VYPR

Vendor CVEs

Mit

All CVEs

154 total · sorted by risk
  • CVE-2011-1526Jul 11, 2011
    risk 0.00cvss epss 0.04

    ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read…

  • CVE-2011-0283Feb 10, 2011
    risk 0.00cvss epss 0.03

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.

  • CVE-2011-0282Feb 10, 2011
    risk 0.00cvss epss 0.03

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.

  • CVE-2011-0281Feb 10, 2011
    risk 0.00cvss epss 0.04

    The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use…

  • CVE-2010-4022Feb 10, 2011
    risk 0.00cvss epss 0.04

    The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service…

  • CVE-2010-4021Dec 2, 2010
    risk 0.00cvss epss 0.02

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery…

  • CVE-2010-1322Oct 7, 2010
    risk 0.00cvss epss 0.03

    The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or…

  • CVE-2010-0628Mar 25, 2010
    risk 0.00cvss epss 0.03

    The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an…

  • CVE-2010-0283Feb 22, 2010
    risk 0.00cvss epss 0.02

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

  • CVE-2009-0847Apr 9, 2009
    risk 0.00cvss epss 0.03

    The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations…

  • CVE-2009-0844Apr 9, 2009
    risk 0.00cvss epss 0.04

    The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

  • CVE-2009-0845Mar 27, 2009
    risk 0.00cvss epss 0.06

    The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in…

  • CVE-2007-5972Dec 6, 2007
    risk 0.00cvss epss 0.03

    Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must…

  • CVE-2007-5901Dec 6, 2007
    risk 0.00cvss epss 0.00

    Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.

  • CVE-2007-5902Dec 6, 2007
    risk 0.00cvss epss 0.06

    Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.

  • CVE-2007-5971Dec 6, 2007
    risk 0.00cvss epss 0.00

    Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.

  • CVE-2007-5894Dec 6, 2007
    risk 0.00cvss epss 0.03

    The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions…

  • CVE-2007-4743Sep 6, 2007
    risk 0.00cvss epss 0.05

    The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some…

  • CVE-2007-4000Sep 5, 2007
    risk 0.00cvss epss 0.06

    The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users…

  • CVE-2007-2443Jun 26, 2007
    risk 0.00cvss epss 0.03

    Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

  • CVE-2007-3149Jun 11, 2007
    risk 0.00cvss epss 0.00

    sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE:…

  • CVE-2006-6144Dec 31, 2006
    risk 0.00cvss epss 0.05

    The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that…

  • CVE-2006-3084Aug 9, 2006
    risk 0.00cvss epss 0.00

    The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE:…

  • CVE-2006-3083Aug 9, 2006
    risk 0.00cvss epss 0.01

    The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to…

  • CVE-2005-1174Jul 18, 2005
    risk 0.00cvss epss 0.05

    MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.

  • CVE-2004-0971Feb 9, 2005
    risk 0.00cvss epss 0.00

    The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-1189Dec 31, 2004
    risk 0.00cvss epss 0.01

    The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error…

  • CVE-2004-0644Sep 28, 2004
    risk 0.00cvss epss 0.06

    The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.

  • CVE-2004-0643Sep 28, 2004
    risk 0.00cvss epss 0.01

    Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.

  • CVE-2002-1575Mar 3, 2004
    risk 0.00cvss epss 0.01

    cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.

  • CVE-2003-0082Apr 2, 2003
    risk 0.00cvss epss 0.03

    The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").

  • CVE-2003-0072Apr 2, 2003
    risk 0.00cvss epss 0.02

    The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

  • CVE-2003-0138Mar 24, 2003
    risk 0.00cvss epss 0.04

    Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.

  • CVE-2003-0139Mar 24, 2003
    risk 0.00cvss epss 0.04

    Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket…

  • CVE-2003-0060Feb 19, 2003
    risk 0.00cvss epss 0.06

    Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.

  • CVE-2002-0036Feb 19, 2003
    risk 0.00cvss epss 0.05

    Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.

  • CVE-2003-0041Feb 19, 2003
    risk 0.00cvss epss 0.04

    Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

  • CVE-2003-0058Feb 19, 2003
    risk 0.00cvss epss 0.05

    MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

  • CVE-2003-0059Feb 19, 2003
    risk 0.00cvss epss 0.04

    Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.

  • CVE-2001-0417Jun 27, 2001
    risk 0.00cvss epss 0.00

    Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.

  • CVE-2001-1323May 16, 2001
    risk 0.00cvss epss 0.04

    Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob…

  • CVE-2000-0514Jun 14, 2000
    risk 0.00cvss epss 0.03

    GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.

  • CVE-2000-0546Jun 9, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

  • CVE-2000-0547Jun 9, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.

  • CVE-2000-0548Jun 9, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

  • CVE-2000-0549Jun 9, 2000
    risk 0.00cvss epss 0.02

    Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.

  • CVE-2000-0550Jun 9, 2000
    risk 0.00cvss epss 0.02

    Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.

  • CVE-2000-0391May 16, 2000
    risk 0.00cvss epss 0.04

    Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

  • CVE-2000-0392May 16, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.

  • CVE-2000-0390May 16, 2000
    risk 0.00cvss epss 0.04

    Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.