CVSS: 7.5EPSS: 2%CPEs: 20EXPL: 0CVE-2010-1321 – krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)
https://notcve.org/view.php?id=CVE-2010-1321
19 May 2010 — The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. Vulnerabilidad en la función "kg_accept_krb5" en "krb5/accept_sec_context.c" de l... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 14%CPEs: 4EXPL: 2CVE-2010-1320 – MIT Kerberos 5 - 'src/kdc/do_tgs_req.c' Ticket Renewal Double-Free Memory Corruption
https://notcve.org/view.php?id=CVE-2010-1320
22 Apr 2010 — Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. Una doble vulnerabilidad en do_tgs_req.c en el Centro de distribución de claves (KDC) en MIT Kerberos 5 (también conocido como krb5) versiones v1.7.x y v1.8.x antes de v1.8.2 permite a los usuarios rem... • https://www.exploit-db.com/exploits/33855 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2010-0628
https://notcve.org/view.php?id=CVE-2010-0628
25 Mar 2010 — The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token. La función spnego_gss_accept_sec_context en lib/gssapi/SPNEGO/spnego_mech.c en la funcionalidad GSS-API de SPNEGO en MIT Kerberos 5 (alias krb5) v1.7 antes de v1.7.... • http://secunia.com/advisories/39023 •
CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 0CVE-2010-0283
https://notcve.org/view.php?id=CVE-2010-0283
21 Feb 2010 — The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request. El Key Distribution Center (KDC) en MIT Kerberos 5 (también conocido como krb5) v1.7 anterior a v1.7.2, y 1.8 alpha, permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y caída del demonio) a través de peticiones (1) AS-REQ o (2) TGS-REQ inválid... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-20: Improper Input Validation •