CVSS: 7.5EPSS: 12%CPEs: 4EXPL: 0CVE-2019-14844
https://notcve.org/view.php?id=CVE-2019-14844
26 Sep 2019 — A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. Se encontró un fallo en Fedora versiones de krb5 desde 1.16.1 hasta 1.17.x (incluyéndola), en la manera en que un cliente de Kerberos podría bloquear el KDC mediante el envío de uno de los "enctypes" 4556 de RFC. Un usuario no autenticado remoto podría utilizar este fallo ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844 • CWE-628: Function Call with Incorrectly Specified Arguments •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2018-20217 – Ubuntu Security Notice USN-5828-1
https://notcve.org/view.php?id=CVE-2018-20217
26 Dec 2018 — A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. Se ha descubierto un problema de aserción alcanzable en el KDC en MIT Kerberos 5 (también conocido como krb5), en versiones anteriores a la 1.17. Si un atacante puede obtener un ticket krbtgt mediante un tipo de cifrado más antiguo (DES, Triple DE... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7562 – krb5: Authentication bypass by improper validation of certificate EKU and SAN
https://notcve.org/view.php?id=CVE-2017-7562
11 Apr 2018 — An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. Se ha encontrado un error de omisión de autenticación en la forma en que la interfaz de certauth de krb5 en versiones anteriores a la 1.16.1 gestionaba la validación de los certificados de cliente. Un atacante remot... • http://www.securityfocus.com/bid/100511 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-5729 – krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data
https://notcve.org/view.php?id=CVE-2018-5729
06 Mar 2018 — MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. MIT krb5, en versiones 1.6 o posteriores, permite que un kadmin autenticado con permiso para añadir entidades de seguridad a una base de datos LDAP Kerberos provoque una denegación de servicio (desreferencia de puntero NULL) u omita una compro... • http://www.securitytracker.com/id/1042071 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-5730 – krb5: DN container check bypass by supplying special crafted data
https://notcve.org/view.php?id=CVE-2018-5730
06 Mar 2018 — MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. MIT krb5, en versiones 1.6 o posteriores, permite que un kadmin autenticado con permiso para añadir entidades de seguridad a una base de datos LDAP Kerberos sort... • http://www.securitytracker.com/id/1042071 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5709
https://notcve.org/view.php?id=CVE-2018-5709
16 Jan 2018 — An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Se ha descubierto un problema en MIT Kerberos 5 (también conocido como krb5) hasta la versión 1.16. Hay una va... • https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5710
https://notcve.org/view.php?id=CVE-2018-5710
16 Jan 2018 — An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client. Se ha descubierto un problema en MIT Kerberos 5 (también conocido como krb5) hasta la versión 1.16. La función predefinida "strlen" tiene una cadena ... • https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-15088
https://notcve.org/view.php?id=CVE-2017-15088
23 Nov 2017 — plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC ce... • http://www.securityfocus.com/bid/101594 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2017-11462
https://notcve.org/view.php?id=CVE-2017-11462
13 Sep 2017 — Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. Existe una vulnerabilidad de doble liberación (double free) en MIT Kerberos 5 (también conocido como krb5) que permite que atacantes provoquen un impacto no especificado mediante vectores que causen borrados automáticos de contextos de seguridad por error. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 0CVE-2017-11368 – krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure
https://notcve.org/view.php?id=CVE-2017-11368
09 Aug 2017 — In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. En MIT Kerberos 5 (también llamado krb5) en versiones 1.7 y posteriores, un atacante autenticado puede provocar un error de aserción KDC mediante el envío de peticiones S4U2Self o S4U2Proxy no válidas. A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertio... • http://www.securityfocus.com/bid/100291 • CWE-617: Reachable Assertion •