CVSS: 7.5EPSS: 16%CPEs: 4EXPL: 0CVE-2019-14844
https://notcve.org/view.php?id=CVE-2019-14844
26 Sep 2019 — A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. Se encontró un fallo en Fedora versiones de krb5 desde 1.16.1 hasta 1.17.x (incluyéndola), en la manera en que un cliente de Kerberos podría bloquear el KDC mediante el envío de uno de los "enctypes" 4556 de RFC. Un usuario no autenticado remoto podría utilizar este fallo ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844 • CWE-628: Function Call with Incorrectly Specified Arguments •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7562 – krb5: Authentication bypass by improper validation of certificate EKU and SAN
https://notcve.org/view.php?id=CVE-2017-7562
11 Apr 2018 — An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. Se ha encontrado un error de omisión de autenticación en la forma en que la interfaz de certauth de krb5 en versiones anteriores a la 1.16.1 gestionaba la validación de los certificados de cliente. Un atacante remot... • http://www.securityfocus.com/bid/100511 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-5729 – krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data
https://notcve.org/view.php?id=CVE-2018-5729
06 Mar 2018 — MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. MIT krb5, en versiones 1.6 o posteriores, permite que un kadmin autenticado con permiso para añadir entidades de seguridad a una base de datos LDAP Kerberos provoque una denegación de servicio (desreferencia de puntero NULL) u omita una compro... • http://www.securitytracker.com/id/1042071 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-5730 – krb5: DN container check bypass by supplying special crafted data
https://notcve.org/view.php?id=CVE-2018-5730
06 Mar 2018 — MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. MIT krb5, en versiones 1.6 o posteriores, permite que un kadmin autenticado con permiso para añadir entidades de seguridad a una base de datos LDAP Kerberos sort... • http://www.securitytracker.com/id/1042071 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-15088
https://notcve.org/view.php?id=CVE-2017-15088
23 Nov 2017 — plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC ce... • http://www.securityfocus.com/bid/101594 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2017-11462
https://notcve.org/view.php?id=CVE-2017-11462
13 Sep 2017 — Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. Existe una vulnerabilidad de doble liberación (double free) en MIT Kerberos 5 (también conocido como krb5) que permite que atacantes provoquen un impacto no especificado mediante vectores que causen borrados automáticos de contextos de seguridad por error. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 0CVE-2017-11368 – krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure
https://notcve.org/view.php?id=CVE-2017-11368
09 Aug 2017 — In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. En MIT Kerberos 5 (también llamado krb5) en versiones 1.7 y posteriores, un atacante autenticado puede provocar un error de aserción KDC mediante el envío de peticiones S4U2Self o S4U2Proxy no válidas. A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertio... • http://www.securityfocus.com/bid/100291 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 0CVE-2016-3120 – krb5: S4U2Self KDC crash when anon is restricted
https://notcve.org/view.php?id=CVE-2016-3120
01 Aug 2016 — The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. La función validate_as_request en kdc_util.c en el Key Distribution Center (KDC) en MIT Kerberos 5 (también conocido como krb5) en version... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 5%CPEs: 76EXPL: 0CVE-2016-3119 – krb5: null pointer dereference in kadmin
https://notcve.org/view.php?id=CVE-2016-3119
26 Mar 2016 — The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. La función process_db_args en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el módulo LDAP KDB en kadmind en MIT Kerberos 5 (también conoci... • http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 1%CPEs: 32EXPL: 0CVE-2015-8629 – krb5: xdr_nullstring() doesn't check for terminating null character
https://notcve.org/view.php?id=CVE-2015-8629
05 Feb 2016 — The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. La función xdr_nullstring en lib/kadm5/kadm_rpc_xdr.c en kadmind in MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.4 y 1.14.x en versiones anterio... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •