CVSS: 7.5EPSS: 7%CPEs: 14EXPL: 0CVE-2015-8630 – krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
https://notcve.org/view.php?id=CVE-2015-8630
05 Feb 2016 — The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. Las funciones (1) kadm5_create_principal_3 y (2) kadm5_modify_principal en lib/kadm5/srv/svr_principal.c en kadmind en MIT Kerberos 5 (también conocid... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8342 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 6%CPEs: 30EXPL: 0CVE-2015-8631 – krb5: Memory leak caused by supplying a null principal name in request
https://notcve.org/view.php?id=CVE-2015-8631
05 Feb 2016 — Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. Múltiples pérdidas de memoria en kadmin/server/server_stubs.c en kadmind en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.4 y 1.14.x en versiones anteriores a 1.14.1 permiten a usuarios remotos autenticados causar una d... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 6%CPEs: 21EXPL: 0CVE-2015-2695 – Ubuntu Security Notice USN-2810-1
https://notcve.org/view.php?id=CVE-2015-2695
09 Nov 2015 — lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo que permite a atacantes remotos provocar una denegació... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 13%CPEs: 14EXPL: 0CVE-2015-2696 – Ubuntu Security Notice USN-2810-1
https://notcve.org/view.php?id=CVE-2015-2696
09 Nov 2015 — lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. lib/gssapi/krb5/iakerb.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo cual permite a atacantes remotos provocar una denegación de servicio... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 • CWE-18: DEPRECATED: Source Code •
CVSS: 6.5EPSS: 77%CPEs: 15EXPL: 0CVE-2015-2697 – Ubuntu Security Notice USN-2810-1
https://notcve.org/view.php?id=CVE-2015-2697
09 Nov 2015 — The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. La función build_principal_va en lib/krb5/krb/bld_princ.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 permite a usuarios remotos autenticados provocar una denegación de servicio (lectura fuera de rango y c... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2694 – krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
https://notcve.org/view.php?id=CVE-2015-2694
25 May 2015 — The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. Los módulos kdcpreauth en MIT Kerberos 5 (también conocido como krb5) 1.12.x y 1.13.x anterior a 1.13.2 no rastrea correctamente s... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 94%CPEs: 60EXPL: 0CVE-2014-5355 – krb5: unauthenticated denial of service in recvauth_common() and others
https://notcve.org/view.php?id=CVE-2014-5355
20 Feb 2015 — MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. MIT Kerberos 5 (también conocido como krb5) hasta 1.13.1 espera incorrectamente que un ... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8050 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 1%CPEs: 10EXPL: 0CVE-2014-9421 – krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-9421
04 Feb 2015 — The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. La función auth_gssapi_unwrap_data en lib/rpc/auth_gssapi_misc.c en MIT Kerber... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-9423 – krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-9423
04 Feb 2015 — The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. La función svcauth_gss_accept_sec_context en lib/rpc/svc_auth_gss.c en MIT Kerberos 5 (también conocido como krb5) 1.11.x hasta 1.11.5, 1.12.x hasta 1.... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-9422 – krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-9422
04 Feb 2015 — The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal. La función check_rpcsec_auth en kadmin/server/kadm_rpc_svc.c en kadmind en MIT Kerberos 5 (también conocido com... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-284: Improper Access Control CWE-305: Authentication Bypass by Primary Weakness •