Vulnerabilities > MIT > Kerberos 5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-04-02 | CVE-2003-0082 | Buffer Underrun vulnerability in MIT Kerberos 5 Principal Name The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | 5.0 |
| 2003-04-02 | CVE-2003-0072 | Buffer Overflow vulnerability in MIT Kerberos 5 Principal Name The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). | 5.0 |
| 2003-03-25 | CVE-2003-0028 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | 7.5 |
| 2003-02-19 | CVE-2003-0060 | Remote Format String vulnerability in MIT Kerberos Key Distribution Center Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. | 7.5 |
| 2003-02-19 | CVE-2003-0059 | Unspecified vulnerability in MIT Kerberos 5 1.2.1/1.2.2 Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. | 7.5 |
| 2003-02-19 | CVE-2003-0058 | Denial of Service vulnerability in Kerberos Key Distribution Center MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | 5.0 |
| 2003-02-19 | CVE-2002-0036 | Unspecified vulnerability in MIT Kerberos 5 Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. | 5.0 |
| 2002-11-04 | CVE-2002-1235 | Remote Buffer Overflow vulnerability in Multiple Vendor kadmind The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | 10.0 |
| 2001-08-14 | CVE-2001-0554 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. | 10.0 |
| 2001-06-27 | CVE-2001-0417 | Local Security vulnerability in Kerberos 5 Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. | 2.1 |