Mit Kerberos vulnerabilities

CVE-2003-0139 [HIGH] CVE-2003-0139: Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 di Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."

CVE-2003-0138 [HIGH] CVE-2003-0138: Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.

CVE-2001-0554 [CRITICAL] CWE-120 CVE-2001-0554: Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attack Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

CVE-2001-0417 [LOW] CVE-2001-0417: Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ti Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.

CVE-2000-0546 [MEDIUM] CWE-120 CVE-2000-0546: Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via t Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

CVE-2000-0548 [MEDIUM] CWE-120 CVE-2000-0548: Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via t Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

CVE-2000-0550 [MEDIUM] CVE-2000-0550: Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attack Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.

CVE-2000-0547 [MEDIUM] CWE-120 CVE-2000-0547: Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via t Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.

CVE-2000-0549 [MEDIUM] CVE-2000-0549: Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.

CVE-2000-0389 [CRITICAL] CVE-2000-0389: Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root priv Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

CVE-2000-0390 [CRITICAL] CVE-2000-0390: Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

CVE-2000-0391 [CRITICAL] CVE-2000-0391: Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

CVE-2000-0392 [HIGH] CVE-2000-0392: Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.

CVE-1999-1321 [HIGH] CVE-1999-1321: Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.

CVE-1999-0143 [MEDIUM] CVE-1999-0143: Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.