cbcvebase.

Mit Krb5 vulnerabilities

124 known vulnerabilities affecting mit/krb5.

Total CVEs
124
CISA KEV
0
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL30HIGH32MEDIUM53LOW9

Vulnerabilities

Page 7 of 7
CVE-2010-4021P4LOWCVSS 2.1≥ 0, < 1.8+dfsg~alpha1-12010-12-02
CVE-2010-4021 [LOW] CVE-2010-4021: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
osv
CVE-2013-1417P4LOWCVSS 3.5≥ 0, < 1.11.3+dfsg-3+nmu12013-11-20
CVE-2013-1417 [LOW] CVE-2013-1417: do_tgs_req do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.
osv
CVE-2007-5971P4MEDIUMCVSS 6.9≥ 0, < 1.6.dfsg.4~beta1-12007-12-06
CVE-2007-5971 [MEDIUM] CVE-2007-5971: Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3 Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
osv
CVE-2004-0971P4LOWCVSS 2.1≥ 0, < 1.13.2+dfsg-22005-02-09
CVE-2004-0971 [LOW] CVE-2004-0971: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1 The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
osv
Mit Krb5 vulnerabilities | cvebase