CVSS: 6.5EPSS: 6%CPEs: 30EXPL: 0CVE-2015-8631 – krb5: Memory leak caused by supplying a null principal name in request
https://notcve.org/view.php?id=CVE-2015-8631
05 Feb 2016 — Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. Múltiples pérdidas de memoria en kadmin/server/server_stubs.c en kadmind en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.4 y 1.14.x en versiones anteriores a 1.14.1 permiten a usuarios remotos autenticados causar una d... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 6%CPEs: 21EXPL: 0CVE-2015-2695 – Ubuntu Security Notice USN-2810-1
https://notcve.org/view.php?id=CVE-2015-2695
09 Nov 2015 — lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo que permite a atacantes remotos provocar una denegació... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 13%CPEs: 14EXPL: 0CVE-2015-2696 – Ubuntu Security Notice USN-2810-1
https://notcve.org/view.php?id=CVE-2015-2696
09 Nov 2015 — lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. lib/gssapi/krb5/iakerb.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo cual permite a atacantes remotos provocar una denegación de servicio... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 • CWE-18: DEPRECATED: Source Code •
CVSS: 6.5EPSS: 77%CPEs: 15EXPL: 0CVE-2015-2697 – Ubuntu Security Notice USN-2810-1
https://notcve.org/view.php?id=CVE-2015-2697
09 Nov 2015 — The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. La función build_principal_va en lib/krb5/krb/bld_princ.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 permite a usuarios remotos autenticados provocar una denegación de servicio (lectura fuera de rango y c... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 94%CPEs: 60EXPL: 0CVE-2014-5355 – krb5: unauthenticated denial of service in recvauth_common() and others
https://notcve.org/view.php?id=CVE-2014-5355
20 Feb 2015 — MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. MIT Kerberos 5 (también conocido como krb5) hasta 1.13.1 espera incorrectamente que un ... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8050 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 1%CPEs: 10EXPL: 0CVE-2014-9421 – krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-9421
04 Feb 2015 — The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. La función auth_gssapi_unwrap_data en lib/rpc/auth_gssapi_misc.c en MIT Kerber... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-9423 – krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-9423
04 Feb 2015 — The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. La función svcauth_gss_accept_sec_context en lib/rpc/svc_auth_gss.c en MIT Kerberos 5 (también conocido como krb5) 1.11.x hasta 1.11.5, 1.12.x hasta 1.... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-9422 – krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-9422
04 Feb 2015 — The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal. La función check_rpcsec_auth en kadmin/server/kadm_rpc_svc.c en kadmind en MIT Kerberos 5 (también conocido com... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-284: Improper Access Control CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 9.0EPSS: 1%CPEs: 10EXPL: 0CVE-2014-5352 – krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-5352
03 Feb 2015 — The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind. La función krb5_gss_process... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2014-5353 – krb5: NULL pointer dereference when using a ticket policy name as a password policy name
https://notcve.org/view.php?id=CVE-2014-5353
16 Dec 2014 — The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. La función krb5_ldap_get_password_policy_from_dn en plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c en MIT Kerberos 5 (también conocido como krb5) a... • http://advisories.mageia.org/MGASA-2014-0536.html • CWE-476: NULL Pointer Dereference •