Mit

Kerberos 5

137 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2010-0629

Exploit
  • EPSS 2.28%
  • Published 07.04.2010 15:30:00
  • Last modified 11.04.2025 00:51:21

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an inva...

5

CVE-2010-0628

  • EPSS 1.04%
  • Published 25.03.2010 22:30:00
  • Last modified 11.04.2025 00:51:21

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failu...

7.8

CVE-2010-0283

  • EPSS 3.49%
  • Published 22.02.2010 13:00:02
  • Last modified 11.04.2025 00:51:21

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

10

CVE-2009-4212

  • EPSS 20.91%
  • Published 13.01.2010 19:30:00
  • Last modified 09.04.2025 00:30:58

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly...

5

CVE-2009-3295

  • EPSS 0.59%
  • Published 29.12.2009 20:41:19
  • Last modified 09.04.2025 00:30:58

The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer deref...

5.8

CVE-2009-0844

  • EPSS 7.97%
  • Published 09.04.2009 00:30:00
  • Last modified 09.04.2025 00:30:58

The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that tri...

10

CVE-2009-0846

  • EPSS 23.59%
  • Published 09.04.2009 00:30:00
  • Last modified 09.04.2025 00:30:58

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code...

5

CVE-2009-0845

Exploit
  • EPSS 29.28%
  • Published 27.03.2009 16:30:02
  • Last modified 09.04.2025 00:30:58

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via in...

9.8

CVE-2008-0062

  • EPSS 13.21%
  • Published 19.03.2008 10:44:00
  • Last modified 09.04.2025 00:30:58

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer derefe...

7.5

CVE-2008-0063

  • EPSS 4.75%
  • Published 19.03.2008 10:44:00
  • Last modified 09.04.2025 00:30:58

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."