Kerberos 5@1.2 Security Vulnerabilities and Issues — Kerberos 5@1.2 CVE List

Lucene search

MitKerberos 51.2

8 matches found

CVE•added 2002/03/09 5:0 a.m.•6366 views

CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

10CVSS7.4AI score0.27436EPSS

CVE•added 2016/03/26 1:59 a.m.•114 views

CVE-2016-3119

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer deref...

5.3CVSS5.3AI score0.05717EPSS

CVE•added 2015/02/20 11:59 a.m.•110 views

CVE-2014-5355

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of...

5CVSS6.5AI score0.03587EPSS

CVE•added 2003/03/25 5:0 a.m.•89 views

CVE-2003-0028

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a differ...

7.5CVSS9.8AI score0.56051EPSS

CVE•added 2004/08/18 4:0 a.m.•62 views

CVE-2004-0523

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

10CVSS9.8AI score0.13596EPSS

CVE•added 2001/06/18 4:0 a.m.•57 views

CVE-2001-0247

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

10CVSS7.7AI score0.3517EPSS

CVE•added 2003/04/02 5:0 a.m.•54 views

CVE-2003-0072

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

5CVSS8.9AI score0.01271EPSS

CVE•added 2003/04/02 5:0 a.m.•49 views

CVE-2003-0082

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").

5CVSS9.1AI score0.02512EPSS