Vulnerabilities > MIT

DATE CVE VULNERABILITY TITLE RISK
2018-01-16 CVE-2018-5709 Integer Overflow or Wraparound vulnerability in MIT Kerberos
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16.
network
low complexity
mit CWE-190
7.5
2017-11-23 CVE-2017-15088 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in MIT Kerberos 5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions.
network
low complexity
mit CWE-119
critical
9.8
2017-09-13 CVE-2017-11462 Double Free vulnerability in multiple products
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
network
low complexity
mit fedoraproject CWE-415
critical
9.8
2017-08-09 CVE-2017-11368 Reachable Assertion vulnerability in multiple products
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
network
low complexity
fedoraproject mit CWE-617
6.5
2016-08-01 CVE-2016-3120 NULL Pointer Dereference vulnerability in MIT Kerberos 5
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
network
low complexity
mit CWE-476
6.5
2016-03-26 CVE-2016-3119 The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
network
high complexity
opensuse mit
5.3
2016-02-13 CVE-2015-8631 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
network
low complexity
mit opensuse debian redhat oracle CWE-772
6.5
2016-02-13 CVE-2015-8630 Unspecified vulnerability in MIT Kerberos 5
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
network
low complexity
mit
7.5
2016-02-13 CVE-2015-8629 Out-of-bounds Read vulnerability in multiple products
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
network
high complexity
mit oracle debian opensuse redhat CWE-125
5.3
2010-12-02 CVE-2010-4020 Cryptographic Issues vulnerability in MIT Kerberos 5
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
network
low complexity
mit CWE-310
6.3