Total
137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0629 | 5 Canonical, Fedoraproject, Mit and 2 more | 5 Ubuntu Linux, Fedora, Kerberos 5 and 2 more | 2025-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. | |||||
| CVE-2012-1013 | 1 Mit | 1 Kerberos 5 | 2025-04-11 | 4.0 MEDIUM | N/A |
| The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password. | |||||
| CVE-2011-1529 | 1 Mit | 1 Kerberos 5 | 2025-04-11 | 7.8 HIGH | N/A |
| The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. | |||||
| CVE-2013-1417 | 1 Mit | 1 Kerberos 5 | 2025-04-11 | 3.5 LOW | N/A |
| do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal. | |||||
| CVE-2013-1416 | 4 Fedoraproject, Mit, Opensuse and 1 more | 8 Fedora, Kerberos 5, Opensuse and 5 more | 2025-04-11 | 4.0 MEDIUM | N/A |
| The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. | |||||
| CVE-2002-2443 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. | |||||
| CVE-2007-4000 | 2 Fedoraproject, Mit | 2 Fedora, Kerberos 5 | 2025-04-09 | 8.5 HIGH | N/A |
| The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | |||||
| CVE-2007-2798 | 3 Canonical, Debian, Mit | 3 Ubuntu Linux, Debian Linux, Kerberos 5 | 2025-04-09 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. | |||||
| CVE-2008-0062 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-09 | 9.3 HIGH | 9.8 CRITICAL |
| KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | |||||
| CVE-2006-6144 | 1 Mit | 1 Kerberos 5 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. | |||||
| CVE-2007-0957 | 3 Canonical, Debian, Mit | 3 Ubuntu Linux, Debian Linux, Kerberos 5 | 2025-04-09 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers. | |||||
| CVE-2009-0844 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-09 | 5.8 MEDIUM | N/A |
| The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. | |||||
| CVE-2009-0845 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. | |||||
| CVE-2009-4212 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | |||||
| CVE-2009-0846 | 5 Apple, Canonical, Fedoraproject and 2 more | 9 Mac Os X, Ubuntu Linux, Fedora and 6 more | 2025-04-09 | 10.0 HIGH | N/A |
| The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. | |||||
| CVE-2007-5971 | 2 Apple, Mit | 3 Mac Os X, Mac Os X Server, Kerberos 5 | 2025-04-09 | 6.9 MEDIUM | N/A |
| Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. | |||||
| CVE-2007-5894 | 1 Mit | 1 Kerberos 5 | 2025-04-09 | 9.3 HIGH | N/A |
| The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code. | |||||
| CVE-2007-3149 | 2 Mit, Todd Miller | 2 Kerberos 5, Sudo | 2025-04-09 | 7.2 HIGH | N/A |
| sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo." | |||||
| CVE-2007-2443 | 3 Canonical, Debian, Mit | 3 Ubuntu Linux, Debian Linux, Kerberos 5 | 2025-04-09 | 8.3 HIGH | N/A |
| Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | |||||
| CVE-2006-6143 | 2 Canonical, Mit | 2 Ubuntu Linux, Kerberos 5 | 2025-04-09 | 9.3 HIGH | N/A |
| The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||