81 matches found
EUVD-2012-1050
Malware in sbrugna...
EUVD-2014-9243
Malware in sbrugna...
Denial Of Service (DoS)
libkrb5.so is vulnerable to Denial Of Service DoS. The vulnerability exists in the xdrkadm5principalentrec function of kadmrpcxdr.c because it does not validate the relationship between nkeydata and keydata array count when decoding, leading to the leakage of some memory or freeing uninitialized...
SUSE CVE-2012-1012
server/serverstubs.c in the kadmin protocol implementation in MIT Kerberos 5 aka krb5 1.10 before 1.10.1 does not properly restrict access to 1 SETSTRING and 2 GETSTRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global...
SUSE CVE-2018-5730
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN stri...
SUSE CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
GHSA-Q3PW-6VF2-66HF Apache Ambari reveals administrator passwords
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing...
Debian DLA-2041-1 : debian-edu-config security update
It was discovered that debian-edu-config, the package containing the configuration files and scripts for Debian Edu Skolelinux, contained an insecure configuration for kadmin, the Kerberos administration server. The insecure configuration allowed every user to change other users' passwords, thus...
[SECURITY] [DLA 2041-1] debian-edu-config security update
Package : debian-edu-config Version : 1.818+deb8u3 CVE ID : CVE-2019-3467 Debian Bug : 946797 It was discovered that debian-edu-config, the package containing the configuration files and scripts for Debian Edu Skolelinux, contained an insecure configuration for kadmin, the Kerberos administration...
NewStart CGSL CORE 5.04 / MAIN 5.04 : krb5 Multiple Vulnerabilities (NS-SA-2019-0067)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has krb5 packages installed that are affected by multiple vulnerabilities: - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership...
EulerOS Virtualization for ARM 64 3.0.1.0 : krb5 (EulerOS-SA-2019-1383)
According to the versions of the krb5 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to...
Low: krb5
Issue Overview: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a...
Amazon Linux 2 : krb5 (ALAS-2018-1129)
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a 'linkdn' and 'containerdn' database argument, or by supplying a DN string which is a left extension of a container DN stri...
krb5: DN container check bypass by supplying special crafted data
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN stri...
[ASA-201806-3] krb5: insufficient validation
Arch Linux Security Advisory ASA-201806-3 ========================================= Severity: Medium Date : 2018-06-05 CVE-ID : CVE-2018-5729 CVE-2018-5730 Package : krb5 Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-586 Summary ======= The package krb5...
Integer Overflow
krb5 is vulnerable to integer overflow. Storing 32-bit variable data into the 16-bit variable dbentry-nkeydata in kadmin/dbutil/dump leads to integer overflow...
Denial Of Service (DoS)
libkrb5.so is vulnerable to denial of service DoS. A "NULL" string can be passed to the strlen function of plugins/kdb/ldap/libkdbldap/ldapprincipal2.c, allowing a remote authenticated user acting as a compromised kadmin client to crash the application...
Container Check Bypass
libkrb5.so is vulnerable to checking bypass. It can be done when an authenticated kadmin user with permissions to add principals to an LDAP Kerberos database provides both a linkdn and containerd database argument, or by providing a DN string which is a left extension of a container DN string but...
Null pointer dereference
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
UBUNTU-CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...