PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
CVSS Score
8.8
EPSS Score
0.087
Published
2022-12-25
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
CVSS Score
9.8
EPSS Score
0.02
Published
2022-12-25
Netlogon RPC Elevation of Privilege Vulnerability
CVSS Score
8.1
EPSS Score
0.003
Published
2022-11-09
Windows Kerberos Elevation of Privilege Vulnerability
CVSS Score
7.2
EPSS Score
0.023
Published
2022-11-09
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVSS Score
8.1
EPSS Score
0.011
Published
2022-11-09
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-09-01
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-01
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-08-29
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
CVSS Score
4.3
EPSS Score
0.002
Published
2022-08-25
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-08-25