Product:

Kerberos_5

(Mit)
Repositories https://github.com/krb5/krb5
#Vulnerabilities 134
Date Id Summary Products Score Patch Annotated
2013-11-18 CVE-2013-1418 The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Debian_linux, Kerberos_5, Opensuse N/A
2013-03-05 CVE-2013-1415 The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. Kerberos_5, Opensuse N/A
2010-05-19 CVE-2010-1321 The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. Ubuntu_linux, Debian_linux, Fedora, Kerberos_5, Opensuse, Database_server, Linux_enterprise_server N/A
2006-12-31 CVE-2006-6144 The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. Kerberos_5 N/A
2013-03-05 CVE-2012-1016 The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request. Kerberos_5 N/A
2007-04-06 CVE-2007-0956 The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882. Ubuntu_linux, Debian_linux, Kerberos_5 N/A
2004-09-28 CVE-2004-0643 Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. Debian_linux, Kerberos_5, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2000-06-09 CVE-2000-0548 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. Cygnus_network_security, Kerbnet, Kerberos, Kerberos_5 N/A
2000-06-09 CVE-2000-0547 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function. Cygnus_network_security, Kerbnet, Kerberos, Kerberos_5 N/A
2000-06-09 CVE-2000-0546 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function. Cygnus_network_security, Kerbnet, Kerberos, Kerberos_5 N/A