CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0CVE-2014-5353 – krb5: NULL pointer dereference when using a ticket policy name as a password policy name
https://notcve.org/view.php?id=CVE-2014-5353
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. La función krb5_ldap_get_password_policy_from_dn en plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c en MIT Kerberos 5 (también conocido como krb5) anterior a 1.13.1, cuando el KDC utiliza LDAP, permite a usuarios remotos autenticados causar una denegación de servicio (caída del demonio) a través de una consulta LDAP con éxito pero sin resultados, tal y como fue demostrado mediante el uso de un tipo de objeto incorrecto para una política de contraseñas. If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. • http://advisories.mageia.org/MGASA-2014-0536.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html http://rhn.redhat.com/errata/RHSA-2015-0439.html http://rhn.redhat.com/errata/RHSA-2015-0794.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:009 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71679 http://www.sec • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 1%CPEs: 30EXPL: 0CVE-2014-4345 – krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
https://notcve.org/view.php?id=CVE-2014-4345
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. Error de superación de límite (off-by-one) en la función krb5_encode_krbsecretkey en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el módulo LDAP KDB en kadmind en MIT Kerberos 5 (también conocido como krb5) 1.6.x hasta 1.11.x anterior a 1.11.6 y 1.12.x anterior a 1.12.2 permite a usuarios remotos autenticados causar una denegación de servicio (desbordamiento de buffer) o posiblemente ejecutar código arbitrario a través de una serie de comandos 'cpw -keepold'. A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. • http://advisories.mageia.org/MGASA-2014-0345.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980 http://linux.oracle.com/errata/ELSA-2014-1255.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html http://lists.opensuse.org/opensuse-updates& • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 4%CPEs: 22EXPL: 0CVE-2014-4341 – krb5: denial of service flaws when handling padding length longer than the plaintext
https://notcve.org/view.php?id=CVE-2014-4341
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 (también conocido como krb5) anterior a 1.12.2 permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer y caída de aplicación) mediante la inyección de tokens inválido en una sesión de la aplicación GSSAPI. A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. • http://advisories.mageia.org/MGASA-2014-0345.html http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html http://rhn.redhat.com/errata/RHSA-2015-0439.html http://secunia.com/advisories/59102 http://secunia.com/advisories/60082 http://secunia.com/advisories/60448 http://security.gentoo.org/glsa/glsa-201412-53.xml http://www.debian&# • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 19%CPEs: 35EXPL: 0CVE-2014-4342 – krb5: denial of service flaws when handling RFC 1964 tokens
https://notcve.org/view.php?id=CVE-2014-4342
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 (también conocido como krb5) 1.7.x hasta 1.12.x anterior a 1.12.2 permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer o referencia a puntero nulo y caída de aplicación) mediante la inyección de tokens inválidos en una sesión de la aplicación GSSAPI. A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. • http://advisories.mageia.org/MGASA-2014-0345.html http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 http://rhn.redhat.com/errata/RHSA-2015-0439.html http://secunia.com/advisories/59102 http://secunia.com/advisories/60082 http://www.debian.org/security/2014/dsa-3000 http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/68908 http://www.securitytracker.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 93%CPEs: 6EXPL: 0CVE-2013-1418 – krb5: multi-realm KDC null dereference leads to crash
https://notcve.org/view.php?id=CVE-2013-1418
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. La función setup_server_realm en main.c en Key Distribution Center (KDC) de MIT Kerberos 5 (también conocido como krb5) anterior a la versión 1.10.7, cuando se configuran varios campos, permite a atacantes remotos provocar una denegación de servicio (referencia a un puntero NULL y cierre del demonio) a través de una petición manipulada. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. • http://advisories.mageia.org/MGASA-2013-0335.html http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757 http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html http://web.mit.edu/kerberos/krb5-1.10/README-1.10.7.txt http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt http://www.securityfocus.com/bid/63555 https://bugzilla • CWE-476: NULL Pointer Dereference •