk 0.00cvss —epss 0.00
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
- CVE-1999-1296Apr 29, 1997risk 0.00cvss —epss 0.00
Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.
- CVE-1999-0143Feb 21, 1996risk 0.00cvss —epss 0.00
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
Page 7 of 7