Vulnerabilities (CVE)

Filtered by vendor Mit Subscribe
Total 155 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0281 1 Mit 2 Kerberos, Kerberos 5 2025-04-11 5.0 MEDIUM N/A
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
CVE-2006-6143 2 Canonical, Mit 2 Ubuntu Linux, Kerberos 5 2025-04-09 9.3 HIGH N/A
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2007-2442 3 Canonical, Debian, Mit 3 Ubuntu Linux, Debian Linux, Kerberos 5 2025-04-09 10.0 HIGH N/A
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
CVE-2007-2443 3 Canonical, Debian, Mit 3 Ubuntu Linux, Debian Linux, Kerberos 5 2025-04-09 8.3 HIGH N/A
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
CVE-2008-0947 1 Mit 1 Kerberos 5 2025-04-09 10.0 HIGH N/A
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
CVE-2007-1216 3 Canonical, Debian, Mit 3 Ubuntu Linux, Debian Linux, Kerberos 5 2025-04-09 9.0 HIGH N/A
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
CVE-2007-4000 2 Fedoraproject, Mit 2 Fedora, Kerberos 5 2025-04-09 8.5 HIGH N/A
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
CVE-2009-0847 1 Mit 1 Kerberos 2025-04-09 4.3 MEDIUM N/A
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
CVE-2007-4743 1 Mit 1 Kerberos 5 2025-04-09 10.0 HIGH N/A
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
CVE-2009-0844 1 Mit 2 Kerberos, Kerberos 5 2025-04-09 5.8 MEDIUM N/A
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
CVE-2007-5971 2 Apple, Mit 3 Mac Os X, Mac Os X Server, Kerberos 5 2025-04-09 6.9 MEDIUM N/A
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
CVE-2008-0948 1 Mit 1 Kerberos 5 2025-04-09 9.3 HIGH N/A
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
CVE-2007-0956 3 Canonical, Debian, Mit 3 Ubuntu Linux, Debian Linux, Kerberos 5 2025-04-09 10.0 HIGH N/A
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
CVE-2008-0062 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-09 9.3 HIGH 9.8 CRITICAL
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
CVE-2007-3999 1 Mit 1 Kerberos 5 2025-04-09 10.0 HIGH N/A
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
CVE-2007-2798 3 Canonical, Debian, Mit 3 Ubuntu Linux, Debian Linux, Kerberos 5 2025-04-09 9.0 HIGH N/A
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
CVE-2008-0063 7 Apple, Canonical, Debian and 4 more 11 Mac Os X, Mac Os X Server, Ubuntu Linux and 8 more 2025-04-09 4.3 MEDIUM 7.5 HIGH
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
CVE-2007-5902 1 Mit 1 Kerberos 5 2025-04-09 10.0 HIGH N/A
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
CVE-2007-0957 3 Canonical, Debian, Mit 3 Ubuntu Linux, Debian Linux, Kerberos 5 2025-04-09 9.0 HIGH N/A
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
CVE-2009-0845 1 Mit 2 Kerberos, Kerberos 5 2025-04-09 5.0 MEDIUM N/A
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.