CVSS: 9.8EPSS: 13%CPEs: 6EXPL: 0CVE-2007-1216 – krb5 double free flaw
https://notcve.org/view.php?id=CVE-2007-1216
06 Apr 2007 — Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding". Una vulnerabilidad de Doble Liberación en la biblioteca GSS-API (lib/gssapi/krb5/k5unseal.c), como la utiliza el demon... • ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-0417
https://notcve.org/view.php?id=CVE-2001-0417
24 May 2001 — Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. • http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-1999-1296
https://notcve.org/view.php?id=CVE-1999-1296
29 Apr 1997 — Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable. • http://marc.info/?l=bugtraq&m=87602167420878&w=2 •