cbcvebase.

Mit Kerberos 5 vulnerabilities

135 known vulnerabilities affecting mit/kerberos_5.

Total CVEs
135
CISA KEV
0
Public exploits
5
Exploited in wild
2
Severity breakdown
CRITICAL32HIGH35MEDIUM58LOW10

Vulnerabilities

Page 5 of 7
CVE-2015-8629P4MEDIUMCVSS 5.3fixed in 1.13.4≥ 1.14, < 1.14.12016-02-13
CVE-2015-8629 [MEDIUM] CWE-125 CVE-2015-8629: The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) befo The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
nvd
CVE-2010-0629P4MEDIUMCVSS 6.5≥ 1.5, ≤ 1.6.32010-04-07
CVE-2010-0629 [MEDIUM] CWE-416 CVE-2010-0629: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
nvd
CVE-2003-0060P4HIGHCVSS 7.5v1.2.1v1.2.2+2 more2003-02-19
CVE-2003-0060 [HIGH] CVE-2003-0060: Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (K Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
nvd
CVE-2014-5355P4MEDIUMCVSS 5.0v1.1v1.2+57 more2015-02-20
CVE-2014-5355 [MEDIUM] CVE-2014-5355: MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, r
nvd
CVE-2014-9423P4MEDIUMCVSS 5.0v1.11v1.11.1+8 more2015-02-19
CVE-2014-9423 [MEDIUM] CWE-200 CVE-2014-9423: The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1 The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle
nvd
CVE-2006-3084P4HIGHCVSS 7.2v1.4v1.4.1+3 more2006-08-09
CVE-2006-3084 [HIGH] CWE-264 CVE-2006-3084: The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, an The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists
nvd
CVE-2013-1415P4MEDIUMCVSS 5.0fixed in 1.10.4v1.112013-03-05
CVE-2013-1415 [MEDIUM] CWE-476 CVE-2013-1415: The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT i The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial
nvd
CVE-2009-0845P4MEDIUMCVSS 5.0v1.5v1.5.1+5 more2009-03-27
CVE-2009-0845 [MEDIUM] CWE-20 CVE-2009-0845: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
nvd
CVE-2001-1323P4HIGHCVSS 7.5fixed in 1.2.22001-05-16
CVE-2001-1323 [HIGH] CWE-120 CVE-2001-1323: Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
nvd
CVE-2012-1012P4MEDIUMCVSS 5.5v1.10v1.10.12012-06-07
CVE-2012-1012 [MEDIUM] CWE-264 CVE-2012-1012: server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
nvd
CVE-2014-4341P4MEDIUMCVSS 5.0fixed in 1.12.22014-07-20
CVE-2014-4341 [MEDIUM] CWE-125 CVE-2014-4341: MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
nvd
CVE-2014-4342P4MEDIUMCVSS 5.0v1.7v1.7.1+24 more2014-07-20
CVE-2014-4342 [MEDIUM] CWE-119 CVE-2014-4342: MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a deni MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
nvd
CVE-2009-0844P4MEDIUMCVSS 5.8v1.5v1.5.1+5 more2009-04-09
CVE-2009-0844 [MEDIUM] CWE-119 CVE-2009-0844: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1 The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
nvd
CVE-2013-1418P4MEDIUMCVSS 4.3fixed in 1.10.72013-11-18
CVE-2013-1418 [MEDIUM] CWE-476 CVE-2013-1418: The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (ak The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
nvd
CVE-2010-4022P4MEDIUMCVSS 5.0v1.7v1.8+1 more2011-02-10
CVE-2010-4022 [MEDIUM] CWE-20 CVE-2010-4022: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in
nvd
CVE-2010-0628P4MEDIUMCVSS 5.0v1.7v1.7.1+1 more2010-03-25
CVE-2010-0628 [MEDIUM] CVE-2010-0628: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
nvd
CVE-2000-0392P4HIGHCVSS 7.2v1.0v1.1.12000-05-16
CVE-2000-0392 [HIGH] CVE-2000-0392: Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
nvd
CVE-2011-0281P4MEDIUMCVSS 5.0v1.6v1.6.1+8 more2011-02-10
CVE-2011-0281 [MEDIUM] CWE-310 CVE-2011-0281: The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x t The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
nvd
CVE-2011-0282P4MEDIUMCVSS 5.0v1.6v1.6.1+8 more2011-02-10
CVE-2011-0282 [MEDIUM] CVE-2011-0282: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backe The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
nvd
CVE-2018-5729P4MEDIUMCVSS 4.7≥ 5-1.6, < 5-1.21.22018-03-06
CVE-2018-5729 [MEDIUM] CWE-476 CVE-2018-5729: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Ke MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
nvd
Mit Kerberos 5 vulnerabilities | cvebase