Mit: >> Kerberos >> 4.0 Security Vulnerabilities
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
CVSS Score
5.3
EPSS Score
0.009
Published
2018-12-26
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-01-16
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-01-16
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
CVSS Score
5.0
EPSS Score
0.026
Published
2000-06-09
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
CVSS Score
5.0
EPSS Score
0.026
Published
2000-06-09
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
CVSS Score
5.0
EPSS Score
0.034
Published
2000-06-09
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
CVSS Score
5.0
EPSS Score
0.013
Published
2000-06-09
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
CVSS Score
5.0
EPSS Score
0.031
Published
2000-06-09
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
CVSS Score
10.0
EPSS Score
0.11
Published
2000-05-16
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
CVSS Score
10.0
EPSS Score
0.085
Published
2000-05-16
Page 1