CVSS: 7.1EPSS: 17%CPEs: 14EXPL: 0CVE-2015-2696
https://notcve.org/view.php?id=CVE-2015-2696
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. lib/gssapi/krb5/iakerb.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo cual permite a atacantes remotos provocar una denegación de servicio (lectura de puntero incorrecto y caída de proceso) a través de un paquete IAKERB manipulado que no es manejado correctamente durante una llamada a gss_inquire_context. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://www.debian.org/security/2015/dsa-3395 http://www.securityfocus.com/bid/90675 http://www.securitytracker.com/id/1034084 http://www.ubuntu.com/usn/USN-2810-1 https://github.com/krb5/krb5/commit/ • CWE-18: DEPRECATED: Source Code •
CVSS: 4.0EPSS: 83%CPEs: 15EXPL: 0CVE-2015-2697
https://notcve.org/view.php?id=CVE-2015-2697
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. La función build_principal_va en lib/krb5/krb/bld_princ.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 permite a usuarios remotos autenticados provocar una denegación de servicio (lectura fuera de rango y caída de KDC) a través de un carácter inicial '\0' en un campo realm largo dentro de una solicitud TGS. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://www.debian.org/security/2015/dsa-3395 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/77581 http://www.securitytracker.com/id/1034084 http://w • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 95%CPEs: 60EXPL: 0CVE-2014-5355 – krb5: unauthenticated denial of service in recvauth_common() and others
https://notcve.org/view.php?id=CVE-2014-5355
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. MIT Kerberos 5 (también conocido como krb5) hasta 1.13.1 espera incorrectamente que un campo de datos krb5_read_message se representa como una cadena que termine con un caracter '\0', lo que permite a atacantes remotos (1) causar una denegación de servicio (referencia a puntero nulo) a través de una cadena de versión de cero bytes o (2) causar una denegación de servicio (lectura fuera de rango) mediante la omisión del caracter '\0', relacionado con appl/user_user/server.c y lib/krb5/krb/recvauth.c. It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8050 http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html http://rhn.redhat.com/errata/RHSA-2015-0794.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:069 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/74042 http://www.ubuntu.com/usn/USN-2810-1 https://github.com • CWE-476: NULL Pointer Dereference •
CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0CVE-2014-5353 – krb5: NULL pointer dereference when using a ticket policy name as a password policy name
https://notcve.org/view.php?id=CVE-2014-5353
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. La función krb5_ldap_get_password_policy_from_dn en plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c en MIT Kerberos 5 (también conocido como krb5) anterior a 1.13.1, cuando el KDC utiliza LDAP, permite a usuarios remotos autenticados causar una denegación de servicio (caída del demonio) a través de una consulta LDAP con éxito pero sin resultados, tal y como fue demostrado mediante el uso de un tipo de objeto incorrecto para una política de contraseñas. If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. • http://advisories.mageia.org/MGASA-2014-0536.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html http://rhn.redhat.com/errata/RHSA-2015-0439.html http://rhn.redhat.com/errata/RHSA-2015-0794.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:009 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71679 http://www.sec • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 1%CPEs: 30EXPL: 0CVE-2014-4345 – krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
https://notcve.org/view.php?id=CVE-2014-4345
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. Error de superación de límite (off-by-one) en la función krb5_encode_krbsecretkey en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el módulo LDAP KDB en kadmind en MIT Kerberos 5 (también conocido como krb5) 1.6.x hasta 1.11.x anterior a 1.11.6 y 1.12.x anterior a 1.12.2 permite a usuarios remotos autenticados causar una denegación de servicio (desbordamiento de buffer) o posiblemente ejecutar código arbitrario a través de una serie de comandos 'cpw -keepold'. A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. • http://advisories.mageia.org/MGASA-2014-0345.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980 http://linux.oracle.com/errata/ELSA-2014-1255.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html http://lists.opensuse.org/opensuse-updates& • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •