Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kerberos_5
(Mit)| Repositories | https://github.com/krb5/krb5 |
| #Vulnerabilities | 134 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2003-04-02 | CVE-2003-0082 | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | Kerberos, Kerberos_5 | N/A | ||
| 2003-04-02 | CVE-2003-0072 | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). | Kerberos, Kerberos_5 | N/A | ||
| 2003-02-19 | CVE-2003-0060 | Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. | Kerberos_5 | N/A | ||
| 2003-02-19 | CVE-2003-0059 | Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. | Kerberos_5 | N/A | ||
| 2003-02-19 | CVE-2003-0058 | MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | Kerberos_5, Enterprise_authentication_mechanism, Solaris, Sunos | N/A | ||
| 2003-03-25 | CVE-2003-0028 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | Unicos, Freebsd, Glibc, Hp\-Ux, Hp\-Ux_series_700, Hp\-Ux_series_800, Aix, Kerberos_5, Openafs, Openbsd, Irix, Solaris, Sunos | N/A | ||
| 2003-02-19 | CVE-2002-0036 | Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. | Kerberos_5 | N/A | ||
| 2001-06-27 | CVE-2001-0417 | Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. | Kerberos, Kerberos_5 | N/A | ||
| 2001-06-18 | CVE-2001-0247 | Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. | Freebsd, Kerberos_5, Netbsd, Openbsd, Irix | N/A | ||
| 2000-06-09 | CVE-2000-0550 | Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service. | Cygnus_network_security, Kerbnet, Kerberos, Kerberos_5 | N/A |