CVSS: 7.5EPSS: 3%CPEs: 60EXPL: 0CVE-2014-5355 – krb5: unauthenticated denial of service in recvauth_common() and others
https://notcve.org/view.php?id=CVE-2014-5355
20 Feb 2015 — MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. MIT Kerberos 5 (también conocido como krb5) hasta 1.13.1 espera incorrectamente que un ... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8050 • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 3%CPEs: 10EXPL: 0CVE-2014-9421 – krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-9421
04 Feb 2015 — The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. La función auth_gssapi_unwrap_data en lib/rpc/auth_gssapi_misc.c en MIT Kerber... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 0CVE-2014-9422 – krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-9422
04 Feb 2015 — The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal. La función check_rpcsec_auth en kadmin/server/kadm_rpc_svc.c en kadmind en MIT Kerberos 5 (también conocido com... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-284: Improper Access Control CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.5EPSS: 1%CPEs: 10EXPL: 0CVE-2014-9423 – krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-9423
04 Feb 2015 — The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. La función svcauth_gss_accept_sec_context en lib/rpc/svc_auth_gss.c en MIT Kerberos 5 (también conocido como krb5) 1.11.x hasta 1.11.5, 1.12.x hasta 1.... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 9.0EPSS: 3%CPEs: 10EXPL: 0CVE-2014-5352 – krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)
https://notcve.org/view.php?id=CVE-2014-5352
03 Feb 2015 — The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind. La función krb5_gss_process... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2014-5353 – krb5: NULL pointer dereference when using a ticket policy name as a password policy name
https://notcve.org/view.php?id=CVE-2014-5353
16 Dec 2014 — The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. La función krb5_ldap_get_password_policy_from_dn en plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c en MIT Kerberos 5 (también conocido como krb5) a... • http://advisories.mageia.org/MGASA-2014-0536.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-5354 – Ubuntu Security Notice USN-2498-1
https://notcve.org/view.php?id=CVE-2014-5354
16 Dec 2014 — plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command. plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en MIT Kerberos 5 (también conocido como krb5) 1.12.x y 1.13.x anterior a 1.13.1, cuando el... • http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5351 – Gentoo Linux Security Advisory 201412-53
https://notcve.org/view.php?id=CVE-2014-5351
10 Oct 2014 — The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. La función kadm5_randkey_principal_3 en lib/kadm5/srv/svr_principal.c en kadmind en MIT Kerberos 5 (también conocido como krb5) anterior a 1.13 envía claves viejas en respuesta a una solicitud -randkey -keepold, lo que permite a usua... • http://advisories.mageia.org/MGASA-2014-0477.html • CWE-255: Credentials Management Errors •
CVSS: 7.6EPSS: 7%CPEs: 18EXPL: 0CVE-2014-4343 – krb5: double-free flaw in SPNEGO initiators
https://notcve.org/view.php?id=CVE-2014-4343
11 Aug 2014 — Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. Vulnerabilidad de doble liberación en la función init_ctx_reselect ... • http://advisories.mageia.org/MGASA-2014-0345.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.8EPSS: 9%CPEs: 18EXPL: 0CVE-2014-4344 – krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens
https://notcve.org/view.php?id=CVE-2014-4344
11 Aug 2014 — The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. La función acc_ctx_cont en el aceptador SPNEGO en lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (también conocido como krb5) 1.5.x hasta 1.12.x anterior a 1.12.2 permite a atacan... • http://advisories.mageia.org/MGASA-2014-0345.html • CWE-476: NULL Pointer Dereference •