Vendor CVEs
Mit
All CVEs
154 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-1526 | 0.00 | — | 0.04 | Jul 11, 2011 | ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read… | |||
| CVE-2011-0283 | 0.00 | — | 0.03 | Feb 10, 2011 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet. | |||
| CVE-2011-0282 | 0.00 | — | 0.03 | Feb 10, 2011 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. | |||
| CVE-2011-0281 | 0.00 | — | 0.04 | Feb 10, 2011 | The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use… | |||
| CVE-2010-4022 | 0.00 | — | 0.04 | Feb 10, 2011 | The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service… | |||
| CVE-2010-4021 | 0.00 | — | 0.02 | Dec 2, 2010 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery… | |||
| CVE-2010-1322 | 0.00 | — | 0.03 | Oct 7, 2010 | The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or… | |||
| CVE-2010-0628 | 0.00 | — | 0.03 | Mar 25, 2010 | The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an… | |||
| CVE-2010-0283 | 0.00 | — | 0.02 | Feb 22, 2010 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request. | |||
| CVE-2009-0847 | 0.00 | — | 0.03 | Apr 9, 2009 | The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations… | |||
| CVE-2009-0844 | 0.00 | — | 0.04 | Apr 9, 2009 | The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. | |||
| CVE-2009-0845 | 0.00 | — | 0.06 | Mar 27, 2009 | The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in… | |||
| CVE-2007-5972 | 0.00 | — | 0.03 | Dec 6, 2007 | Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must… | |||
| CVE-2007-5901 | 0.00 | — | 0.00 | Dec 6, 2007 | Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. | |||
| CVE-2007-5902 | 0.00 | — | 0.06 | Dec 6, 2007 | Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request. | |||
| CVE-2007-5971 | 0.00 | — | 0.00 | Dec 6, 2007 | Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. | |||
| CVE-2007-5894 | 0.00 | — | 0.03 | Dec 6, 2007 | The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions… | |||
| CVE-2007-4743 | 0.00 | — | 0.05 | Sep 6, 2007 | The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some… | |||
| CVE-2007-4000 | 0.00 | — | 0.06 | Sep 5, 2007 | The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users… | |||
| CVE-2007-2443 | 0.00 | — | 0.03 | Jun 26, 2007 | Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | |||
| CVE-2007-3149 | 0.00 | — | 0.00 | Jun 11, 2007 | sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE:… | |||
| CVE-2006-6144 | 0.00 | — | 0.05 | Dec 31, 2006 | The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that… | |||
| CVE-2006-3084 | 0.00 | — | 0.00 | Aug 9, 2006 | The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE:… | |||
| CVE-2006-3083 | 0.00 | — | 0.01 | Aug 9, 2006 | The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to… | |||
| CVE-2005-1174 | 0.00 | — | 0.05 | Jul 18, 2005 | MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory. | |||
| CVE-2004-0971 | 0.00 | — | 0.00 | Feb 9, 2005 | The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2004-1189 | 0.00 | — | 0.01 | Dec 31, 2004 | The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error… | |||
| CVE-2004-0644 | 0.00 | — | 0.06 | Sep 28, 2004 | The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | |||
| CVE-2004-0643 | 0.00 | — | 0.01 | Sep 28, 2004 | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | |||
| CVE-2002-1575 | 0.00 | — | 0.01 | Mar 3, 2004 | cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message. | |||
| CVE-2003-0082 | 0.00 | — | 0.03 | Apr 2, 2003 | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | |||
| CVE-2003-0072 | 0.00 | — | 0.02 | Apr 2, 2003 | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). | |||
| CVE-2003-0138 | 0.00 | — | 0.04 | Mar 24, 2003 | Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | |||
| CVE-2003-0139 | 0.00 | — | 0.04 | Mar 24, 2003 | Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket… | |||
| CVE-2003-0060 | 0.00 | — | 0.06 | Feb 19, 2003 | Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. | |||
| CVE-2002-0036 | 0.00 | — | 0.05 | Feb 19, 2003 | Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. | |||
| CVE-2003-0041 | 0.00 | — | 0.04 | Feb 19, 2003 | Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | |||
| CVE-2003-0058 | 0.00 | — | 0.05 | Feb 19, 2003 | MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | |||
| CVE-2003-0059 | 0.00 | — | 0.04 | Feb 19, 2003 | Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. | |||
| CVE-2001-0417 | 0.00 | — | 0.00 | Jun 27, 2001 | Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. | |||
| CVE-2001-1323 | 0.00 | — | 0.04 | May 16, 2001 | Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob… | |||
| CVE-2000-0514 | 0.00 | — | 0.03 | Jun 14, 2000 | GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. | |||
| CVE-2000-0546 | 0.00 | — | 0.03 | Jun 9, 2000 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function. | |||
| CVE-2000-0547 | 0.00 | — | 0.03 | Jun 9, 2000 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function. | |||
| CVE-2000-0548 | 0.00 | — | 0.03 | Jun 9, 2000 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. | |||
| CVE-2000-0549 | 0.00 | — | 0.02 | Jun 9, 2000 | Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. | |||
| CVE-2000-0550 | 0.00 | — | 0.02 | Jun 9, 2000 | Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service. | |||
| CVE-2000-0391 | 0.00 | — | 0.04 | May 16, 2000 | Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. | |||
| CVE-2000-0392 | 0.00 | — | 0.00 | May 16, 2000 | Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. | |||
| CVE-2000-0390 | 0.00 | — | 0.04 | May 16, 2000 | Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. |
- CVE-2011-1526Jul 11, 2011risk 0.00cvss —epss 0.04
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read…
- CVE-2011-0283Feb 10, 2011risk 0.00cvss —epss 0.03
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.
- CVE-2011-0282Feb 10, 2011risk 0.00cvss —epss 0.03
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
- CVE-2011-0281Feb 10, 2011risk 0.00cvss —epss 0.04
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use…
- CVE-2010-4022Feb 10, 2011risk 0.00cvss —epss 0.04
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service…
- CVE-2010-4021Dec 2, 2010risk 0.00cvss —epss 0.02
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery…
- CVE-2010-1322Oct 7, 2010risk 0.00cvss —epss 0.03
The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or…
- CVE-2010-0628Mar 25, 2010risk 0.00cvss —epss 0.03
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an…
- CVE-2010-0283Feb 22, 2010risk 0.00cvss —epss 0.02
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
- CVE-2009-0847Apr 9, 2009risk 0.00cvss —epss 0.03
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations…
- CVE-2009-0844Apr 9, 2009risk 0.00cvss —epss 0.04
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
- CVE-2009-0845Mar 27, 2009risk 0.00cvss —epss 0.06
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in…
- CVE-2007-5972Dec 6, 2007risk 0.00cvss —epss 0.03
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must…
- CVE-2007-5901Dec 6, 2007risk 0.00cvss —epss 0.00
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
- CVE-2007-5902Dec 6, 2007risk 0.00cvss —epss 0.06
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
- CVE-2007-5971Dec 6, 2007risk 0.00cvss —epss 0.00
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
- CVE-2007-5894Dec 6, 2007risk 0.00cvss —epss 0.03
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions…
- CVE-2007-4743Sep 6, 2007risk 0.00cvss —epss 0.05
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some…
- CVE-2007-4000Sep 5, 2007risk 0.00cvss —epss 0.06
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users…
- CVE-2007-2443Jun 26, 2007risk 0.00cvss —epss 0.03
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
- CVE-2007-3149Jun 11, 2007risk 0.00cvss —epss 0.00
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE:…
- CVE-2006-6144Dec 31, 2006risk 0.00cvss —epss 0.05
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that…
- CVE-2006-3084Aug 9, 2006risk 0.00cvss —epss 0.00
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE:…
- CVE-2006-3083Aug 9, 2006risk 0.00cvss —epss 0.01
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to…
- CVE-2005-1174Jul 18, 2005risk 0.00cvss —epss 0.05
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
- CVE-2004-0971Feb 9, 2005risk 0.00cvss —epss 0.00
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
- CVE-2004-1189Dec 31, 2004risk 0.00cvss —epss 0.01
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error…
- CVE-2004-0644Sep 28, 2004risk 0.00cvss —epss 0.06
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
- CVE-2004-0643Sep 28, 2004risk 0.00cvss —epss 0.01
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
- CVE-2002-1575Mar 3, 2004risk 0.00cvss —epss 0.01
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
- CVE-2003-0082Apr 2, 2003risk 0.00cvss —epss 0.03
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
- CVE-2003-0072Apr 2, 2003risk 0.00cvss —epss 0.02
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
- CVE-2003-0138Mar 24, 2003risk 0.00cvss —epss 0.04
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
- CVE-2003-0139Mar 24, 2003risk 0.00cvss —epss 0.04
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket…
- CVE-2003-0060Feb 19, 2003risk 0.00cvss —epss 0.06
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
- CVE-2002-0036Feb 19, 2003risk 0.00cvss —epss 0.05
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
- CVE-2003-0041Feb 19, 2003risk 0.00cvss —epss 0.04
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
- CVE-2003-0058Feb 19, 2003risk 0.00cvss —epss 0.05
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
- CVE-2003-0059Feb 19, 2003risk 0.00cvss —epss 0.04
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.
- CVE-2001-0417Jun 27, 2001risk 0.00cvss —epss 0.00
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
- CVE-2001-1323May 16, 2001risk 0.00cvss —epss 0.04
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob…
- CVE-2000-0514Jun 14, 2000risk 0.00cvss —epss 0.03
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.
- CVE-2000-0546Jun 9, 2000risk 0.00cvss —epss 0.03
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
- CVE-2000-0547Jun 9, 2000risk 0.00cvss —epss 0.03
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
- CVE-2000-0548Jun 9, 2000risk 0.00cvss —epss 0.03
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
- CVE-2000-0549Jun 9, 2000risk 0.00cvss —epss 0.02
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
- CVE-2000-0550Jun 9, 2000risk 0.00cvss —epss 0.02
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
- CVE-2000-0391May 16, 2000risk 0.00cvss —epss 0.04
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
- CVE-2000-0392May 16, 2000risk 0.00cvss —epss 0.00
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
- CVE-2000-0390May 16, 2000risk 0.00cvss —epss 0.04
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
Page 3 of 4