Kerberos 5@1.4.4 Security Vulnerabilities and Issues — Kerberos 5@1.4.4 CVE List

Lucene search

MitKerberos 51.4.4

8 matches found

CVE•added 2016/03/26 1:59 a.m.•114 views

CVE-2016-3119

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer deref...

5.3CVSS5.3AI score0.05717EPSS

CVE•added 2015/02/20 11:59 a.m.•110 views

CVE-2014-5355

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of...

5CVSS6.5AI score0.03587EPSS

CVE•added 2010/12/02 4:22 p.m.•96 views

CVE-2010-1323

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message v...

3.7CVSS5.5AI score0.02739EPSS

CVE•added 2007/09/05 10:17 a.m.•88 views

CVE-2007-3999

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote ...

10CVSS8.6AI score0.29941EPSS

CVE•added 2010/01/13 7:30 p.m.•70 views

CVE-2009-4212

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext w...

10CVSS7.2AI score0.20912EPSS

CVE•added 2007/01/10 12:0 a.m.•52 views

CVE-2006-6143

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possi...

9.3CVSS7.5AI score0.28213EPSS

CVE•added 2008/03/19 12:44 a.m.•49 views

CVE-2008-0947

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

10CVSS9.8AI score0.35264EPSS

CVE•added 2007/09/06 10:17 p.m.•46 views

CVE-2007-4743

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architec...

10CVSS8.4AI score0.29941EPSS