cbcvebase.

Mit Kerberos 5 vulnerabilities

135 known vulnerabilities affecting mit/kerberos_5.

Total CVEs
135
CISA KEV
0
Public exploits
5
Exploited in wild
2
Severity breakdown
CRITICAL32HIGH35MEDIUM58LOW10

Vulnerabilities

Page 1 of 7
CVE-2001-0554P2CRITICALCVSS 10.0ExploitedPoCv1.1v1.1.1+3 more2001-08-14
CVE-2001-0554 [CRITICAL] CWE-120 CVE-2001-0554: Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attack Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
nvd
CVE-2002-1235P2CRITICALCVSS 10.0Exploited≥ 1.0, ≤ 1.2.62002-11-04
CVE-2002-1235 [CRITICAL] CVE-2002-1235: The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which a
nvd
CVE-2011-0285P2CRITICALCVSS 10.0PoCv1.7v1.7.1+5 more2011-04-15
CVE-2011-0285 [CRITICAL] CWE-20 CVE-2011-0285: The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MI The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.
nvd
CVE-2000-0389P3CRITICALCVSS 10.0PoCv1.0v1.1.12000-05-16
CVE-2000-0389 [CRITICAL] CVE-2000-0389: Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root priv Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
nvd
CVE-2001-0247P3CRITICALCVSS 10.0PoCv1.1.1v1.2+2 more2001-06-18
CVE-2001-0247 [CRITICAL] CVE-2001-0247: Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
nvd
CVE-2007-0956P3CRITICALCVSS 10.0fixed in 1.6.12007-04-06
CVE-2007-0956 [CRITICAL] CVE-2007-0956: The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authenticatio The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
nvd
CVE-2022-42898P3HIGHCVSS 8.8≥ 1.8, < 1.19.4v1.202022-12-25
CVE-2022-42898 [HIGH] CWE-190 CVE-2022-42898: PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflow PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse
nvd
CVE-2007-3999P3CRITICALCVSS 10.0v1.4v1.4.1+10 more2007-09-05
CVE-2007-3999 [CRITICAL] CWE-119 CVE-2007-3999: Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RP Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash
nvd
CVE-2017-15088P3CRITICALCVSS 9.8≤ 1.15.22017-11-23
CVE-2017-15088 [CRITICAL] CWE-121 CVE-2017-15088: plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandle plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NA
nvd
CVE-2010-1320P4MEDIUMCVSS 4.0PoCv1.7v1.7.1+2 more2010-04-22
CVE-2010-1320 [MEDIUM] CWE-399 CVE-2010-1320: Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (ak Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
nvd
CVE-2024-37371P3CRITICALCVSS 9.1fixed in 1.21.32024-06-28
CVE-2024-37371 [CRITICAL] CWE-125 CVE-2024-37371: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS me In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
nvd
CVE-2007-2442P3CRITICALCVSS 10.0≤ 1.6.12007-06-26
CVE-2007-2442 [CRITICAL] CWE-824 CVE-2007-2442: The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier mi The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
nvd
CVE-2014-4345P3HIGHCVSS 8.5v1.6v1.6.1+28 more2014-08-14
CVE-2014-4345 [HIGH] CWE-189 CVE-2014-4345: Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_princ Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a se
nvd
CVE-2023-39975P3HIGHCVSS 8.8≥ 1.21, < 1.21.22023-08-16
CVE-2023-39975 [HIGH] CWE-415 CVE-2023-39975: kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
nvd
CVE-2008-0947P3CRITICALCVSS 10.0v1.4v1.4.1+11 more2008-03-19
CVE-2008-0947 [CRITICAL] CWE-119 CVE-2008-0947: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 throug Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
nvd
CVE-2007-0957P3CRITICALCVSS 9.0fixed in 1.6.12007-04-06
CVE-2007-0957 [CRITICAL] CWE-787 CVE-2007-0957: Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Ke Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain forma
nvd
CVE-2014-5352P3CRITICALCVSS 9.0v1.11v1.11.1+8 more2015-02-19
CVE-2014-5352 [CRITICAL] CVE-2014-5352: The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgss The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double
nvd
CVE-2007-1216P3CRITICALCVSS 9.0fixed in 1.6.12007-04-06
CVE-2007-1216 [CRITICAL] CWE-415 CVE-2007-1216: Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerber Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a messag
nvd
CVE-2004-0523P3CRITICALCVSS 10.0v1.0v1.0.6+12 more2004-08-18
CVE-2004-0523 [CRITICAL] CVE-2004-0523: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier all Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
nvd
CVE-2007-2798P3CRITICALCVSS 9.0≤ 1.6.12007-06-26
CVE-2007-2798 [CRITICAL] CWE-787 CVE-2007-2798: Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3 Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
nvd
Mit Kerberos 5 vulnerabilities | cvebase