Lucene search
K

3733 matches found

Gentoo Linux
Gentoo Linux
added 2005/01/05 12:0 a.m.31 views

mit-krb5: Heap overflow in libkadm5srv

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing. Impact Under specific...

7.2CVSS3.1AI score0.00734EPSS
Exploits0
CVE
CVE
added 2004/12/31 5:0 a.m.69 views

CVE-2004-1189

The CVE-2004-1189 issue affects MIT Kerberos 5 (krb5) up to version 1.3.5. The add_to_history function in svr_principal.c during a password change fails to properly track the password policy history count and the maximum number of keys, which can lead to an array index out-of-bounds and a heap-ba...

7.2CVSS9.6AI score0.00734EPSS
Exploits0References12Affected Software1
NVD
NVD
added 2004/12/31 5:0 a.m.16 views

CVE-2004-1189

The addtohistory function in svrprincipal.c in libkadm5srv for MIT Kerberos 5 krb5 up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow...

7.2CVSS9.6AI score0.00734EPSS
Exploits0References12
Cvelist
Cvelist
added 2004/12/31 5:0 a.m.32 views

CVE-2004-1189

The addtohistory function in svrprincipal.c in libkadm5srv for MIT Kerberos 5 krb5 up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow...

9.6AI score0.00734EPSS
Exploits0References12
OSV
OSV
added 2004/12/31 5:0 a.m.6 views

CVE-2004-1189

The addtohistory function in svrprincipal.c in libkadm5srv for MIT Kerberos 5 krb5 up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow...

7.4AI score
Exploits0References20
securityvulns
securityvulns
added 2004/12/22 12:0 a.m.29 views

MITKRB5-SA-2004-004: heap overflow in libkadm5srv

-----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-004 Original release: 2004-12-20 Topic: heap buffer overflow in libkadm5srv Severity: serious SUMMARY ======= The MIT Kerberos 5 administration library libkadm5srv contains a heap buffer overflow in password history handling code...

7.2CVSS9.8AI score0.00734EPSS
Exploits0
securityvulns
securityvulns
added 2004/12/22 12:0 a.m.39 views

MIT Kerberos 5 buffer overflow

Buffer overflow on password history check during password change...

3.3AI score
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2004/12/06 12:0 a.m.35 views

krb5 -- heap buffer overflow vulnerability in libkadm5srv

A MIT krb5 Security Advisory reports: The MIT Kerberos 5 administration library libkadm5srv contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center KDC host. The overflow occurs during a password change of a...

7.2CVSS2AI score0.00734EPSS
Exploits0References1
securityvulns
securityvulns
added 2004/11/11 12:0 a.m.31 views

Multiple MIT Kerberos bugs

Multiple double free problems, DoS...

1.2AI score
Exploits0References7Affected Software5
Tenable Nessus
Tenable Nessus
added 2004/11/10 12:0 a.m.31 views

Debian DSA-568-1 : cyrus-sasl-mit - unsanitised input

A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASLPATH blindly, which allows a local user to...

7.5CVSS5.3AI score0.03924EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2004/10/25 12:0 a.m.31 views

MIT krb5: Insecure temporary file use in send-pr.sh

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol written by the Massachusetts Institute of Technology. Description The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could creat...

2.1CVSS6.4AI score0.00328EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/10/25 12:0 a.m.45 views

GLSA-200410-24 : MIT krb5: Insecure temporary file use in send-pr.sh

The remote host is affected by the vulnerability described in GLSA-200410-24 MIT krb5: Insecure temporary file use in send-pr.sh The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the...

2.1CVSS8.1AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2004/10/20 4:0 a.m.29 views

CVE-2004-0772

Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 krb5 1.2.8 and earlier may allow remote attackers to execute arbitrary code...

9.8CVSS9.9AI score0.06994EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2004/10/20 4:0 a.m.26 views

CVE-2004-0772

Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 krb5 1.2.8 and earlier may allow remote attackers to execute arbitrary code...

9.8CVSS7.4AI score0.06994EPSS
Exploits0References1
OSV
OSV
added 2004/10/20 4:0 a.m.10 views

CVE-2004-0772

Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 krb5 1.2.8 and earlier may allow remote attackers to execute arbitrary code...

9.8CVSS9.9AI score
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.39 views

Debian DSA-543-1 : krb5 - several vulnerabilities

The MIT Kerberos Development Team has discovered a number of vulnerabilities in the MIT Kerberos Version 5 software. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-0642 VU795632 A double-free error may allow unauthenticated remote attackers ...

9.8CVSS8.6AI score0.08257EPSS
Exploits0References5
NVD
NVD
added 2004/09/28 4:0 a.m.21 views

CVE-2004-0643

Double free vulnerability in the krb5rdcred function for MIT Kerberos 5 krb5 1.3.1 and earlier may allow local users to execute arbitrary code...

4.6CVSS9.4AI score0.01425EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2004/09/28 4:0 a.m.45 views

CVE-2004-0642

Double free vulnerabilities in the error handling code for ASN.1 decoders in the 1 Key Distribution Center KDC library and 2 client library for MIT Kerberos 5 krb5 1.3.4 and earlier may allow remote attackers to execute arbitrary code...

7.5CVSS7.5AI score0.08257EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2004/09/28 4:0 a.m.27 views

CVE-2004-0643

Double free vulnerability in the krb5rdcred function for MIT Kerberos 5 krb5 1.3.1 and earlier may allow local users to execute arbitrary code...

4.6CVSS6.1AI score0.01425EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2004/09/28 4:0 a.m.38 views

CVE-2004-0644

The asn1bufskiptail function in the ASN.1 decoder library for MIT Kerberos 5 krb5 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service infinite loop via a certain BER encoding...

5CVSS7.3AI score0.05585EPSS
Exploits0References1
Rows per page
Query Builder