Kerberos 5 Security Vulnerabilities and Issues — Kerberos 5 CVE List

Lucene search

MitKerberos 5

9 matches found

CVE•added 2013/11/18 3:55 a.m.•186 views

CVE-2013-1418

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

4.3CVSS6.1AI score0.0586EPSS

CVE•added 2013/04/19 11:44 a.m.•146 views

CVE-2013-1416

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash...

4CVSS5.9AI score0.02637EPSS

CVE•added 2015/11/09 3:59 a.m.•95 views

CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

4CVSS6.9AI score0.05447EPSS

CVE•added 2010/12/02 4:22 p.m.•70 views

CVE-2010-1324

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArm...

4.3CVSS5.7AI score0.03672EPSS

CVE•added 2013/11/18 2:55 a.m.•70 views

CVE-2013-6800

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.

4CVSS6AI score0.0586EPSS

CVE•added 2004/09/28 4:0 a.m.•65 views

CVE-2004-0643

Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.

4.6CVSS9.3AI score0.00132EPSS

CVE•added 1999/09/29 4:0 a.m.•62 views

CVE-1999-0143

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

4.6CVSS7.3AI score0.00082EPSS

CVE•added 2012/06/07 7:55 p.m.•62 views

CVE-2012-1013

The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create req...

4CVSS5.9AI score0.01108EPSS

CVE•added 2010/04/22 2:30 p.m.•50 views

CVE-2010-1320

Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) ...

4CVSS6.9AI score0.14121EPSS