|
2021-08-23
|
CVE-2021-37750
|
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
|
Debian_linux, Fedora, Kerberos_5
|
6.5
|
|
|
|
2018-03-06
|
CVE-2018-5729
|
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
|
Debian_linux, Fedora, Kerberos_5, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation
|
4.7
|
|
|
|
2018-03-06
|
CVE-2018-5730
|
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
|
Debian_linux, Fedora, Kerberos_5, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation
|
3.8
|
|
|
|
2021-07-22
|
CVE-2021-36222
|
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
|
Debian_linux, Kerberos_5
|
7.5
|
|
|
|
2020-11-06
|
CVE-2020-28196
|
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
|
Kerberos_5
|
7.5
|
|
|
|
2005-02-09
|
CVE-2004-0971
|
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
|
Kerberos_5
|
N/A
|
|
|
|
2007-04-06
|
CVE-2007-1216
|
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".
|
Ubuntu_linux, Debian_linux, Kerberos_5
|
N/A
|
|
|
|
2007-06-26
|
CVE-2007-2443
|
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
|
Ubuntu_linux, Debian_linux, Kerberos_5
|
N/A
|
|
|
|
2007-06-26
|
CVE-2007-2442
|
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
|
Ubuntu_linux, Debian_linux, Kerberos_5
|
N/A
|
|
|
|
2007-06-26
|
CVE-2007-2798
|
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
|
Ubuntu_linux, Debian_linux, Kerberos_5
|
N/A
|
|
|