Mit

Kerberos

34 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2010-1323

  • EPSS 2.74%
  • Published 02.12.2010 16:22:20
  • Last modified 11.04.2025 00:51:21

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distrib...

7.8

CVE-2010-0283

  • EPSS 3.49%
  • Published 22.02.2010 13:00:02
  • Last modified 11.04.2025 00:51:21

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

10

CVE-2009-4212

  • EPSS 20.91%
  • Published 13.01.2010 19:30:00
  • Last modified 09.04.2025 00:30:58

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly...

4.3

CVE-2009-0847

  • EPSS 23.4%
  • Published 09.04.2009 00:30:00
  • Last modified 09.04.2025 00:30:58

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, rela...

5.8

CVE-2009-0844

  • EPSS 7.97%
  • Published 09.04.2009 00:30:00
  • Last modified 09.04.2025 00:30:58

The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that tri...

5

CVE-2009-0845

Exploit
  • EPSS 29.28%
  • Published 27.03.2009 16:30:02
  • Last modified 09.04.2025 00:30:58

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via in...

10

CVE-2004-0523

  • EPSS 13.6%
  • Published 18.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

5

CVE-2003-0082

  • EPSS 2.55%
  • Published 02.04.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its hea...

5

CVE-2003-0072

  • EPSS 1.25%
  • Published 02.04.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of a...

7.5

CVE-2003-0139

  • EPSS 4.95%
  • Published 24.03.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-p...