Mit Krb5 vulnerabilities
124 known vulnerabilities affecting mit/krb5.
Total CVEs
124
CISA KEV
0
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL30HIGH32MEDIUM53LOW9
Vulnerabilities
Page 5 of 7
CVE-2014-5355P4MEDIUMCVSS 5.0≥ 0, < 1.12.1+dfsg-182015-02-20
CVE-2014-5355 [MEDIUM] CVE-2014-5355: MIT Kerberos 5 (aka krb5) through 1
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
osv
CVE-2014-9423P4MEDIUMCVSS 5.0≥ 0, < 1.12.1+dfsg-172015-02-19
CVE-2014-9423 [MEDIUM] CVE-2014-9423: The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
osv
CVE-2006-3084P4HIGHCVSS 7.2≥ 0, < 1.4.3-92006-08-09
CVE-2006-3084 [HIGH] CVE-2006-3084: The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
osv
CVE-2003-0139P4HIGHCVSS 7.5≥ 0, < 1.2.7-32003-03-24
CVE-2003-0139 [HIGH] CVE-2003-0139: Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key k
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
osv
CVE-2013-1415P4MEDIUMCVSS 5.0≥ 0, < 1.10.1+dfsg-42013-03-05
CVE-2013-1415 [MEDIUM] CVE-2013-1415: The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer
osv
CVE-2018-20217P4MEDIUMCVSS 5.3≥ 0, < 1.16.2-12018-12-26
CVE-2018-20217 [MEDIUM] CVE-2018-20217: A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
osv
CVE-2009-0845P4MEDIUMCVSS 5.0≥ 0, < 1.6.dfsg.4~beta1-132009-03-27
CVE-2009-0845 [MEDIUM] CVE-2009-0845: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
osv
CVE-2012-1012P4MEDIUMCVSS 5.5≥ 0, < 1.10.1+dfsg-12012-06-07
CVE-2012-1012 [MEDIUM] CVE-2012-1012: server/server_stubs
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
osv
CVE-2014-4341P4MEDIUMCVSS 5.0≥ 0, < 1.12.1+dfsg-42014-07-20
CVE-2014-4341 [MEDIUM] CVE-2014-4341: MIT Kerberos 5 (aka krb5) before 1
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
osv
CVE-2011-1530P4MEDIUMCVSS 6.8≥ 0, < 1.10+dfsg~alpha1-72011-12-08
CVE-2011-1530 [MEDIUM] CVE-2011-1530: The process_tgs_req function in do_tgs_req
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.
osv
CVE-2014-4342P4MEDIUMCVSS 5.0≥ 0, < 1.12.1+dfsg-42014-07-20
CVE-2014-4342 [MEDIUM] CVE-2014-4342: MIT Kerberos 5 (aka krb5) 1
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
osv
CVE-2009-0844P4MEDIUMCVSS 5.8≥ 0, < 1.6.dfsg.4~beta1-132009-04-09
CVE-2009-0844 [MEDIUM] CVE-2009-0844: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
osv
CVE-2013-1418P4MEDIUMCVSS 4.3≥ 0, < 1.11.3+dfsg-3+nmu12013-11-18
CVE-2013-1418 [MEDIUM] CVE-2013-1418: The setup_server_realm function in main
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
osv
CVE-2010-4022P4MEDIUMCVSS 5.0≥ 0, < 1.8.3+dfsg-52011-02-10
CVE-2010-4022 [MEDIUM] CVE-2010-4022: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC
osv
CVE-2010-0628P4MEDIUMCVSS 5.0≥ 0, < 1.8+dfsg-1.12010-03-25
CVE-2010-0628 [MEDIUM] CVE-2010-0628: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
osv
CVE-2011-0281P4MEDIUMCVSS 5.0≥ 0, < 1.8.3+dfsg-52011-02-10
CVE-2011-0281 [MEDIUM] CVE-2011-0281: The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
osv
CVE-2011-0282P4MEDIUMCVSS 5.0≥ 0, < 1.8.3+dfsg-52011-02-10
CVE-2011-0282 [MEDIUM] CVE-2011-0282: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
osv
CVE-2018-5729P4MEDIUMCVSS 4.7≥ 0, < 1.16.1-12018-03-06
CVE-2018-5729 [MEDIUM] CVE-2018-5729: MIT krb5 1
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
osv
CVE-2003-0059P4HIGHCVSS 7.5≥ 0, < 1.2.5-12003-02-19
CVE-2003-0059 [HIGH] CVE-2003-0059: Unknown vulnerability in the chk_trans
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.
osv
CVE-2012-1016P4MEDIUMCVSS 5.0≥ 0, < 1.10.1+dfsg-4+nmu12013-03-05
CVE-2012-1016 [MEDIUM] CVE-2012-1016: The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Dra
osv