Shodan
Vulnerabilities
Vulnerable Software
Kth:  >> Kth Kerberos  Security Vulnerabilities
CVE-2002-0600
Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.
CVSS Score
7.5
EPSS Score
0.015
Published
2002-06-18
CVE-2001-1443
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-08-27
CVE-2001-1444
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
CVSS Score
7.5
EPSS Score
0.007
Published
2001-08-27
CVE-2001-0033
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2001-02-16
CVE-2001-0034
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
CVSS Score
7.2
EPSS Score
0.003
Published
2001-02-16
CVE-2001-0035
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.
CVSS Score
7.2
EPSS Score
0.008
Published
2001-02-16
CVE-2001-0036
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.
CVSS Score
1.2
EPSS Score
0.001
Published
2001-02-16
CVE-1999-1099
Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.
CVSS Score
5.0
EPSS Score
0.008
Published
1996-11-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved