Mit Kerberos vulnerabilities
35 known vulnerabilities affecting mit/kerberos.
Total CVEs
35
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH7MEDIUM18LOW3
Vulnerabilities
Page 1 of 2
CVE-2001-0554P2CRITICALCVSS 10.0ExploitedPoCv1.02001-08-14
CVE-2001-0554 [CRITICAL] CWE-120 CVE-2001-0554: Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attack
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
nvd
CVE-2000-0389P3CRITICALCVSS 10.0PoCv4.02000-05-16
CVE-2000-0389 [CRITICAL] CVE-2000-0389: Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root priv
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
nvd
CVE-2004-0523P3CRITICALCVSS 10.0v1.0v1.0.8+1 more2004-08-18
CVE-2004-0523 [CRITICAL] CVE-2004-0523: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier all
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
nvd
CVE-2009-4212P3CRITICALCVSS 10.0v5-1.6.32010-01-13
CVE-2009-4212 [CRITICAL] CWE-189 CVE-2009-4212: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto librar
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
nvd
CVE-2000-0390P3CRITICALCVSS 10.0v4.02000-05-16
CVE-2000-0390 [CRITICAL] CVE-2000-0390: Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
nvd
CVE-2000-0391P3CRITICALCVSS 10.0v4.02000-05-16
CVE-2000-0391 [CRITICAL] CVE-2000-0391: Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
nvd
CVE-2018-5709P3HIGHCVSS 7.5≤ 5-1.162018-01-16
CVE-2018-5709 [HIGH] CWE-190 CVE-2018-5709: An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_k
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerb
nvd
CVE-2015-3206P3CRITICAL≥ 0, ≤ 1.2.52022-05-14
CVE-2015-3206 [CRITICAL] CWE-287 python-kerberos vulnerable to KDC spoofing attacks
python-kerberos vulnerable to KDC spoofing attacks
The `checkPassword` function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
ghsaosv
CVE-2020-13110P3HIGH≥ 0, < 1.0.02020-09-04
CVE-2020-13110 [HIGH] CWE-427 DLL Injection in kerberos
DLL Injection in kerberos
Version of `kerberos` prior to 1.0.0 are vulnerable to DLL Injection. The package loads DLLs without specifying a full path. This may allow attackers to create a file with the same name in a folder that precedes the intended file in the DLL path search. Doing so would allow attackers to execute arbitrary code in the machine.
## Recommendation
Upgrade to version 1.0.0 or later.
ghsaosv
CVE-2017-11368P4MEDIUMCVSS 6.5v5-1.13.72017-08-09
CVE-2017-11368 [MEDIUM] CWE-617 CVE-2017-11368: In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion fail
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
nvd
CVE-2010-0283P4HIGHCVSS 7.8v5-1.82010-02-22
CVE-2010-0283 [HIGH] CWE-20 CVE-2010-0283: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allo
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
nvd
CVE-2018-5710P4MEDIUMCVSS 6.5≤ 5-1.162018-01-16
CVE-2018-5710 [MEDIUM] CWE-476 CVE-2018-5710: An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen"
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmi
nvd
CVE-2003-0138P4HIGHCVSS 7.5v42003-03-24
CVE-2003-0138 [HIGH] CVE-2003-0138: Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
nvd
CVE-2003-0139P4HIGHCVSS 7.5v42003-03-24
CVE-2003-0139 [HIGH] CVE-2003-0139: Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 di
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
nvd
CVE-2018-20217P4MEDIUMCVSS 5.3fixed in 5-1.172018-12-26
CVE-2018-20217 [MEDIUM] CWE-617 CVE-2018-20217: A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If a
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
nvd
CVE-2009-0845P4MEDIUMCVSS 5.0v5-1.6.32009-03-27
CVE-2009-0845 [MEDIUM] CWE-20 CVE-2009-0845: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
nvd
CVE-1999-1321P4HIGHCVSS 7.5vv1998-11-05
CVE-1999-1321 [HIGH] CVE-1999-1321: Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
nvd
CVE-2014-4342P4MEDIUMCVSS 5.0v5-1.8v5-1.10.5+2 more2014-07-20
CVE-2014-4342 [MEDIUM] CWE-119 CVE-2014-4342: MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a deni
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
nvd
CVE-2009-0844P4MEDIUMCVSS 5.8v5-1.6.32009-04-09
CVE-2009-0844 [MEDIUM] CWE-119 CVE-2009-0844: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
nvd
CVE-2000-0392P4HIGHCVSS 7.2v4.02000-05-16
CVE-2000-0392 [HIGH] CVE-2000-0392: Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
nvd
1 / 2Next →