Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kerberos
(Mit)Repositories | https://github.com/krb5/krb5 |
#Vulnerabilities | 33 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2011-02-10 | CVE-2011-0281 | The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence. | Kerberos, Kerberos_5 | N/A | ||
2010-12-02 | CVE-2010-1323 | MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys. | Kerberos, Kerberos_5 | 3.7 | ||
2010-02-22 | CVE-2010-0283 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request. | Kerberos, Kerberos_5 | N/A | ||
2010-01-13 | CVE-2009-4212 | Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | Kerberos, Kerberos_5 | N/A | ||
2009-03-27 | CVE-2009-0845 | The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. | Kerberos, Kerberos_5 | N/A | ||
2009-04-09 | CVE-2009-0844 | The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. | Kerberos, Kerberos_5 | N/A | ||
2004-08-18 | CVE-2004-0523 | Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root. | Kerberos, Kerberos_5, Propack, Seam, Solaris, Sunos, Tinysofa_enterprise_server | N/A | ||
2003-04-02 | CVE-2003-0082 | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | Kerberos, Kerberos_5 | N/A | ||
2003-04-02 | CVE-2003-0072 | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). | Kerberos, Kerberos_5 | N/A | ||
2001-06-27 | CVE-2001-0417 | Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. | Kerberos, Kerberos_5 | N/A |