Kerberos 5 Security Vulnerabilities and Issues — Kerberos 5 CVE List

Lucene search

MitKerberos 5

4 matches found

CVE•added 2008/03/19 10:44 a.m.•75 views

CVE-2008-0062

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

9.8CVSS9.8AI score0.07232EPSS

CVE•added 2008/03/19 10:44 a.m.•60 views

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5CVSS8.6AI score0.04745EPSS

CVE•added 2008/03/19 12:44 a.m.•55 views

CVE-2008-0948

Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (cras...

9.3CVSS9.7AI score0.3489EPSS

CVE•added 2008/03/19 12:44 a.m.•49 views

CVE-2008-0947

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

10CVSS9.8AI score0.35264EPSS