CVE-2014-4342 – krb5: denial of service flaws when handling RFC 1964 tokens
https://notcve.org/view.php?id=CVE-2014-4342
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 (también conocido como krb5) 1.7.x hasta 1.12.x anterior a 1.12.2 permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer o referencia a puntero nulo y caída de aplicación) mediante la inyección de tokens inválidos en una sesión de la aplicación GSSAPI. A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. • http://advisories.mageia.org/MGASA-2014-0345.html http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 http://rhn.redhat.com/errata/RHSA-2015-0439.html http://secunia.com/advisories/59102 http://secunia.com/advisories/60082 http://www.debian.org/security/2014/dsa-3000 http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/68908 http://www.securitytracker.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVE-2013-6800 – krb5: KDC remote DoS (NULL pointer dereference and daemon crash)
https://notcve.org/view.php?id=CVE-2013-6800
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418. Un módulo de base de datos de terceros sin especificar para Key Distribution Center (KDC) en MIT Kerberos 5 (también conocido como krb5) 1.10.x permite a usuarios remotos autenticados provocar una denegación de servicio (referencia a puntero NULL y cierre del demonio) a través de una petición manipulada, una vulnerabilidad diferente a CVE-2013-1418. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757 http://www.securityfocus.com/bid/63770 https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d https://access.redhat.com/security/cve/CVE-2013-6800 https://bugzilla.redhat.com/show_bug.cgi?id=1031499 • CWE-476: NULL Pointer Dereference •
CVE-2011-0282 – krb5: KDC crash when using LDAP backend caused by a special principal name (MITKRB5-SA-2011-002)
https://notcve.org/view.php?id=CVE-2011-0282
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. El Key Distribution Center (KDC) en MIT Kerberos 5 (también conocido como krb5) v1.6.x hasta v1.9 cuando un se utiliza un backend LDAP, permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero nulo o sobre-lectura, y caída de demonio) a través de un nombre principal manipulada. • http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://secunia.com/advisories/43260 http://secunia.com/advisories/43273 http://secunia.com/advisories/43275 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8073 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt http://www.mandriva.com/security/advisories?name=MDVSA-2011:024 http://www.mandriva.com/security/advisories?name=MDVSA-2011:025 http://www.redhat.com/support/errat •
CVE-2011-0281 – krb5: KDC hang when using LDAP backend caused by special principal name (MITKRB5-SA-2011-002)
https://notcve.org/view.php?id=CVE-2011-0281
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence. La implementación unparse en el Key Distribution Center (KDC) de MIT Kerberos v5 (también conocido como krb5) v1.6.x a v1.9, cuando se usa un backend LDAP, permite a atacantes remotos provocar una denegación de servicio (agotamiento de descriptor de archivo y bloqueo del demonio) a través de un nombre principal que desencadena el uso de una secuencia de escape barra diagonal inversa, como se demuestra por una secuencia de \n. • http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html http://secunia.com/advisories/43260 http://secunia.com/advisories/43273 http://secunia.com/advisories/43275 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8073 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt http://www.mandriva.com/security/advisories?name=MDVSA-2011:024 http://www.mandriva.com/security • CWE-310: Cryptographic Issues •
CVE-2010-1323 – krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)
https://notcve.org/view.php?id=CVE-2010-1323
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys. MIT Kerberos 5 (también conocido como krb5) v1.3.x, v1.4.x, v1.5.x, v1.6.x, v1.7.x, y v1.8.x hasta v1.8.3 no determina correctamente la aceptabilidad de las sumas de comprobación, lo que podría permitir a un atacante remoto modificar el user-visible prompt text, modificar una respuesta para el KDC (Key Distribution Center) o falsificar un mensaje KRB-SAFE mediante ciertas sumas de comprobación que (1) están sin clave o (2) usan claves RC4. • http://kb.vmware.com/kb/1035108 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html http:// • CWE-310: Cryptographic Issues •