VYPR

Kerberos

by MIT Kerberos

CVEs (2)

  • CVE-2009-0360Feb 13, 2009
    risk 0.03cvss epss 0.01

    Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching…

  • CVE-2007-5901Dec 6, 2007
    risk 0.00cvss epss 0.00

    Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.