CVE-1999-1296Improper Restriction of Operations within the Bounds of a Memory Buffer in Kerberos 5

3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 80.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
MIT Kerberos 5
Timeline
PublishedApr 29
Latest updateApr 30

Description

Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDmit/kerberos_51.5.2

🔴Vulnerability Details

2
GHSA
GHSA-crq7-q2h2-v5r9: Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos2022-04-30
CVEList
CVE-1999-1296: Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos2001-09-12
CVE-1999-1296 — MIT Kerberos 5 vulnerability | cvebase