Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kerberos 5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-1189
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds er...
Mit Kerberos 5
NA
CVE-2006-6144
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 up to and including 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote malicious users to cause a denial of service (crash) via...
Mit Kerberos 5
NA
CVE-2004-0971
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 up to and including 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Mit Kerberos 5 1.3.4
NA
CVE-2014-5351
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) prior to 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Mit Kerberos 5 1.12.2
NA
CVE-2008-0948
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions prior to 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote malicious users to caus...
Mit Kerberos 5 1.2.2
NA
CVE-2009-3295
The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 prior to 1.7.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon cras...
Mit Kerberos 5 1.7
NA
CVE-2010-4021
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery i...
Mit Kerberos 5 1.7
NA
CVE-1999-1296
Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.
Mit Kerberos 5 1.5.2
NA
CVE-2007-5972
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must hav...
Mit Kerberos 5 1.5
NA
CVE-2011-0283
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.
Mit Kerberos 5 1.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »