Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kerberos vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2014-5351
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) prior to 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Mit Kerberos 5 1.12.2
7.2
CVSSv2
CVE-2001-0035
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote malicious users to cause a denial of service and possibly execute arbitrary commands via a long authentication request.
Kth Kth Kerberos 4
5
CVSSv2
CVE-1999-1099
Kerberos 4 allows remote malicious users to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.
Kth Kth Kerberos 4
7.2
CVSSv2
CVE-1999-1296
Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.
Mit Kerberos 5 1.5.2
1.2
CVSSv2
CVE-2001-0036
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.
Kth Kth Kerberos 4
2.1
CVSSv2
CVE-2004-0971
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 up to and including 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Mit Kerberos 5 1.3.4
9.3
CVSSv2
CVE-2008-0948
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions prior to 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote malicious users to caus...
Mit Kerberos 5 1.2.2
8.5
CVSSv2
CVE-2015-2698
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspeci...
Mit Kerberos 5 1.14
2.1
CVSSv2
CVE-2010-4021
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery i...
Mit Kerberos 5 1.7
5
CVSSv2
CVE-2011-0283
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.
Mit Kerberos 5 1.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »