Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kerberos_5
(Mit)| Repositories | https://github.com/krb5/krb5 |
| #Vulnerabilities | 134 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-11-18 | CVE-2013-1418 | The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | Debian_linux, Kerberos_5, Opensuse | N/A | ||
| 2013-03-05 | CVE-2013-1415 | The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. | Kerberos_5, Opensuse | N/A | ||
| 2010-05-19 | CVE-2010-1321 | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | Ubuntu_linux, Debian_linux, Fedora, Kerberos_5, Opensuse, Database_server, Linux_enterprise_server | N/A | ||
| 2006-12-31 | CVE-2006-6144 | The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. | Kerberos_5 | N/A | ||
| 2013-03-05 | CVE-2012-1016 | The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request. | Kerberos_5 | N/A | ||
| 2007-04-06 | CVE-2007-0956 | The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882. | Ubuntu_linux, Debian_linux, Kerberos_5 | N/A | ||
| 2004-09-28 | CVE-2004-0643 | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | Debian_linux, Kerberos_5, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
| 2000-06-09 | CVE-2000-0548 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. | Cygnus_network_security, Kerbnet, Kerberos, Kerberos_5 | N/A | ||
| 2000-06-09 | CVE-2000-0547 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function. | Cygnus_network_security, Kerbnet, Kerberos, Kerberos_5 | N/A | ||
| 2000-06-09 | CVE-2000-0546 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function. | Cygnus_network_security, Kerbnet, Kerberos, Kerberos_5 | N/A |