CVSS: 10.0EPSS: 96%CPEs: 6EXPL: 0CVE-2007-2442 – krb5 RPC library unitialized pointer free
https://notcve.org/view.php?id=CVE-2007-2442
26 Jun 2007 — The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. La función gssrpc__svcauth_gssapi en la librería RPC de MIT Kerberos 5 (krb5) 1.6.1 y anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante credenciales RPC de longitud cero, lo cual provoca que kadmind libere un puntero n... • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 96%CPEs: 6EXPL: 0CVE-2007-2443 – krb5 RPC library stack overflow
https://notcve.org/view.php?id=CVE-2007-2443
26 Jun 2007 — Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. Error de entero sin signo en la función gssrpc__svcauth_unix de svc_auth_unix.c en la librería RPC de MIT Kerberos 5 (krb5) 1.6.1 y anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante un valor de longitud negativa. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc •
CVSS: 9.8EPSS: 40%CPEs: 6EXPL: 0CVE-2007-1216 – krb5 double free flaw
https://notcve.org/view.php?id=CVE-2007-1216
06 Apr 2007 — Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding". Una vulnerabilidad de Doble Liberación en la biblioteca GSS-API (lib/gssapi/krb5/k5unseal.c), como la utiliza el demon... • ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc • CWE-415: Double Free •
CVSS: 10.0EPSS: 21%CPEs: 6EXPL: 0CVE-2007-0956 – Unauthorized access via krb5-telnet daemon
https://notcve.org/view.php?id=CVE-2007-0956
06 Apr 2007 — The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882. El demonio telnet (telnetd) en MIT krb5 anterior a 1.6.1 permite a atacantes remotos evitar la validación y ganar accesos al sistema a través de un nombre de usuario comenzando con el carácter '-', un asunto similar a CVE-2007-0882. • ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 96%CPEs: 6EXPL: 0CVE-2007-0957 – krb5_klog_syslog() stack buffer overflow
https://notcve.org/view.php?id=CVE-2007-0957
06 Apr 2007 — Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers. Desbordamiento de búfer en la función krb5_klog_syslog en la biblioteca kadm5, tal y como se usa en el demonio de administración de Kerberos... • ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 75%CPEs: 9EXPL: 0CVE-2006-6143
https://notcve.org/view.php?id=CVE-2006-6143
31 Dec 2006 — The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. La librería RPC del Kerberos 5 1.4 hasta la 1.4.4 y de la 1.5 hasta la 1.5.1, como la usada en el demonio de administración del Kerberos (kadmind) y otros produc... • http://docs.info.apple.com/article.html?artnum=305391 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 25%CPEs: 1EXPL: 0CVE-2006-6144
https://notcve.org/view.php?id=CVE-2006-6144
31 Dec 2006 — The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. La abstracción de interfaz "mechglue" de la biblioteca GSS-API para Kerberos 5 1.5 hasta 1.5.1, tal y como se usan en el demonio de administración Kerberos (kadmind) y otros productos que... • http://fedoranews.org/cms/node/2375 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2006-3084
https://notcve.org/view.php?id=CVE-2006-3084
09 Aug 2006 — The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. Los programas (1) ftpd y (2) ksu en MIT Kerberos 5 (krb5) actualizado a 1.5, y 1.4.X anterior a 1.4.4, no valida el código de retorno para... • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2006-3083
https://notcve.org/view.php?id=CVE-2006-3083
09 Aug 2006 — The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. Las aplicaciones (1) krshd y (2) v4rcp en MIT Kerberos 5 (krb5) hasta 1.5, y 1.4.x anteriores a 1.4.4, cuando se ejecutan en Linux y AIX, no comprueban los códigos d... • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-0417
https://notcve.org/view.php?id=CVE-2001-0417
24 May 2001 — Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. • http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html •