- EPSS 5.63%
- Veröffentlicht 27.03.2009 16:30:02
- Zuletzt bearbeitet 16.06.2026 23:05:56
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via in...
CVE-2008-0062
- EPSS 10.14%
- Veröffentlicht 19.03.2008 10:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer derefe...
CVE-2008-0063
- EPSS 3.48%
- Veröffentlicht 19.03.2008 10:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
- EPSS 8.83%
- Veröffentlicht 19.03.2008 00:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:39
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
CVE-2008-0948
- EPSS 7.27%
- Veröffentlicht 19.03.2008 00:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:39
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows re...
CVE-2007-5894
- EPSS 2.69%
- Veröffentlicht 06.12.2007 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:59
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misi...
CVE-2007-5901
- EPSS 0.47%
- Veröffentlicht 06.12.2007 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:00
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
- EPSS 5.91%
- Veröffentlicht 06.12.2007 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:00
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
CVE-2007-5971
- EPSS 0.37%
- Veröffentlicht 06.12.2007 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:09
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
- EPSS 2.68%
- Veröffentlicht 06.12.2007 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:09
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master ke...