Lucene search
K

15 matches found

RedHat Linux
RedHat Linux
added 2022/11/28 9:27 a.m.9 views

krb5: integer overflow vulnerabilities in PAC parsing

A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service t...

8.8CVSS6.5AI score0.06419EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2012/06/06 12:0 a.m.25 views

RedHat Update for krb5 RHSA-2011:0447-01

Check for the Version of krb5 OpenVAS Vulnerability Test RedHat Update for krb5 RHSA-2011:0447-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

10CVSS5.4AI score0.17945EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.22 views

CentOS Update for krb5-devel CESA-2010:0343 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.5CVSS5.6AI score0.05469EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2010/05/11 12:0 a.m.42 views

RHEL 5 : krb5 (RHSA-2010:0343)

Updated krb5 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.5CVSS5.9AI score0.05469EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2010/03/26 12:0 a.m.35 views

openSUSE Security Update : krb5 (krb5-2188)

MITKRB5-SA-2010-002: unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon kadmind to crash. CVE-2010-0628 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

5CVSS7.3AI score0.03329EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2010/02/16 12:0 a.m.37 views

krb5 -- multiple denial of service vulnerabilities

Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows: An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial ...

6.7AI score
Exploits0References2
NVD
NVD
added 2007/09/05 10:17 a.m.21 views

CVE-2007-4000

The kadm5modifypolicyinternal function in lib/kadm5/srv/svrpolicy.c in the Kerberos administration daemon kadmind in MIT Kerberos 5 krb5 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy"...

8.5CVSS7.2AI score0.06139EPSS
Exploits1References22
Debian CVE
Debian CVE
added 2007/09/05 10:0 a.m.31 views

CVE-2007-4000

The kadm5modifypolicyinternal function in lib/kadm5/srv/svrpolicy.c in the Kerberos administration daemon kadmind in MIT Kerberos 5 krb5 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy"...

8.5CVSS7.2AI score0.06139EPSS
Exploits1
OSV
OSV
added 2007/04/06 1:19 a.m.1 views

DEBIAN-CVE-2007-0957

Stack-based buffer overflow in the krb5klogsyslog function in the kadm5 library, as used by the Kerberos administration daemon kadmind and Key Distribution Center KDC, in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via...

9CVSS9.1AI score0.10327EPSS
Exploits1References1
OSV
OSV
added 2007/04/06 1:19 a.m.8 views

CVE-2007-0957

Stack-based buffer overflow in the krb5klogsyslog function in the kadm5 library, as used by the Kerberos administration daemon kadmind and Key Distribution Center KDC, in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via...

7.6AI score0.10327EPSS
Exploits1References43
ATTACKERKB
ATTACKERKB
added 2007/04/06 1:19 a.m.7 views

CVE-2007-1216

Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...

9CVSS6.2AI score0.09878EPSS
Exploits0References35
Cvelist
Cvelist
added 2007/01/10 12:0 a.m.54 views

CVE-2006-6144

The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon kadmind and other products that use this library, allows remote attackers to cause a denial of service crash via unspecified vectors that cause mechglue to free...

9.1AI score0.05216EPSS
Exploits0References22
OSV
OSV
added 2002/11/04 5:0 a.m.4 views

DEBIAN-CVE-2002-1235

The kadmserin function in 1 the Kerberos v4compatibility administration daemon kadmind4 in the MIT Kerberos 5 krb5 krb5-1.2.6 and earlier, 2 kadmind in KTH Kerberos 4 eBones before 1.2.1, and 3 kadmind in KTH Kerberos 5 Heimdal before 0.5.1 when compiled with Kerberos 4 support, does not properly...

10CVSS8.3AI score0.15105EPSS
Exploits0References1
securityvulns
securityvulns
added 2002/10/26 12:0 a.m.37 views

CERT Advisory CA-2002-29 Buffer Overflow in Kerberos Administration Daemon

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2002-29 Buffer Overflow in Kerberos Administration Daemon Original issue date: October 25, 2002 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected MIT Kerberos version 4 and version 5 up to...

10CVSS0.3AI score0.15105EPSS
Exploits0
CERT
CERT
added 2002/10/23 12:0 a.m.26 views

Kerberos administration daemon vulnerable to buffer overflow

Overview Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system. Description A remotely exploitable buffer overflow exists in the Kerber...

10CVSS7.8AI score0.15105EPSS
Exploits0References8
Rows per page
Query Builder