Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0389Improper Restriction of Operations within the Bounds of a Memory Buffer in Kerberos

8 documents6 sources
Severity
10.0CRITICALNVD
EPSS
11.0%
top 6.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Cygnus Network SecurityCygnus KerbnetMIT Kerberos+2 more
Timeline
PublishedMay 16
Latest updateApr 30

Description

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

NVDmit/kerberos4.0
NVDmit/kerberos_51.0, 1.1.1+1
NVDredhat/linux6.2

🔴Vulnerability Details

2
GHSA
GHSA-4jvw-4fhr-v7mv: Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges2022-04-30
CVEList
CVE-2000-0389: Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges2000-07-12

💥Exploits & PoCs

3
Exploit-DB
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Local Buffer Overflow (2)2000-05-26
Exploit-DB
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (1)2000-05-16
Exploit-DB
Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility 'krb_rd_req()' Remote Buffer Overflow (3)2000-04-08

📋Vendor Advisories

1
Red Hat
security flaw2000-05-16

💬Community

1
Bugzilla
CVE-2000-0389 security flaw2018-08-16
CVE-2000-0389 — MIT Kerberos vulnerability | cvebase