CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37750 – krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field
https://notcve.org/view.php?id=CVE-2021-37750
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. El Centro de Distribución de Claves (KDC) en MIT Kerberos 5 (también se conoce como krb5) versiones anteriores a 1.18.5 y 1.19.x versiones anteriores a 1.19.3, presenta una desreferencia de puntero NULL en el archivo kdc/do_tgs_req.c por medio de un cuerpo interno FAST que carece de un campo de servidor. A flaw was found in krb5. The Key Distribution Center (KDC) in MIT Kerberos 5 has a NULL pointer dereference via a FAST inner body that lacks a server field. An authenticated attacker could use this flaw to crash the Kerberos KDC server. • https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 https://github.com/krb5/krb5/releases https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2 https://security.netapp.com/advisory/ntap-20210923-0002 https://web.mit.edu/kerberos/advisories https://www.oracle.com/security-alerts/cpujul2022.html https://www.starwindsoftware.com/security/sw-20220817-0004 https& • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2021-36222 – krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS
https://notcve.org/view.php?id=CVE-2021-36222
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. La función ec_verify en el archivo kdc/kdc_preauth_ec.c en el Centro de Distribución de Claves (KDC) en MIT Kerberos 5 (también se conoce como krb5) versiones anteriores a 1.18.4 y versiones 1.19.x anteriores a 1.19.2, permite a atacantes remotos causar una desreferencia de puntero NULL y un bloqueo del daemon. Esto ocurre porque un valor de retorno no es manejado apropiadamente en una situación determinada A flaw was found in krb5. This flaw allows an unauthenticated attacker to cause a NULL dereference in the KDC by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST. • https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 https://github.com/krb5/krb5/releases https://security.netapp.com/advisory/ntap-20211022-0003 https://security.netapp.com/advisory/ntap-20211104-0007 https://web.mit.edu/kerberos/advisories https://www.debian.org/security/2021/dsa-4944 https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-36222 https://bugzilla.redhat.com/show_bug.cgi?id=1983720 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32471
https://notcve.org/view.php?id=CVE-2021-32471
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications." Una comprobación insuficiente de la entrada en la implementación de Marvin Minsky 1967 de Universal Turing Machine, permite a usuarios del programa ejecutar código arbitrario por medio de datos diseñados. Por ejemplo, un cabezal de cinta puede tener una ubicación inesperada después del procesamiento de una entrada compuesta por As y Bs (en lugar de 0s y 1s). • https://arxiv.org/abs/2105.02124 https://github.com/intrinsic-propensity/turing-machine • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25017
https://notcve.org/view.php?id=CVE-2019-25017
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). • https://bugzilla.suse.com/show_bug.cgi?id=1131109 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25018
https://notcve.org/view.php?id=CVE-2019-25018
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. En el cliente rcp en MIT krb5-appl versiones hasta 1.0.3, los servidores maliciosos podrían omitir unas restricciones de acceso previstas por medio del nombre de archivo of o un nombre de archivo vacío, similar al CVE-2018-20685 y CVE-2019-7282. • https://bugzilla.suse.com/show_bug.cgi?id=1131109 •