Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kerberos_5
(Mit)| Repositories | https://github.com/krb5/krb5 |
| #Vulnerabilities | 139 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-09 | CVE-2017-11368 | In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | Fedora, Kerberos, Kerberos_5 | 6.5 | ||
| 2017-09-13 | CVE-2017-11462 | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | Fedora, Kerberos_5 | 9.8 | ||
| 2018-07-26 | CVE-2017-7562 | An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. | Kerberos_5, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2019-09-26 | CVE-2019-14844 | A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. | Fedora, Kerberos_5 | 7.5 | ||
| 1996-02-21 | CVE-1999-0143 | Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. | Kerberos, Kerberos_5, Multinet, Sunos | N/A | ||
| 2001-08-14 | CVE-2001-0554 | Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. | Debian_linux, Freebsd, Aix, Kerberos, Kerberos_5, Netbsd, Linux_netkit, Openbsd, Irix, Solaris, Sunos | N/A | ||
| 2001-05-16 | CVE-2001-1323 | Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function. | Kerberos_5 | N/A | ||
| 2007-04-06 | CVE-2007-1216 | Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding". | Ubuntu_linux, Debian_linux, Kerberos_5 | N/A | ||
| 2007-06-26 | CVE-2007-2443 | Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | Ubuntu_linux, Debian_linux, Kerberos_5 | N/A | ||
| 2007-06-26 | CVE-2007-2798 | Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. | Ubuntu_linux, Debian_linux, Kerberos_5 | N/A |