33 matches found
Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2021-36222)
ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. This...
EUVD-2000-0547
Malware in sbrugna...
CVE-2023-3326
pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pamkrb5 has no way to validate...
SUSE CVE-2011-0281
The unparse implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service file descriptor exhaustion and daemon hang via a principal name that triggers use of a backslash escape...
SUSE CVE-2011-0282
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service NULL pointer dereference or buffer over-read, and daemon crash via a crafted principal name...
SUSE CVE-2011-0284
Double free vulnerability in the prepareerroras function in doasreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via an edat...
F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability
Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability CVE-2021-23008 in the Kerberos Key Distribution Center KDC security feature impacting F5 Big-IP application delivery services. "The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to...
Kerberos KDC の脆弱性 (CVE-2020-17049) に対応するためのガイダンス
マイクロソフトは、2020 年 11 月 10 日 米国時間 に、Kerberos KDC Key Distribution Center に対する脆弱性情報 CVE-2020-17049 を公...
KLA12003 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions. Below is a...
KLA12004 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, spoof user interface. Below is a complete list of...
Denial Of Service (DoS)
krb5 is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to...
Denial Of Service (DoS)
krb5 is vulnerable to denial of service DoS. The vulnerability exists through the way MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially-crafted request...
Denial Of Service (DoS)
Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5unparsename function of the MIT Kerberos kadmind service. An authenticated attacker could...
ALPINE-CVE-2017-17439
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...
ALPINE-CVE-2016-3120
The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.13.6 and 1.4.x before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service NU...
Amazon Linux: Security Advisory (ALAS-2011-28)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Kerberos KDC Elevation of Privilege (MS14-068; CVE-2014-6324)
A remote elevation of privilege vulnerability has been reported in Microsoft Windows Kerberos KDC. The vulnerability is due to improper validation of signatures in the Kerberos ticket. A remote attacker could use these elevated privileges to compromise any computer in the domain, including domain...
VulnCheck KEV: CVE-2014-6324
The Kerberos Key Distribution Center KDC in Microsoft allows remote authenticated domain users to obtain domain administrator privileges...
KLA10601 Multiple vulnerabilities in Microsoft products
Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1...
Oracle Linux 6 : krb5 (ELSA-2011-0356)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0356 advisory. - add revised upstream patch to fix double-free in KDC while returning typed-data with errors CVE-2011-0284, 681564 Tenable has extracted the preceding...