CVSS: 5.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-5730 – krb5: DN container check bypass by supplying special crafted data
https://notcve.org/view.php?id=CVE-2018-5730
06 Mar 2018 — MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. MIT krb5, en versiones 1.6 o posteriores, permite que un kadmin autenticado con permiso para añadir entidades de seguridad a una base de datos LDAP Kerberos sort... • http://www.securitytracker.com/id/1042071 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5709
https://notcve.org/view.php?id=CVE-2018-5709
16 Jan 2018 — An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Se ha descubierto un problema en MIT Kerberos 5 (también conocido como krb5) hasta la versión 1.16. Hay una va... • https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5710
https://notcve.org/view.php?id=CVE-2018-5710
16 Jan 2018 — An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client. Se ha descubierto un problema en MIT Kerberos 5 (también conocido como krb5) hasta la versión 1.16. La función predefinida "strlen" tiene una cadena ... • https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-15088
https://notcve.org/view.php?id=CVE-2017-15088
23 Nov 2017 — plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC ce... • http://www.securityfocus.com/bid/101594 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2017-11462
https://notcve.org/view.php?id=CVE-2017-11462
13 Sep 2017 — Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. Existe una vulnerabilidad de doble liberación (double free) en MIT Kerberos 5 (también conocido como krb5) que permite que atacantes provoquen un impacto no especificado mediante vectores que causen borrados automáticos de contextos de seguridad por error. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 0CVE-2017-11368 – krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure
https://notcve.org/view.php?id=CVE-2017-11368
09 Aug 2017 — In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. En MIT Kerberos 5 (también llamado krb5) en versiones 1.7 y posteriores, un atacante autenticado puede provocar un error de aserción KDC mediante el envío de peticiones S4U2Self o S4U2Proxy no válidas. A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertio... • http://www.securityfocus.com/bid/100291 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 0CVE-2016-3120 – krb5: S4U2Self KDC crash when anon is restricted
https://notcve.org/view.php?id=CVE-2016-3120
01 Aug 2016 — The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. La función validate_as_request en kdc_util.c en el Key Distribution Center (KDC) en MIT Kerberos 5 (también conocido como krb5) en version... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 5%CPEs: 76EXPL: 0CVE-2016-3119 – krb5: null pointer dereference in kadmin
https://notcve.org/view.php?id=CVE-2016-3119
26 Mar 2016 — The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. La función process_db_args en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el módulo LDAP KDB en kadmind en MIT Kerberos 5 (también conoci... • http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 1%CPEs: 32EXPL: 0CVE-2015-8629 – krb5: xdr_nullstring() doesn't check for terminating null character
https://notcve.org/view.php?id=CVE-2015-8629
05 Feb 2016 — The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. La función xdr_nullstring en lib/kadm5/kadm_rpc_xdr.c en kadmind in MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.4 y 1.14.x en versiones anterio... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2015-8630 – krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
https://notcve.org/view.php?id=CVE-2015-8630
05 Feb 2016 — The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. Las funciones (1) kadm5_create_principal_3 y (2) kadm5_modify_principal en lib/kadm5/srv/svr_principal.c en kadmind en MIT Kerberos 5 (también conocid... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8342 • CWE-476: NULL Pointer Dereference •