Lucene search
K
MitKerberos

33 matches found

CVE
CVE
added 2002/03/09 5:0 a.m.6411 views

CVE-2001-0554

CVE-2001-0554 affects netkit-telnetd (Telnet daemon) on BSD-based systems, via a buffer overflow in in.telnetd/telrcv handling (triggered by certain Telnet options such as AYT). OpenVAS entries describe a remote attacker potentially causing denial of service or gaining remote code execution; at l...

10CVSS7.4AI score0.37896EPSS
CVE
CVE
added 2018/12/26 8:0 p.m.351 views

CVE-2018-20217

CVE-2018-20217 affects MIT Kerberos 5 (krb5) KDC prior to patch level; a reachable assertion can be triggered in the KDC if an attacker obtains a krbtgt ticket with an old encryption type (DES/RC4) and issues an S4U2Self request, potentially crashing the KDC. Public advisories note the vulnerabil...

5.3CVSS5.3AI score0.01417EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.160 views

CVE-2014-4342

CVE-2014-4342 affects MIT Kerberos 5 (krb5) 1.7.x through 1.12.x before 1.12.2. The vulnerability arises in GSSAPI session handling: remote injection of invalid tokens can trigger a buffer over-read or NULL pointer dereference, causing the targeted application to crash (DoS). Affected records in ...

5CVSS8.8AI score0.06523EPSS
CVE
CVE
added 2017/08/09 6:0 p.m.159 views

CVE-2017-11368

MIT Kerberos krb5 (krb5kdc) is affected by CVE-2017-11368: an authenticated attacker can cause a KDC assertion failure (denial of service) by sending invalid S4U2Self or S4U2Proxy requests. The issue is documented across multiple advisories (Arch, CentOS/Red Hat, and ALAS) with remediation involv...

6.5CVSS6.4AI score0.02397EPSS
CVE
CVE
added 2010/12/02 4:0 p.m.123 views

CVE-2010-1323

CVE-2010-1323 concerns MIT Kerberos 5 (krb5) with vulnerable checksums in versions 1.3.x–1.8.3. The issue may allow remote attackers to modify user-visible prompt text, alter KDC responses, or forge a KRB-SAFE message when checksums are unkeyed or RC4-based. Connected documents indicate affected ...

3.7CVSS5.5AI score0.02847EPSS
CVE
CVE
added 2009/04/09 12:0 a.m.111 views

CVE-2009-0844

The CVE entry CVE-2009-0844 (and related CVEs 2009-0845, 2009-0846, 2009-0847) concerns MIT Kerberos 5 (krb5) SPNEGO. The get_input_token function in the SPNEGO implementation (krb5 1.5–1.6.3) allows remote attackers to trigger a buffer over-read via a crafted length value, enabling denial of ser...

5.8CVSS6.9AI score0.04316EPSS
CVE
CVE
added 2018/01/16 9:0 a.m.110 views

CVE-2018-5710

MIT Kerberos 5 (krb5) up to 1.16 is affected by CVE-2018-5710 (along with CVE-2018-5729, CVE-2018-5730). The issue is in KDC’s plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c where a NULL string is passed to strlen, enabling a remote authenticated user to cause a denial of service via a modified k...

6.5CVSS5.1AI score0.01795EPSS
CVE
CVE
added 2018/01/16 9:0 a.m.104 views

CVE-2018-5709

Technical details for CVE-2018-5709 are not provided in the connected documents; the available information comes only from the Initial Description.

7.5CVSS7.4AI score0.02067EPSS
CVE
CVE
added 2009/03/27 4:0 p.m.101 views

CVE-2009-0845

Summary of CVE-2009-0845 details from provided sources : The SPNEGO implementation in MIT Kerberos 5 (krb5) up to version 1.6.3 is affected. Specifically, in spnego_mech.c, the spnego_gss_accept_sec_context path can be triggered when SPNEGO is used with invalid ContextFlags data in a negTokenInit...

5CVSS6.7AI score0.05628EPSS
CVE
CVE
added 2010/01/13 7:0 p.m.99 views

CVE-2009-4212

CVE-2009-4212 affects MIT Kerberos 5 (krb5) crypto library, impacting the AES and RC4 decryption paths. Versions 1.3–1.6.3 and 1.7 before 1.7.1 are vulnerable to multiple integer underflows when processing ciphertext that is too short to be valid. This can cause a daemon crash (DoS) and, in some ...

10CVSS7.2AI score0.07411EPSS
CVE
CVE
added 2009/04/09 12:0 a.m.95 views

CVE-2009-0847

CVE-2009-0847 affects MIT Kerberos 5 (krb5) SPNEGO/GSS-API and the ASN.1 decoder. The OVMSA-2009-0003 advisory documents that 1.5–1.6.3 krb5 releases are vulnerable to crafted DER/length values, enabling remote attackers to crash daemons (and potentially execute code) due to length validation and...

4.3CVSS7.1AI score0.02773EPSS
CVE
CVE
added 2013/11/16 11:0 a.m.92 views

CVE-2013-6800

CVE-2013-6800 affects MIT Kerberos v5 (krb5) 1.10.x when the KDC serves multiple realms. The vulnerability is a NULL pointer dereference in setup_server_realm() that can be triggered by a crafted request, causing a DoS/daemon crash by remote authenticated users. Public notices in Debian (DLA-1265...

4CVSS6AI score0.02608EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.87 views

CVE-2004-0523

CVE-2004-0523 relates to MIT Kerberos 5 (krb5) 1.3.3 and earlier, where multiple buffer overflows in krb5_aname_to_localname allow a remote attacker to execute arbitrary code as root. Public details describe the vulnerability, its impact, and vendor responses. Affected products include MIT Kerber...

10CVSS9.8AI score0.11665EPSS
CVE
CVE
added 2003/03/21 5:0 a.m.85 views

CVE-2003-0139

The connected Debian advisory (DSA-266-1) confirms CVE-2003-0139 concerns MIT Kerberos 4 (krb4) weaknesses in the krb5 distribution. Specifically, when using triple-DES keys to protect krb4 services, an attacker can craft krb4 tickets for unauthorized principals via a cut-and-paste/ticket-splicin...

7.5CVSS9.2AI score0.04284EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.82 views

CVE-1999-0143

Technical details (affected software/versions, root cause, impact) are not publicly provided in the connected documents; monitor for updates.

4.6CVSS7.3AI score0.00385EPSS
CVE
CVE
added 2003/03/21 5:0 a.m.80 views

CVE-2003-0138

CVE-2003-0138 affects Version 4 of the Kerberos protocol (krb4) as used in Heimdal and related packages. The vulnerability enables an attacker to impersonate any principal in a realm via a chosen-plaintext attack, exposing authentication to impersonation within that realm. The provided documents ...

7.5CVSS9.2AI score0.04284EPSS
CVE
CVE
added 2010/02/21 10:0 p.m.77 views

CVE-2010-0283

CVE-2010-0283 affects MIT Kerberos 5 (krb5) in versions: 1.7 prior to 1.7.2 and 1.8 alpha. A remote attacker can trigger an assertion failure by sending invalid AS-REQ or TGS-REQ requests, causing a denial of service (daemon crash). Public sources in the OpenVAS/Gentoo/Ubuntu disclosures corrobor...

7.8CVSS6.2AI score0.02429EPSS
CVE
CVE
added 2014/12/16 11:0 p.m.75 views

CVE-2014-5354

MIT Kerberos 5 (krb5) 1.12.x and 1.13.x before 1.13.1 is vulnerable when the KDC uses LDAP: ldap_principal2.c can NULL-deref if a keyless principal is added (e.g., kadmin -nokey), leading to a denial of service via daemon crash. The vulnerability requires authentication and arises from specific L...

3.5CVSS6.1AI score0.0174EPSS
CVE
CVE
added 2003/03/26 5:0 a.m.73 views

CVE-2003-0072

CVE-2003-0072 describes a remote, authenticated denial-of-service in the Kerberos 5 Key Distribution Center (KDC) for krb5 1.2.7 and earlier. A specific protocol request can trigger an out-of-bounds read of an array, crashing KDCs within the same realm. Connected advisories reference this CVE amo...

5CVSS8.9AI score0.01947EPSS
CVE
CVE
added 2011/02/10 5:0 p.m.72 views

CVE-2011-0281

CVE-2011-0281 affects MIT Kerberos 5 (krb5) in the KDC LDAP backend, where the unparse logic can be triggered by a principal name containing a backslash escape sequence (demonstrated by a \n), causing remote denial of service via file descriptor exhaustion and daemon hang. Affected versions span ...

5CVSS5.2AI score0.04202EPSS
CVE
CVE
added 2011/02/10 5:0 p.m.71 views

CVE-2011-0282

CVE-2011-0282 affects MIT Kerberos 5 KDC (krb5) when using an LDAP backend, with versions 1.6.x through 1.9. The vulnerability allows remote, unauthenticated attackers to cause a denial of service via a crafted principal name, triggering a NULL pointer dereference or a buffer over-read that can c...

5CVSS5.3AI score0.03475EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.69 views

CVE-2000-0546

The CVE-2000-0546 entry concerns the Kerberos 4 KDC. The vulnerability is a buffer overflow in the KDC’s set_tgtkey function triggered by the lastrealm variable, leading to remote denial of service. Affected component: Kerberos 4 KDC (set_tgtkey). Impact is described as denial of service via netw...

5CVSS7.2AI score0.02894EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.67 views

CVE-2000-0548

CVE-2000-0548 describes a buffer overflow in the Kerberos 4 KDC program triggered by the e_msg variable in the kerb_err_reply function. This allows remote attackers to cause a Denial of Service over the network. The NVD entry lists network attack vector, low complexity, and no authentication requ...

5CVSS7.2AI score0.02891EPSS
CVE
CVE
added 2003/03/26 5:0 a.m.67 views

CVE-2003-0082

The CVE-2003-0082 issue affects the KDC in Kerberos 5 (krb5) 1.2.7 and earlier. A remote, authenticated attacker can trigger a protocol request that causes the KDC to corrupt its heap (buffer underrun), leading to a denial of service (KDC crash) within the same realm. The connected advisories con...

5CVSS9.1AI score0.02691EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.65 views

CVE-2000-0390

CVE-2000-0390 describes a buffer overflow in the krb425_conv_principal function of Kerberos 5. The vulnerability allows remote attackers to gain root privileges via the affected Kerberos 5 component. Documents identify the root cause as a buffer overflow in the krb425_conv_principal routine, with...

10CVSS7.6AI score0.04061EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.64 views

CVE-2000-0389

CVE-2000-0389 describes a buffer overflow in the krb_rd_req function used by Kerberos 4 and Kerberos 5, enabling remote attackers to gain root privileges. The vulnerability is evidenced across multiple feeds (NVD, CVE List, Nessus plugin) and linked advisories (CERT CA-2000-06, Bugtraq/archives)....

10CVSS7.3AI score0.16503EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.64 views

CVE-2000-0392

CVE-2000-0392 : Buffer overflow in the Kerberos 5 ksu utility allows local users to gain root privileges. Documented by NVD/CVE records and CERT advisory CA-2000-06, with historical vendor references (e.g., RHSA-2000-025). Some sources (SNYK) note no fixed version for kerb5; others provide vendor...

7.2CVSS6.8AI score0.00442EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.61 views

CVE-2000-0549

CVE-2000-0549 affects Kerberos 4 KDC by not properly checking for null termination in AUTH_MSG_KDC_REQUEST, enabling remote attackers to cause denial of service via a malformed request. The available sources describe the issue as a null-termination handling flaw in the KDC protocol message proces...

5CVSS7AI score0.02284EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.60 views

CVE-2000-0391

CVE-2000-0391 describes a buffer overflow in krshd of Kerberos 5, allowing remote attackers to gain root privileges. The vulnerability affects krb5’s krshd component and is described with a high impact (remote code execution with root privileges). Exploitation details are not provided in the docu...

10CVSS7.6AI score0.04061EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.57 views

CVE-2000-0547

Technical details (affected software, root cause, patch) are not provided in the supplied documents; monitor for updates.

5CVSS7.2AI score0.02894EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.55 views

CVE-2000-0550

CVE-2000-0550 concerns Kerberos 4 KDC memory handling. The vulnerability is a double-free of memory in the Kerberos 4 KDC, enabling a remote attacker to cause a denial of service . The affected component is the Kerberos 4 KDC program; root cause is improper memory deallocation leading to potentia...

5CVSS7AI score0.02399EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.53 views

CVE-1999-1321

The CVE-1999-1321 entry concerns the SSH 1.2.26 client with Kerberos V enabled. A buffer overflow in handling a long DNS hostname during TGT ticket passing could allow remote attackers to cause a denial of service or execute arbitrary commands. The vulnerability details are drawn from the NVD/CVE...

7.5CVSS8.6AI score0.01994EPSS
CVE
CVE
added 2001/05/24 4:0 a.m.53 views

CVE-2001-0417

The CVE-2001-0417 entry concerns Kerberos 4 (krb4) where local users can overwrite arbitrary files via a symlink attack on new ticket files. The connected records corroborate a local-privilege impact vector with a partial integrity impact, and a low overall CVSS score (2.1/10, AV:L/AC:L/Au:N/I:P/...

2.1CVSS6.8AI score0.00412EPSS