10 matches found
UBUNTU-CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...
krb5: null pointer dereference in kadmin
A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modifyprincipal command, if kadmin...
MIT Kerberos 5 kadmind memory leak vulnerability
MIT Kerberos 5 also known as krb5 is the United States Massachusetts Institute of Technology MIT developed a set of network authentication protocols, which uses a client/server structure, and the client and server side can be authenticated to each other i.e., double authentication to prevent...
DEBIAN-CVE-2015-8631
Multiple memory leaks in kadmin/server/serverstubs.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service memory consumption via a request specifying a NULL principal name...
ALPINE-CVE-2015-8630
The 1 kadm5createprincipal3 and 2 kadm5modifyprincipal functions in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash b...
MIT krb5 kadmind remote code execution vulnerability
MIT krb5 also known as MIT Kerberos 5 is a set of network authentication protocols developed by the Massachusetts Institute of Technology MIT in the U.S. It adopts a client/server structure, and both the client and server side can authenticate each other i.e., double authentication, which prevent...
krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
A buffer overflow was found in the KADM5 administration server kadmind when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation. The processchpwrequest function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 aka krb5 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute...
Ubuntu Update for krb5 vulnerabilities USN-924-1
Ubuntu Update for Linux kernel vulnerabilities USN-924-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9241.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for krb5 vulnerabilities USN-924-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
krb5: kadmind use-after-free remote crash (MITKRB5-SA-2010-003)
Use-after-free vulnerability in kadmin/server/serverstubs.c in kadmind in MIT Kerberos 5 aka krb5 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service daemon crash via a request from a kadmin client that sends an invalid API version number...