Vulnerabilites related to mit - kerberos
Vulnerability from fkie_nvd
Published
2011-02-10 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 5-1.6.3 | |
| mit | kerberos_5 | 1.6 | |
| mit | kerberos_5 | 1.6.1 | |
| mit | kerberos_5 | 1.6.2 | |
| mit | kerberos_5 | 1.7 | |
| mit | kerberos_5 | 1.7.1 | |
| mit | kerberos_5 | 1.8 | |
| mit | kerberos_5 | 1.8.1 | |
| mit | kerberos_5 | 1.8.2 | |
| mit | kerberos_5 | 1.8.3 | |
| mit | kerberos_5 | 1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "032730AE-1E53-4CA2-96FD-AD60CD27F3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C382DAA-68D2-4DD9-BE29-8EEB0BAF1A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73BB258E-51CF-4D12-836B-BCEA587A3F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F81DE01C-BA3B-40B4-BD85-17692F0AF8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B09C090-B842-43C7-B8A6-DBF63D80FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36823B2B-5C72-4FF3-9301-FB263EB8CE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AFA33E-FEBC-45F5-9EC6-8AA363163FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04D83332-B2FD-4E86-A76C-C3F1CD3B3A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "758A0011-20ED-414A-9DF3-50A161DF8BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86738633-C081-4440-9F75-A775D6DF2228",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name."
},
{
"lang": "es",
"value": "El Key Distribution Center (KDC) en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) v1.6.x hasta v1.9 cuando un se utiliza un backend LDAP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia a puntero nulo o sobre-lectura, y ca\u00edda de demonio) a trav\u00e9s de un nombre principal manipulada."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2011-0282",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-10T18:00:55.287",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43260"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43273"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43275"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8073"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46271"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025037"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-05-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygnus:cygnus_network_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05857121-8827-45FD-886F-4269E0336036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygnus:kerbnet:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1B0821-64F1-46E3-8DD3-12FFD1B037F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB8BD89-F049-4C3B-8744-E8D00D752DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA60A9-10E1-4ACD-819C-17801FAD7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges."
}
],
"id": "CVE-2000-0391",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4876"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1220"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-26 21:29
Modified
2024-11-21 04:01
Severity ?
Summary
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D60B1D-E4D9-4FF8-8C98-7ACCF81D3F24",
"versionEndExcluding": "5-1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de aserci\u00f3n alcanzable en el KDC en MIT Kerberos 5 (tambi\u00e9n conocido como krb5), en versiones anteriores a la 1.17. Si un atacante puede obtener un ticket krbtgt mediante un tipo de cifrado m\u00e1s antiguo (DES, Triple DES o RC4), este puede provocar el cierre inesperado de KDC realizando una petici\u00f3n S4U2Self."
}
],
"id": "CVE-2018-20217",
"lastModified": "2024-11-21T04:01:06.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-26T21:29:02.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-09 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cygnus | cygnus_network_security | 4.0 | |
| cygnus | kerbnet | 5.0 | |
| mit | kerberos | 4.0 | |
| mit | kerberos_5 | 1.0 | |
| mit | kerberos_5 | 1.1 | |
| mit | kerberos_5 | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygnus:cygnus_network_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05857121-8827-45FD-886F-4269E0336036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygnus:kerbnet:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1B0821-64F1-46E3-8DD3-12FFD1B037F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB8BD89-F049-4C3B-8744-E8D00D752DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA60A9-10E1-4ACD-819C-17801FAD7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A37987D-22F9-47AC-A07A-380F7E509BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request."
}
],
"id": "CVE-2000-0549",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-09T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "cve@mitre.org",
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-14 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC18A69-28AC-4DED-AA9D-B050709A9D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A37987D-22F9-47AC-A07A-380F7E509BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8C0C82-749E-4837-88F8-FB56A753B094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD672FA-918D-48CB-BC03-4E412AF0DCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B363A4-BB7A-48A2-AE6B-BD2DDD46E7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netkit:linux_netkit:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3630EB-0966-49C2-9B59-368E5374A1C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netkit:linux_netkit:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "62B7A341-D568-45DD-B4D7-18892DD19819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netkit:linux_netkit:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "65D5FAF4-4AE0-4657-B71A-3F3870E36192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C30D6962-3DBB-4DF8-A04F-8E47AFEDCF99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F098C1-D09E-49B4-9B51-E84B6C4EA6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63236405-1F33-43DD-ACF7-B6D9656E0987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34797660-41F5-4358-B70F-2A40DE48F182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "F25E27BA-F884-456B-9600-A4A0B8877A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27C9E23D-AB82-4AE1-873E-C5493BB96AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4054D69F-596F-4EB4-BE9A-E2478343F55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA26ABBE-9973-45FA-9E9B-82170B751219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7891202C-62AF-4590-9E5F-3514FDA2B38E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF4F7002-A525-4A66-BE8B-E50ABBF144B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8F9B2F-E898-4F87-A245-32A41748587B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "183667CA-6DF1-4BFB-AE32-9ABF55B7283A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2:current:*:*:*:*:*:*",
"matchCriteriaId": "FE799983-DF99-428E-B560-321680C85A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1156954-25AD-45BE-AE49-9705ECD5BDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBDDEC3F-52EB-4E1E-84C4-B472600059EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B58E02AE-38B4-466E-BF73-2F0B80AF7BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3928D5CF-6FC0-434C-8A80-ABDBF346C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "314BA420-4C74-4060-8ACE-D7A7C041CF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAD7613-A5B3-4621-B981-290C7C6B8BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED84E66-CFD9-4DF8-9679-13457D340D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CA3337-9BEE-49C5-9EDE-8CDBE5580537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE38C50A-81FE-412E-9717-3672FAE6A6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "A0A3F7B6-2878-40C0-B59C-EBA8D171D2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "263F3734-7076-4EA8-B4C0-F37CFC4E979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0419DD66-FF66-48BC-AD3B-F6AFD0551E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3518628-08E5-4AD7-AAF6-A4E38F1CDE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B982342C-1981-4C55-8044-AFE4D87623DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "47E02BE6-4800-4940-B269-385B66AC5077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5:stable:*:*:*:*:*:*",
"matchCriteriaId": "0EB09993-B837-4352-B09D-3656F62638A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C283AD7-1C58-4CE8-A6CD-502FFE0B18BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0361EA35-FBD7-4E8F-8625-C8100ED7BB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "29EAA113-2404-4ABB-826B-3AA2AA858D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A585A1-FF82-418F-90F8-072458DB7816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E3F7EB61-55A5-4776-B0E7-3508920A6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "A442DE97-4485-4D95-B95D-58947585E455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE31DFF8-06AB-489D-A0C5-509C090283B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE1E3D8-2BB1-4FFA-9BC9-7AF347D26190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF49BF03-C25E-4737-84D5-892895C86C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2019E0E-426B-43AF-8904-1B811AE171E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11ACD012-F05F-45CD-A170-96CBAA42FFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55919E74-09E7-44BA-9941-D1B69BB1692F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "45F3C5D8-8BC3-44EB-917A-D0BA051D3D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "465B06C4-136D-4CD8-BA38-B6B50511624C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB23261-D5A9-4C49-B08E-97A63ED6F84A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF613C9-DC4A-45F0-BEE1-8450762B0089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "441CEF2E-9687-4930-8536-B8B83018BD28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55DD3C82-0B7D-4B25-B603-AD6C6D59239A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7A39CD-C4B2-4FD9-A450-E5C7A5480174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA1B13-B378-4F13-BD13-EC58F15F5C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C8CAB1-2D8C-4875-A795-41178D48410F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3C937A-E9D8-474A-ABEB-A927EF7CC5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A8F8DE7-7A84-4350-A6D8-FCCB561D63B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C422E343-ADF2-427D-865D-B5C35431EFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C288A88-11C6-429E-A109-0395D0989264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "516C6D9A-7483-4E36-A2E0-42698161AD31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F89124-E194-4C7A-B06D-8535B4066AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36DF0D51-FCFA-46A3-B834-E80DFA91DFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB726CF-ADA2-4CDA-9786-1E84AC53740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC373FC-88AC-4B6D-A289-51881ACD57F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DA7F0-E3C0-447A-A2B0-ECC928389D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBE290B-5EC6-4BBA-B645-294C150E417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7FDFB-C6A6-4B58-B0B4-236E4EA76EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF053A1-C252-427E-9EEF-27240F422976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48A9C344-45AA-47B9-B35A-1A62E220D9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80EB24F0-46A7-481B-83ED-8BB012AE0C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1370216-93EB-400F-9AA6-CB2DC316DAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF2C7C4-6F8D-40DB-9FBC-E7E4D76A2B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84523B48-218B-45F4-9C04-2C103612DCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A22D21-E0A9-4B56-86C7-805AD1A610D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7AAC8954-74A8-4FE3-ABE7-57DA041D9D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B72953B-E873-4E44-A3CF-12D770A0D416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39F847DB-65A9-47DA-BCFA-A179E5E2301A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58B90124-0543-4226-BFF4-13CCCBCCB243",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function."
}
],
"id": "CVE-2001-0554",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000413"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/advisories/3476"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/199496"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/199541"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/203000"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-21.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/l-131.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-070"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-075"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/809"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-099.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-100.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/197804"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3064"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/advisories/3476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/199496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/199541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://online.securityfocus.com/archive/1/203000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-21.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/l-131.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-100.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/197804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6875"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-13 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 5-1.6.3 | |
| mit | kerberos_5 | 1.3 | |
| mit | kerberos_5 | 1.3.1 | |
| mit | kerberos_5 | 1.3.2 | |
| mit | kerberos_5 | 1.3.3 | |
| mit | kerberos_5 | 1.3.4 | |
| mit | kerberos_5 | 1.3.5 | |
| mit | kerberos_5 | 1.3.6 | |
| mit | kerberos_5 | 1.4 | |
| mit | kerberos_5 | 1.4.1 | |
| mit | kerberos_5 | 1.4.2 | |
| mit | kerberos_5 | 1.4.3 | |
| mit | kerberos_5 | 1.4.4 | |
| mit | kerberos_5 | 1.5 | |
| mit | kerberos_5 | 1.5.1 | |
| mit | kerberos_5 | 1.5.2 | |
| mit | kerberos_5 | 1.5.3 | |
| mit | kerberos_5 | 1.6 | |
| mit | kerberos_5 | 1.6.1 | |
| mit | kerberos_5 | 1.6.2 | |
| mit | kerberos_5 | 1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "032730AE-1E53-4CA2-96FD-AD60CD27F3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F01A83F-3BD1-4DED-979A-B4B6B23039FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEB5A36-8F72-417A-AC92-149612EC7BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8704B5-F37B-4C61-A924-3774A29BFEB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F953CEBA-BAC0-48DF-A3D0-1FABCC9963E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED81A044-8A7B-4EEF-A4B3-EA49D76FAAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30AA5727-BD83-45CF-B308-BA5F8A577B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E088E64-6FBD-4148-8F78-506364B7BB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52F0EECF-7787-442B-9888-D22F7D36C3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF344AED-BE00-4A9B-A9DE-C6FB0BEE4617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "567406CA-58D8-453E-B36E-6D1D2EFC8EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7830E03F-A813-4E35-893E-BF27395CEFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7764411E-C056-4696-822E-235F2620FAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD315AE-868B-4061-BF01-CDBF59B02499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B639DD5F-71C7-4D9B-BA5C-51CAF64140B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B904DCE-D59F-45C7-A814-DE42CF02792D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9957FE9E-1E89-4C27-852C-44F866A1834E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C382DAA-68D2-4DD9-BE29-8EEB0BAF1A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73BB258E-51CF-4D12-836B-BCEA587A3F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F81DE01C-BA3B-40B4-BD85-17692F0AF8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de desbordamiento de entero en la funcionalidad de desencriptado AES y RC4 en la biblioteca crypto en MIT Kerberos 5 (tambi\u00e9n conocido comokrb5) v1.3 a la v1.6.3, y 1.7 anterior a v1.7.1, permite a atacantes remotos provocar una denegaci\u00f3n de servici\u00f3n (ca\u00edda de demonio) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n facilitando texto cifrado (ciphertext) con un tama\u00f1o menor al v\u00e1lido."
}
],
"evaluatorImpact": "Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\r\n\r\n\r\n\"Only releases krb5-1.3 and later are vulnerable, as\r\nearlier releases did not contain the functionality implemented by the\r\nvulnerable code.\r\n\r\nThis is an implementation vulnerability in MIT krb5, and is not a\r\nvulnerability in the Kerberos protocol.\"",
"evaluatorSolution": "Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\r\n\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.7.1 and krb5-1.6.4 releases will contain a fix\r\n for this vulnerability.\r\n\r\n* For the krb5-1.7 release, apply the patch available at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt.asc\r\n\r\n\r\n* For the krb5-1.6 releases, apply the patch available at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt.asc\r\n\r\n* The krb5-1.6.3 patch might apply successfully to older releases.\r\n",
"id": "CVE-2009-4212",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-13T19:30:00.607",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38080"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38108"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38126"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38140"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38184"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38203"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38696"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/css/P8/documents/100074869"
},
{
"source": "cve@mitre.org",
"url": "http://ubuntu.com/usn/usn-881-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-1969"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37749"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023440"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0096"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0129"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/css/P8/documents/100074869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-881-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-1969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-09 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html | Broken Link | |
| cve@mitre.org | http://ciac.llnl.gov/ciac/bulletins/k-051.shtml | Broken Link | |
| cve@mitre.org | http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2000-11.html | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/1338 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ciac.llnl.gov/ciac/bulletins/k-051.shtml | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2000-11.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1338 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cygnus_network_security_project | cygnus_network_security | - | |
| kerbnet_project | kerbnet | - | |
| mit | kerberos | * | |
| mit | kerberos | 4.0 | |
| mit | kerberos | 4.0 | |
| mit | kerberos_5 | * | |
| mit | kerberos_5 | 1.1 | |
| mit | kerberos_5 | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygnus_network_security_project:cygnus_network_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F324E654-8799-45DE-8ECA-779D33033CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerbnet_project:kerbnet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69B5EEC-B360-4F74-839C-1E4909C71126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B5C118-EB9E-4CA1-B27A-5D245E334E27",
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "14393125-C495-47AF-ACC9-EF739A606DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:patch10:*:*:*:*:*:*",
"matchCriteriaId": "C7EDE7F6-5216-40F3-8C31-C3544CDFFBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC79658F-1838-40CA-AFB1-3E2B43E339CB",
"versionEndIncluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A37987D-22F9-47AC-A07A-380F7E509BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function."
}
],
"id": "CVE-2000-0547",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-09T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/1338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/1338"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| mit | kerberos | 5-1.8 | |
| mit | kerberos | 5-1.10.5 | |
| mit | kerberos | 5-1.10.6 | |
| mit | kerberos | 5-1.10.7 | |
| mit | kerberos_5 | 1.7 | |
| mit | kerberos_5 | 1.7.1 | |
| mit | kerberos_5 | 1.8 | |
| mit | kerberos_5 | 1.8.1 | |
| mit | kerberos_5 | 1.8.2 | |
| mit | kerberos_5 | 1.8.3 | |
| mit | kerberos_5 | 1.8.4 | |
| mit | kerberos_5 | 1.8.5 | |
| mit | kerberos_5 | 1.8.6 | |
| mit | kerberos_5 | 1.9 | |
| mit | kerberos_5 | 1.9.1 | |
| mit | kerberos_5 | 1.9.2 | |
| mit | kerberos_5 | 1.9.3 | |
| mit | kerberos_5 | 1.9.4 | |
| mit | kerberos_5 | 1.10 | |
| mit | kerberos_5 | 1.10.1 | |
| mit | kerberos_5 | 1.10.2 | |
| mit | kerberos_5 | 1.10.3 | |
| mit | kerberos_5 | 1.10.4 | |
| mit | kerberos_5 | 1.11 | |
| mit | kerberos_5 | 1.11.1 | |
| mit | kerberos_5 | 1.11.2 | |
| mit | kerberos_5 | 1.11.3 | |
| mit | kerberos_5 | 1.11.4 | |
| mit | kerberos_5 | 1.12 | |
| mit | kerberos_5 | 1.12.1 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.8:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "932A9238-B5F1-440B-92B8-1CD17A2CC274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42238DD3-2CFB-4F88-9CB6-A2B6F71DBB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D48B3D-DE6C-47DA-8002-659AED084A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DB845405-97B7-4609-A61E-68C5CCD374EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B09C090-B842-43C7-B8A6-DBF63D80FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36823B2B-5C72-4FF3-9301-FB263EB8CE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AFA33E-FEBC-45F5-9EC6-8AA363163FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04D83332-B2FD-4E86-A76C-C3F1CD3B3A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "758A0011-20ED-414A-9DF3-50A161DF8BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7768AED0-AE4C-4D4E-8D5D-5B618AB82966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "534104C5-966E-4740-A354-4F6C210FF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "78AF5659-C0E3-49C4-9CA7-FC3917C8AC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86738633-C081-4440-9F75-A775D6DF2228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BCFFEE-EA7A-4F26-97AA-31128A179745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91A2D7F5-EBDE-4000-AC78-8DD6472E685A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E92BFA5-723E-4843-A8D8-BC1D32F34569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34C27198-9B55-42FB-AA21-D8B4EB60D926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FC504264-A9E9-4433-B7AA-6D5015A93FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77FA352F-520C-4C05-AD52-FC8586DB16B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFB18F7-CB08-4AE4-9DEC-55D047819A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "637E858A-7C16-490C-99A8-F46440E5F504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22840B84-2EA4-4E96-A8D8-154AAEADB806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2D554BDC-CD7D-4572-B1E8-5F627F2C5916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65BCD38A-33AD-4FD7-AF5B-8470B24C4139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F9209-799A-428B-9513-DBD0F19C7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA40FAA-B858-4282-8438-247E99FBB002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65795542-D886-46C4-8ECB-4630078DF66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "79A9FAE9-7219-4D6A-9E94-FFE20223537D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA68BC90-FCFC-4C9B-8574-9029DB2358E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session."
},
{
"lang": "es",
"value": "MIT Kerberos 5 (tambi\u00e9n conocido como krb5) 1.7.x hasta 1.12.x anterior a 1.12.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (sobrelectura de buffer o referencia a puntero nulo y ca\u00edda de aplicaci\u00f3n) mediante la inyecci\u00f3n de tokens inv\u00e1lidos en una sesi\u00f3n de la aplicaci\u00f3n GSSAPI."
}
],
"id": "CVE-2014-4342",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-20T11:12:50.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0345.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59102"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/60082"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3000"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68908"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94903"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0345.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/60082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 02:55
Modified
2025-04-11 00:51
Severity ?
Summary
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 5-1.10.5 | |
| mit | kerberos | 5-1.10.6 | |
| mit | kerberos | 5-1.10.7 | |
| mit | kerberos_5 | 1.10 | |
| mit | kerberos_5 | 1.10.1 | |
| mit | kerberos_5 | 1.10.2 | |
| mit | kerberos_5 | 1.10.3 | |
| mit | kerberos_5 | 1.10.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42238DD3-2CFB-4F88-9CB6-A2B6F71DBB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D48B3D-DE6C-47DA-8002-659AED084A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DB845405-97B7-4609-A61E-68C5CCD374EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FC504264-A9E9-4433-B7AA-6D5015A93FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77FA352F-520C-4C05-AD52-FC8586DB16B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFB18F7-CB08-4AE4-9DEC-55D047819A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "637E858A-7C16-490C-99A8-F46440E5F504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22840B84-2EA4-4E96-A8D8-154AAEADB806",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418."
},
{
"lang": "es",
"value": "Un m\u00f3dulo de base de datos de terceros sin especificar para Key Distribution Center (KDC) en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) 1.10.x permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y cierre del demonio) a trav\u00e9s de una petici\u00f3n manipulada, una vulnerabilidad diferente a CVE-2013-1418."
}
],
"evaluatorComment": "CWE-476: NULL Pointer Dereference per http://cwe.mitre.org/data/definitions/476.html",
"id": "CVE-2013-6800",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-18T02:55:10.063",
"references": [
{
"source": "cve@mitre.org",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/63770"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-05-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygnus:cygnus_network_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05857121-8827-45FD-886F-4269E0336036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygnus:kerbnet:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1B0821-64F1-46E3-8DD3-12FFD1B037F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB8BD89-F049-4C3B-8744-E8D00D752DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA60A9-10E1-4ACD-819C-17801FAD7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges."
}
],
"id": "CVE-2000-0389",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1220"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-09 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html | Broken Link | |
| cve@mitre.org | http://ciac.llnl.gov/ciac/bulletins/k-051.shtml | Broken Link | |
| cve@mitre.org | http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2000-11.html | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/1338 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ciac.llnl.gov/ciac/bulletins/k-051.shtml | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2000-11.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1338 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cygnus_network_security_project | cygnus_network_security | - | |
| kerbnet_project | kerbnet | - | |
| mit | kerberos | * | |
| mit | kerberos | 4.0 | |
| mit | kerberos | 4.0 | |
| mit | kerberos_5 | * | |
| mit | kerberos_5 | 1.1 | |
| mit | kerberos_5 | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygnus_network_security_project:cygnus_network_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F324E654-8799-45DE-8ECA-779D33033CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerbnet_project:kerbnet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69B5EEC-B360-4F74-839C-1E4909C71126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B5C118-EB9E-4CA1-B27A-5D245E334E27",
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "14393125-C495-47AF-ACC9-EF739A606DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:patch10:*:*:*:*:*:*",
"matchCriteriaId": "C7EDE7F6-5216-40F3-8C31-C3544CDFFBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC79658F-1838-40CA-AFB1-3E2B43E339CB",
"versionEndIncluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A37987D-22F9-47AC-A07A-380F7E509BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function."
}
],
"id": "CVE-2000-0546",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-09T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/1338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/1338"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 1.0 | |
| mit | kerberos | 1.2.2.beta1 | |
| mit | kerberos_5 | 1.0.6 | |
| mit | kerberos_5 | 1.1 | |
| mit | kerberos_5 | 1.1.1 | |
| mit | kerberos_5 | 1.2 | |
| mit | kerberos_5 | 1.2.1 | |
| mit | kerberos_5 | 1.2.2 | |
| mit | kerberos_5 | 1.2.3 | |
| mit | kerberos_5 | 1.2.4 | |
| mit | kerberos_5 | 1.2.5 | |
| mit | kerberos_5 | 1.2.6 | |
| mit | kerberos_5 | 1.2.7 | |
| mit | kerberos_5 | 1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC18A69-28AC-4DED-AA9D-B050709A9D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:1.2.2.beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D5B46-F8BD-41C4-86F2-D495F1EB4F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8973E93-0BBE-4BD3-9983-F6480FFEA228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A37987D-22F9-47AC-A07A-380F7E509BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8C0C82-749E-4837-88F8-FB56A753B094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD672FA-918D-48CB-BC03-4E412AF0DCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B363A4-BB7A-48A2-AE6B-BD2DDD46E7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74EF42A5-EC47-4475-81D6-FD1E9C2B8A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30F2CBEF-6FA1-4E07-8163-6AFEDC93FCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D133CB0D-8A54-4DAA-9FE8-0B367544DE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2C23BD-1995-4F09-B444-87DDDE21817E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF118BE-6351-4768-A3F0-DFE0065273D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "6B1422F8-CC87-46EA-8649-A12D6E47335D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka \"array overrun\")."
},
{
"lang": "es",
"value": "El KDC (Centro de Distribuci\u00f3n de Claves) en Kerberos 5 (krb5) 1.2.7 y anteriores, permite a atacantes remotos autentificados, causar la Denegaci\u00f3n de Servicios (por ca\u00edda) en KDCs dentro del mismo dominio utilizando cierta petici\u00f3n de protocolo que causa una lectura fuera de l\u00edmites en un array (tambi\u00e9n conocido como \u0027array overrun\u0027)."
}
],
"id": "CVE-2003-0072",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-04-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7184"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-22 13:00
Modified
2025-04-11 00:51
Severity ?
Summary
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 5-1.8 | |
| mit | kerberos_5 | 1.7 | |
| mit | kerberos_5 | 1.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.8:alpha:*:*:*:*:*:*",
"matchCriteriaId": "40089B12-0277-487D-AC68-5400A0DAF013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B09C090-B842-43C7-B8A6-DBF63D80FEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request."
},
{
"lang": "es",
"value": "El Key Distribution Center (KDC) en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) v1.7 anterior a v1.7.2, y 1.8 alpha, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y ca\u00edda del demonio) a trav\u00e9s de peticiones (1) AS-REQ o (2) TGS-REQ inv\u00e1lidas."
}
],
"id": "CVE-2010-0283",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-22T13:00:02.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38598"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39023"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023593"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509553/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38260"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-916-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509553/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-916-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1481"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of MIT Kerberos 5 as shipped with Red Hat Enterprise Linux 3, 4 or 5. Those versions do not contain the vulnerable code that was introduced in krb5 1.7.",
"lastModified": "2010-02-22T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-16 09:29
Modified
2024-11-21 04:09
Severity ?
Summary
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA956-6CB6-4981-B363-6E051E7A6441",
"versionEndIncluding": "5-1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) hasta la versi\u00f3n 1.16. Hay una variable \"dbentry-\u003en_key_data\" en kadmin/dbutil/dump.c que puede almacenar datos en 16 bits pero, sin saberlo, el desarrollador le ha asignado una variable \"u4\", que es para datos en 32 bits. Un atacante puede emplear esta vulnerabilidad para afectar a otros artefactos de la base de datos, ya que se sabe que un archivo de volcado de base de datos de Kerberos contiene datos fiables."
}
],
"id": "CVE-2018-5709",
"lastModified": "2024-11-21T04:09:13.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-16T09:29:00.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-09 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
"matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4D8269-B407-4C24-AAB0-02F885C7D752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B58B2F8D-83F5-46E0-B0DE-FEC2B0706CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B09C090-B842-43C7-B8A6-DBF63D80FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36823B2B-5C72-4FF3-9301-FB263EB8CE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AFA33E-FEBC-45F5-9EC6-8AA363163FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04D83332-B2FD-4E86-A76C-C3F1CD3B3A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "758A0011-20ED-414A-9DF3-50A161DF8BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7768AED0-AE4C-4D4E-8D5D-5B618AB82966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "534104C5-966E-4740-A354-4F6C210FF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "78AF5659-C0E3-49C4-9CA7-FC3917C8AC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86738633-C081-4440-9F75-A775D6DF2228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BCFFEE-EA7A-4F26-97AA-31128A179745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91A2D7F5-EBDE-4000-AC78-8DD6472E685A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E92BFA5-723E-4843-A8D8-BC1D32F34569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34C27198-9B55-42FB-AA21-D8B4EB60D926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FC504264-A9E9-4433-B7AA-6D5015A93FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77FA352F-520C-4C05-AD52-FC8586DB16B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFB18F7-CB08-4AE4-9DEC-55D047819A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "637E858A-7C16-490C-99A8-F46440E5F504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22840B84-2EA4-4E96-A8D8-154AAEADB806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2D554BDC-CD7D-4572-B1E8-5F627F2C5916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65BCD38A-33AD-4FD7-AF5B-8470B24C4139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E11F9209-799A-428B-9513-DBD0F19C7BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA40FAA-B858-4282-8438-247E99FBB002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65795542-D886-46C4-8ECB-4630078DF66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A4C436-C3D7-469E-8895-8EEC9569EE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "79A9FAE9-7219-4D6A-9E94-FFE20223537D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA68BC90-FCFC-4C9B-8574-9029DB2358E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0A28CB-173D-4676-B083-E3718213B840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D2861-7EB7-4984-AC92-989B427BDB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "169D00BD-344F-453C-BE7C-9DF0740080BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "765B3248-A524-4A79-858C-E787C1C1599E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1BB0AB-2C22-49F9-9D2A-074D2F711BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EC001E-9507-410D-836F-93002789D574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0037EF80-A599-4938-889F-9276E339A8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CABFE58-4811-49EC-8565-35EB7D5F6F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6E30B176-1FE5-4C53-8B79-2E6D87DF05B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "EC81822F-DC8C-4889-AD53-33216B66A109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C1B23EE0-35EB-46FC-8620-AC0059498D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*",
"matchCriteriaId": "70831CB8-695D-45E8-A829-2E888823E8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E650B5A3-99CA-491B-A1FB-259EF548D92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "091F3C51-980E-482F-9882-0A555A8F74BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A00BDDDC-3D5D-4D63-A8D8-63BF2F4C7329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42505BC2-12A0-43E9-8561-80270D7CA74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0496EF-F0F9-4A5D-92F4-E50C5F3DCA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79EEC80F-9E4F-4A6D-BB8D-6AB7764AD8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB427FE4-CC39-43EE-A27B-69C5B18056FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.15.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "14A2F0C0-91E0-4DD9-851E-67CE8A5EAE0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.15.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C1770120-B3B2-4B5A-9785-162399A47989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests."
},
{
"lang": "es",
"value": "En MIT Kerberos 5 (tambi\u00e9n llamado krb5) en versiones 1.7 y posteriores, un atacante autenticado puede provocar un error de aserci\u00f3n KDC mediante el env\u00edo de peticiones S4U2Self o S4U2Proxy no v\u00e1lidas."
}
],
"id": "CVE-2017-11368",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T18:29:01.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100291"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:0666"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:0666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-16 09:29
Modified
2024-11-21 04:09
Severity ?
Summary
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AA956-6CB6-4981-B363-6E051E7A6441",
"versionEndIncluding": "5-1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) hasta la versi\u00f3n 1.16. La funci\u00f3n predefinida \"strlen\" tiene una cadena \"NULL\" como valor de par\u00e1metro en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el Key Distribution Center (KDC), lo que permite que usuarios autenticados remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL) mediante un cliente kadmin modificado."
}
],
"id": "CVE-2018-5710",
"lastModified": "2024-11-21T04:09:13.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-16T09:29:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-24 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*",
"matchCriteriaId": "45E4C7CB-044F-47C6-AB40-9D3542CB6326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack."
},
{
"lang": "es",
"value": "La versi\u00f3n 4 del protocolo Kerberos (kbr4) permite a un atacante impersonar a cualquier principal en un dominio (realm) mediante un ataque de texto plano elegido."
}
],
"id": "CVE-2003-0138",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-24T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-269"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/623217"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7113"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/623217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 1.0 | |
| mit | kerberos | 1.0.8 | |
| mit | kerberos | 1.2.2.beta1 | |
| mit | kerberos_5 | 1.0 | |
| mit | kerberos_5 | 1.0.6 | |
| mit | kerberos_5 | 1.1 | |
| mit | kerberos_5 | 1.1.1 | |
| mit | kerberos_5 | 1.2 | |
| mit | kerberos_5 | 1.2 | |
| mit | kerberos_5 | 1.2 | |
| mit | kerberos_5 | 1.2.1 | |
| mit | kerberos_5 | 1.2.2 | |
| mit | kerberos_5 | 1.2.3 | |
| mit | kerberos_5 | 1.2.4 | |
| mit | kerberos_5 | 1.2.5 | |
| mit | kerberos_5 | 1.2.6 | |
| mit | kerberos_5 | 1.2.7 | |
| mit | kerberos_5 | 1.3 | |
| mit | kerberos_5 | 1.3 | |
| mit | kerberos_5 | 1.3.3 | |
| sgi | propack | 2.4 | |
| sgi | propack | 3.0 | |
| sun | seam | 1.0 | |
| sun | seam | 1.0.1 | |
| sun | seam | 1.0.2 | |
| tinysofa | tinysofa_enterprise_server | 1.0 | |
| tinysofa | tinysofa_enterprise_server | 1.0_u1 | |
| sun | solaris | 8.0 | |
| sun | solaris | 9.0 | |
| sun | solaris | 9.0 | |
| sun | sunos | 5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC18A69-28AC-4DED-AA9D-B050709A9D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "85336612-6B0A-46B0-B2E2-FF60A4D4DD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:1.2.2.beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D5B46-F8BD-41C4-86F2-D495F1EB4F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA60A9-10E1-4ACD-819C-17801FAD7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8973E93-0BBE-4BD3-9983-F6480FFEA228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A37987D-22F9-47AC-A07A-380F7E509BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8C0C82-749E-4837-88F8-FB56A753B094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4EA5E4B3-AD02-4E87-822B-8A6C91DA65FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1A0B70C1-476D-4FAF-BA96-CB3EB32B7BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD672FA-918D-48CB-BC03-4E412AF0DCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B363A4-BB7A-48A2-AE6B-BD2DDD46E7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74EF42A5-EC47-4475-81D6-FD1E9C2B8A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30F2CBEF-6FA1-4E07-8163-6AFEDC93FCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D133CB0D-8A54-4DAA-9FE8-0B367544DE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2C23BD-1995-4F09-B444-87DDDE21817E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF118BE-6351-4768-A3F0-DFE0065273D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F01A83F-3BD1-4DED-979A-B4B6B23039FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "6B1422F8-CC87-46EA-8649-A12D6E47335D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F953CEBA-BAC0-48DF-A3D0-1FABCC9963E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0702A32E-E577-403C-B4D9-15037D7100A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:seam:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "401CA0B3-2C25-4E6A-B0A0-C5AC4E69F14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:seam:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "111DAAB7-2309-4951-85F1-866D2D532528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:seam:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6C1EDF-259A-4DE1-9E43-35671FBA9662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A407E66E-FC1D-45E8-81C7-126472F5E7B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0_u1:*:*:*:*:*:*:*",
"matchCriteriaId": "83A54042-FC1E-4DE9-BA3A-8839131E32BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en krb5_aname_to_localname en MIT Kerberos 5 (krb5) 1.3.3 y anteriores permite a atacantes remtos ejecutar c\u00f3digo de su elecci\u00f3n como root"
}
],
"id": "CVE-2004-0523",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860"
},
{
"source": "cve@mitre.org",
"url": "http://lwn.net/Articles/88206/"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108612325909496\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108619161815320\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108619250923790\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-520"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/686862"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-236.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10448"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16268"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lwn.net/Articles/88206/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108612325909496\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108619161815320\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108619250923790\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/686862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-236.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1996-02-21 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 4.0 | |
| mit | kerberos_5 | - | |
| process_software | multinet | 3.4 | |
| process_software | multinet | 3.5 | |
| sun | sunos | 5.3 | |
| sun | sunos | 5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB8BD89-F049-4C3B-8744-E8D00D752DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "589D7E39-A243-49F9-8F67-4B9E92AE87DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:process_software:multinet:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBE0C33-2F14-474B-B6E9-4415BDFDE179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:process_software:multinet:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F83D69E-4B23-4049-A521-BBDD27DB39EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A22D21-E0A9-4B56-86C7-805AD1A610D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7AAC8954-74A8-4FE3-ABE7-57DA041D9D8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys."
}
],
"id": "CVE-1999-0143",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1996-02-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0143"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 1.0 | |
| mit | kerberos | 1.2.2.beta1 | |
| mit | kerberos_5 | 1.0.6 | |
| mit | kerberos_5 | 1.1 | |
| mit | kerberos_5 | 1.1.1 | |
| mit | kerberos_5 | 1.2 | |
| mit | kerberos_5 | 1.2.1 | |
| mit | kerberos_5 | 1.2.2 | |
| mit | kerberos_5 | 1.2.3 | |
| mit | kerberos_5 | 1.2.4 | |
| mit | kerberos_5 | 1.2.5 | |
| mit | kerberos_5 | 1.2.6 | |
| mit | kerberos_5 | 1.2.7 | |
| mit | kerberos_5 | 1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC18A69-28AC-4DED-AA9D-B050709A9D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:1.2.2.beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D5B46-F8BD-41C4-86F2-D495F1EB4F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8973E93-0BBE-4BD3-9983-F6480FFEA228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A37987D-22F9-47AC-A07A-380F7E509BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8C0C82-749E-4837-88F8-FB56A753B094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD672FA-918D-48CB-BC03-4E412AF0DCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B363A4-BB7A-48A2-AE6B-BD2DDD46E7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74EF42A5-EC47-4475-81D6-FD1E9C2B8A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30F2CBEF-6FA1-4E07-8163-6AFEDC93FCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D133CB0D-8A54-4DAA-9FE8-0B367544DE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2C23BD-1995-4F09-B444-87DDDE21817E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF118BE-6351-4768-A3F0-DFE0065273D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "6B1422F8-CC87-46EA-8649-A12D6E47335D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\")."
},
{
"lang": "es",
"value": "El KDC (Centro de Distribuci\u00f3n de Claves) en Kerberos 5 (krb5) 1.2.7 y anteriores, permite a atacantes remotos autentificados, causar la Denegaci\u00f3n de Servicios (ca\u00edda) en KDCs dentro del mismo dominio utilizando cierta petici\u00f3n de protocolo que produce la corrupci\u00f3n de la pila del KDC (tambi\u00e9n conocida como \u0027buffer underrun\u0027)."
}
],
"id": "CVE-2003-0082",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-04-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7185"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-05-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygnus:cygnus_network_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05857121-8827-45FD-886F-4269E0336036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygnus:kerbnet:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1B0821-64F1-46E3-8DD3-12FFD1B037F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB8BD89-F049-4C3B-8744-E8D00D752DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA60A9-10E1-4ACD-819C-17801FAD7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges."
}
],
"id": "CVE-2000-0392",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1220"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-06-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 4 | |
| mit | kerberos_5 | 1.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*",
"matchCriteriaId": "45E4C7CB-044F-47C6-AB40-9D3542CB6326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B904DCE-D59F-45C7-A814-DE42CF02792D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files."
}
],
"id": "CVE-2001-0417",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2001-025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2001-025.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-09 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "032730AE-1E53-4CA2-96FD-AD60CD27F3CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic."
},
{
"lang": "es",
"value": "La funci\u00f3n asnbuf_imbed en el decodificador ASN.1 en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) v1.6.3 cuando se usa PK-INIT, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un valor length modificado que provoca una llamada malloc err\u00f3nea, relativo a c\u00e1lculo err\u00f3neos con punto aritm\u00e9tico."
}
],
"id": "CVE-2009-0847",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T00:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34594"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34617"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34622"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34628"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34637"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34640"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34734"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35074"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"source": "cve@mitre.org",
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34408"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021993"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2084"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2009-04-09T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-09 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cygnus_network_security_project | cygnus_network_security | - | |
| kerbnet_project | kerbnet | - | |
| mit | kerberos | * | |
| mit | kerberos | 4.0 | |
| mit | kerberos | 4.0 | |
| mit | kerberos_5 | * | |
| mit | kerberos_5 | 1.1 | |
| mit | kerberos_5 | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygnus_network_security_project:cygnus_network_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F324E654-8799-45DE-8ECA-779D33033CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerbnet_project:kerbnet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69B5EEC-B360-4F74-839C-1E4909C71126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B5C118-EB9E-4CA1-B27A-5D245E334E27",
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "14393125-C495-47AF-ACC9-EF739A606DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:patch10:*:*:*:*:*:*",
"matchCriteriaId": "C7EDE7F6-5216-40F3-8C31-C3544CDFFBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC79658F-1838-40CA-AFB1-3E2B43E339CB",
"versionEndIncluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A37987D-22F9-47AC-A07A-380F7E509BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function."
}
],
"id": "CVE-2000-0548",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-09T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/4875"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/4875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-24 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*",
"matchCriteriaId": "45E4C7CB-044F-47C6-AB40-9D3542CB6326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and \"ticket splicing.\""
},
{
"lang": "es",
"value": "Ciertas debilidades en la implementaci\u00f3n de la versi\u00f3n 4 del protocolo Kerberos (krb4) en la distribuci\u00f3n krb5, cuando se usan claves triple-DES para serviciso clave krb4, permite a un atacante crear tiques para principales no autorizados usando un ataque de \"cortar y pegar\" y \"empalme de tiques\"."
}
],
"id": "CVE-2003-0139",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-24T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/442569"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/317130/30/25250/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/442569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/317130/30/25250/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-02 16:22
Modified
2025-04-11 00:51
Severity ?
Summary
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 5-1.5.4 | |
| mit | kerberos_5 | 1.3 | |
| mit | kerberos_5 | 1.3 | |
| mit | kerberos_5 | 1.3.1 | |
| mit | kerberos_5 | 1.3.2 | |
| mit | kerberos_5 | 1.3.3 | |
| mit | kerberos_5 | 1.3.4 | |
| mit | kerberos_5 | 1.3.5 | |
| mit | kerberos_5 | 1.3.6 | |
| mit | kerberos_5 | 1.4 | |
| mit | kerberos_5 | 1.4.1 | |
| mit | kerberos_5 | 1.4.2 | |
| mit | kerberos_5 | 1.4.3 | |
| mit | kerberos_5 | 1.4.4 | |
| mit | kerberos_5 | 1.5 | |
| mit | kerberos_5 | 1.5.1 | |
| mit | kerberos_5 | 1.5.2 | |
| mit | kerberos_5 | 1.5.3 | |
| mit | kerberos_5 | 1.6 | |
| mit | kerberos_5 | 1.6.1 | |
| mit | kerberos_5 | 1.6.2 | |
| mit | kerberos_5 | 1.7 | |
| mit | kerberos_5 | 1.7.1 | |
| mit | kerberos_5 | 1.8 | |
| mit | kerberos_5 | 1.8.1 | |
| mit | kerberos_5 | 1.8.2 | |
| mit | kerberos_5 | 1.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5029A563-699D-4D65-8E94-01E44FD8EF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F01A83F-3BD1-4DED-979A-B4B6B23039FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "6B1422F8-CC87-46EA-8649-A12D6E47335D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEB5A36-8F72-417A-AC92-149612EC7BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8704B5-F37B-4C61-A924-3774A29BFEB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F953CEBA-BAC0-48DF-A3D0-1FABCC9963E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED81A044-8A7B-4EEF-A4B3-EA49D76FAAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30AA5727-BD83-45CF-B308-BA5F8A577B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E088E64-6FBD-4148-8F78-506364B7BB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52F0EECF-7787-442B-9888-D22F7D36C3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF344AED-BE00-4A9B-A9DE-C6FB0BEE4617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "567406CA-58D8-453E-B36E-6D1D2EFC8EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7830E03F-A813-4E35-893E-BF27395CEFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7764411E-C056-4696-822E-235F2620FAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD315AE-868B-4061-BF01-CDBF59B02499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B639DD5F-71C7-4D9B-BA5C-51CAF64140B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B904DCE-D59F-45C7-A814-DE42CF02792D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9957FE9E-1E89-4C27-852C-44F866A1834E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C382DAA-68D2-4DD9-BE29-8EEB0BAF1A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73BB258E-51CF-4D12-836B-BCEA587A3F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F81DE01C-BA3B-40B4-BD85-17692F0AF8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B09C090-B842-43C7-B8A6-DBF63D80FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36823B2B-5C72-4FF3-9301-FB263EB8CE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AFA33E-FEBC-45F5-9EC6-8AA363163FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04D83332-B2FD-4E86-A76C-C3F1CD3B3A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "758A0011-20ED-414A-9DF3-50A161DF8BC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys."
},
{
"lang": "es",
"value": "MIT Kerberos 5 (tambi\u00e9n conocido como krb5) v1.3.x, v1.4.x, v1.5.x, v1.6.x, v1.7.x, y v1.8.x hasta v1.8.3 no determina correctamente la aceptabilidad de las sumas de comprobaci\u00f3n, lo que podr\u00eda permitir a un atacante remoto modificar el user-visible prompt text, modificar una respuesta para el KDC (Key Distribution Center) o falsificar un mensaje KRB-SAFE mediante ciertas sumas de comprobaci\u00f3n que (1) est\u00e1n sin clave o (2) usan claves RC4."
}
],
"id": "CVE-2010-1323",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2010-12-02T16:22:20.847",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.vmware.com/kb/1035108"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/69610"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42399"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42436"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43015"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4581"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2129"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45118"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024803"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1030-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/3094"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/3095"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/3101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/3118"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0187"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.vmware.com/kb/1035108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/69610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-09 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cygnus | cygnus_network_security | 4.0 | |
| cygnus | kerbnet | 5.0 | |
| mit | kerberos | 4.0 | |
| mit | kerberos_5 | 1.0 | |
| mit | kerberos_5 | 1.1 | |
| mit | kerberos_5 | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygnus:cygnus_network_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05857121-8827-45FD-886F-4269E0336036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygnus:kerbnet:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1B0821-64F1-46E3-8DD3-12FFD1B037F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB8BD89-F049-4C3B-8744-E8D00D752DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA60A9-10E1-4ACD-819C-17801FAD7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A37987D-22F9-47AC-A07A-380F7E509BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kerberos 4 KDC program improperly frees memory twice (aka \"double-free\"), which allows remote attackers to cause a denial of service."
}
],
"id": "CVE-2000-0550",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-09T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "cve@mitre.org",
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1465"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-27 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 5-1.6.3 | |
| mit | kerberos_5 | 1.5 | |
| mit | kerberos_5 | 1.5.1 | |
| mit | kerberos_5 | 1.5.2 | |
| mit | kerberos_5 | 1.5.3 | |
| mit | kerberos_5 | 1.6 | |
| mit | kerberos_5 | 1.6.1 | |
| mit | kerberos_5 | 1.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "032730AE-1E53-4CA2-96FD-AD60CD27F3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD315AE-868B-4061-BF01-CDBF59B02499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B639DD5F-71C7-4D9B-BA5C-51CAF64140B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B904DCE-D59F-45C7-A814-DE42CF02792D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9957FE9E-1E89-4C27-852C-44F866A1834E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C382DAA-68D2-4DD9-BE29-8EEB0BAF1A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73BB258E-51CF-4D12-836B-BCEA587A3F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F81DE01C-BA3B-40B4-BD85-17692F0AF8A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token."
},
{
"lang": "es",
"value": "La funci\u00f3n spnego_gss_accept_sec_context en lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (conocido como krb5) v.1.6.3, cuando se utiliza SPNEGO, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda de la aplicaci\u00f3n) mediante datos \"ContextFlags\" inv\u00e1lidos en el campo \"reqFlags\" en el token negTokenInit."
}
],
"id": "CVE-2009-0845",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-27T16:30:02.157",
"references": [
{
"source": "cve@mitre.org",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=6402"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34347"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34594"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34617"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34622"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34628"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34630"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34637"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34640"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34734"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875\u0026r2=22084"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"source": "cve@mitre.org",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:082"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34257"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021867"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0847"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49448"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=6402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875\u0026r2=22084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-10 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 5-1.6.3 | |
| mit | kerberos_5 | 1.6 | |
| mit | kerberos_5 | 1.6.1 | |
| mit | kerberos_5 | 1.6.2 | |
| mit | kerberos_5 | 1.7 | |
| mit | kerberos_5 | 1.7.1 | |
| mit | kerberos_5 | 1.8 | |
| mit | kerberos_5 | 1.8.1 | |
| mit | kerberos_5 | 1.8.2 | |
| mit | kerberos_5 | 1.8.3 | |
| mit | kerberos_5 | 1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "032730AE-1E53-4CA2-96FD-AD60CD27F3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C382DAA-68D2-4DD9-BE29-8EEB0BAF1A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73BB258E-51CF-4D12-836B-BCEA587A3F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F81DE01C-BA3B-40B4-BD85-17692F0AF8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B09C090-B842-43C7-B8A6-DBF63D80FEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36823B2B-5C72-4FF3-9301-FB263EB8CE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59AFA33E-FEBC-45F5-9EC6-8AA363163FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04D83332-B2FD-4E86-A76C-C3F1CD3B3A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "758A0011-20ED-414A-9DF3-50A161DF8BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86738633-C081-4440-9F75-A775D6DF2228",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence."
},
{
"lang": "es",
"value": "La implementaci\u00f3n unparse en el Key Distribution Center (KDC) de MIT Kerberos v5 (tambi\u00e9n conocido como krb5) v1.6.x a v1.9, cuando se usa un backend LDAP, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de descriptor de archivo y bloqueo del demonio) a trav\u00e9s de un nombre principal que desencadena el uso de una secuencia de escape barra diagonal inversa, como se demuestra por una secuencia de \\n."
}
],
"id": "CVE-2011-0281",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-10T18:00:55.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43260"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43273"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43275"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8073"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46265"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025037"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-05-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygnus:cygnus_network_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05857121-8827-45FD-886F-4269E0336036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygnus:kerbnet:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1B0821-64F1-46E3-8DD3-12FFD1B037F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB8BD89-F049-4C3B-8744-E8D00D752DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA60A9-10E1-4ACD-819C-17801FAD7671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E47F0770-67D7-42EE-A1AD-9D5B5E83BF2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges."
}
],
"id": "CVE-2000-0390",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4884"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1220"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-16 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 5_1.13 | |
| mit | kerberos_5 | 1.12 | |
| mit | kerberos_5 | 1.12.1 | |
| mit | kerberos_5 | 1.12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5_1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "867316AC-64F2-437A-9A83-EBA0F92C6786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "79A9FAE9-7219-4D6A-9E94-FFE20223537D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA68BC90-FCFC-4C9B-8574-9029DB2358E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0A28CB-173D-4676-B083-E3718213B840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command."
},
{
"lang": "es",
"value": "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) 1.12.x y 1.13.x anterior a 1.13.1, cuando el KDC utiliza LDAP, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda del demonio) mediante la creaci\u00f3n de una entrada de la base de datos para un principal sin clave, tal y como fur demostrado por un comando kadmin \u0027add_principal -nokey\u0027 o \u0027purgekeys -all\u0027."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2014-5354",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-16T23:59:01.247",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71680"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031376"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2498-1"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2498-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1998-11-05 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:v:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB38284-7E3B-4D2C-A147-D9B3898E31A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing."
}
],
"id": "CVE-1999-1321",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1998-11-05T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.netspace.org/cgi-bin/wa?A2=ind9811A\u0026L=bugtraq\u0026P=R4814"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.netspace.org/cgi-bin/wa?A2=ind9811A\u0026L=bugtraq\u0026P=R4814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4883"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-09 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mit | kerberos | 5-1.6.3 | |
| mit | kerberos_5 | - | |
| mit | kerberos_5 | 1.5 | |
| mit | kerberos_5 | 1.5.1 | |
| mit | kerberos_5 | 1.5.2 | |
| mit | kerberos_5 | 1.5.3 | |
| mit | kerberos_5 | 1.6 | |
| mit | kerberos_5 | 1.6.1 | |
| mit | kerberos_5 | 1.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "032730AE-1E53-4CA2-96FD-AD60CD27F3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "589D7E39-A243-49F9-8F67-4B9E92AE87DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD315AE-868B-4061-BF01-CDBF59B02499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B639DD5F-71C7-4D9B-BA5C-51CAF64140B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B904DCE-D59F-45C7-A814-DE42CF02792D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9957FE9E-1E89-4C27-852C-44F866A1834E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C382DAA-68D2-4DD9-BE29-8EEB0BAF1A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73BB258E-51CF-4D12-836B-BCEA587A3F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F81DE01C-BA3B-40B4-BD85-17692F0AF8A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read."
},
{
"lang": "es",
"value": "La funci\u00f3n get_input_token en la implementaci\u00f3n SPNEGO de MIT Kerberos 5 (tambi\u00e9n conocido como krb5) v1.5 hasta v1.6.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) y posiblemente obtener informaci\u00f3n sensible a trav\u00e9s de un valor length modificado que dispara una sobrescritura del b\u00fafer."
}
],
"id": "CVE-2009-0844",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T00:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34594"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34617"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34622"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34628"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34630"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34637"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34640"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34734"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35074"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"source": "cve@mitre.org",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34408"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021867"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6339"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9474"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-0844 (GCVE-0-2009-0844)
Vulnerability from cvelistv5
Published
2009-04-09 00:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "MDVSA-2009:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"name": "VU#662091",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "ADV-2009-0960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"name": "RHSA-2009:0408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"name": "34637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34637"
},
{
"name": "oval:org.mitre.oval:def:9474",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9474"
},
{
"name": "34408",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34408"
},
{
"name": "34640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "256728",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "oval:org.mitre.oval:def:6339",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6339"
},
{
"name": "GLSA-200904-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"name": "34630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34630"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "ADV-2009-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"name": "34617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34734"
},
{
"name": "ADV-2009-2248",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34622"
},
{
"name": "FEDORA-2009-2852",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "1021867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021867"
},
{
"name": "FEDORA-2009-2834",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "34594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "MDVSA-2009:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"name": "VU#662091",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "ADV-2009-0960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"name": "RHSA-2009:0408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"name": "34637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34637"
},
{
"name": "oval:org.mitre.oval:def:9474",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9474"
},
{
"name": "34408",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34408"
},
{
"name": "34640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "256728",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "oval:org.mitre.oval:def:6339",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6339"
},
{
"name": "GLSA-200904-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"name": "34630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34630"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "ADV-2009-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"name": "34617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34734"
},
{
"name": "ADV-2009-2248",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34622"
},
{
"name": "FEDORA-2009-2852",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "1021867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021867"
},
{
"name": "FEDORA-2009-2834",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "34594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html",
"refsource": "MISC",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "MDVSA-2009:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"name": "VU#662091",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "ADV-2009-0960",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"name": "RHSA-2009:0408",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"name": "34637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34637"
},
{
"name": "oval:org.mitre.oval:def:9474",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9474"
},
{
"name": "34408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34408"
},
{
"name": "34640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "256728",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "oval:org.mitre.oval:def:6339",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6339"
},
{
"name": "GLSA-200904-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html",
"refsource": "MISC",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"name": "34630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34630"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "ADV-2009-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"name": "34617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34734"
},
{
"name": "ADV-2009-2248",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058",
"refsource": "MISC",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34622"
},
{
"name": "FEDORA-2009-2852",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "1021867",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021867"
},
{
"name": "FEDORA-2009-2834",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0058",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "34594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0844",
"datePublished": "2009-04-09T00:00:00",
"dateReserved": "2009-03-06T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0548 (GCVE-0-2000-0548)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"name": "RHSA-2000:031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"name": "4875",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"name": "RHSA-2000:031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"name": "4875",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2000-11",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"name": "RHSA-2000:031",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"name": "4875",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0548",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0082 (GCVE-0-2003-0082)
Vulnerability from cvelistv5
Published
2003-03-26 05:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"name": "7185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7185"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "oval:org.mitre.oval:def:4430",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430"
},
{
"name": "oval:org.mitre.oval:def:244",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "54042",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
},
{
"name": "oval:org.mitre.oval:def:2536",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"name": "7185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7185"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "oval:org.mitre.oval:def:4430",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430"
},
{
"name": "oval:org.mitre.oval:def:244",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "54042",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
},
{
"name": "oval:org.mitre.oval:def:2536",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"name": "7185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7185"
},
{
"name": "RHSA-2003:091",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "oval:org.mitre.oval:def:4430",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430"
},
{
"name": "oval:org.mitre.oval:def:244",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244"
},
{
"name": "RHSA-2003:051",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "DSA-266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "54042",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
},
{
"name": "oval:org.mitre.oval:def:2536",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0082",
"datePublished": "2003-03-26T05:00:00",
"dateReserved": "2003-02-10T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5354 (GCVE-0-2014-5354)
Vulnerability from cvelistv5
Published
2014-12-16 23:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html"
},
{
"name": "71680",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71680"
},
{
"name": "1031376",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031376"
},
{
"name": "USN-2498-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2498-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2015:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html"
},
{
"name": "71680",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71680"
},
{
"name": "1031376",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031376"
},
{
"name": "USN-2498-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2498-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0542",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html"
},
{
"name": "71680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71680"
},
{
"name": "1031376",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031376"
},
{
"name": "USN-2498-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2498-1"
},
{
"name": "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5354",
"datePublished": "2014-12-16T23:00:00",
"dateReserved": "2014-08-19T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0283 (GCVE-0-2010-0283)
Vulnerability from cvelistv5
Published
2010-02-21 22:00
Modified
2024-08-07 00:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "38260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38260"
},
{
"name": "USN-916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-916-1"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt"
},
{
"name": "FEDORA-2010-1722",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html"
},
{
"name": "1023593",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023593"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "39023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39023"
},
{
"name": "20100216 MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509553/100/0/threaded"
},
{
"name": "38598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "38260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38260"
},
{
"name": "USN-916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-916-1"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt"
},
{
"name": "FEDORA-2010-1722",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html"
},
{
"name": "1023593",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023593"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "39023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39023"
},
{
"name": "20100216 MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509553/100/0/threaded"
},
{
"name": "38598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38598"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "38260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38260"
},
{
"name": "USN-916-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-916-1"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt"
},
{
"name": "FEDORA-2010-1722",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html"
},
{
"name": "1023593",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023593"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "39023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39023"
},
{
"name": "20100216 MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509553/100/0/threaded"
},
{
"name": "38598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38598"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0283",
"datePublished": "2010-02-21T22:00:00",
"dateReserved": "2010-01-12T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20217 (GCVE-0-2018-20217)
Vulnerability from cvelistv5
Published
2018-12-26 20:00
Modified
2024-08-05 11:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2018-7db7ccda4d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"
},
{
"name": "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0006/"
},
{
"name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-30T21:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2018-7db7ccda4d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"
},
{
"name": "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0006/"
},
{
"name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2018-7db7ccda4d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/"
},
{
"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763",
"refsource": "CONFIRM",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"
},
{
"name": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"
},
{
"name": "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190416-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190416-0006/"
},
{
"name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20217",
"datePublished": "2018-12-26T20:00:00",
"dateReserved": "2018-12-19T00:00:00",
"dateUpdated": "2024-08-05T11:58:19.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0546 (GCVE-0-2000-0546)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "1338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1338"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "1338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1338"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2000-11",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "1338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1338"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0546",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4342 (GCVE-0-2014-4342)
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 11:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"
},
{
"name": "68908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68908"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2015:0439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"
},
{
"name": "DSA-3000",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3000"
},
{
"name": "mit-kerberos-cve20144342-dos(94903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94903"
},
{
"name": "MDVSA-2014:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"
},
{
"name": "1030706",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030706"
},
{
"name": "60082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0345.html"
},
{
"name": "59102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"
},
{
"name": "68908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68908"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2015:0439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"
},
{
"name": "DSA-3000",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3000"
},
{
"name": "mit-kerberos-cve20144342-dos(94903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94903"
},
{
"name": "MDVSA-2014:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"
},
{
"name": "1030706",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030706"
},
{
"name": "60082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0345.html"
},
{
"name": "59102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"
},
{
"name": "68908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68908"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2015:0439",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
},
{
"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949",
"refsource": "CONFIRM",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"
},
{
"name": "DSA-3000",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3000"
},
{
"name": "mit-kerberos-cve20144342-dos(94903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94903"
},
{
"name": "MDVSA-2014:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"
},
{
"name": "1030706",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030706"
},
{
"name": "60082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60082"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0345.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0345.html"
},
{
"name": "59102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4342",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-06-20T00:00:00",
"dateUpdated": "2024-08-06T11:12:35.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0281 (GCVE-0-2011-0281)
Vulnerability from cvelistv5
Published
2011-02-10 17:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "46265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46265"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "ADV-2011-0347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-descriptor-dos(65324)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324"
},
{
"name": "ADV-2011-0330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "[kerberos] 20101222 LDAP handle unavailable: Can\u0027t contact LDAP server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html"
},
{
"name": "43275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2011:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "46265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46265"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "ADV-2011-0347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-descriptor-dos(65324)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324"
},
{
"name": "ADV-2011-0330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "[kerberos] 20101222 LDAP handle unavailable: Can\u0027t contact LDAP server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html"
},
{
"name": "43275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:025",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "46265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46265"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "ADV-2011-0347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43273"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-descriptor-dos(65324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324"
},
{
"name": "ADV-2011-0330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "[kerberos] 20101222 LDAP handle unavailable: Can\u0027t contact LDAP server",
"refsource": "MLIST",
"url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html"
},
{
"name": "43275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0281",
"datePublished": "2011-02-10T17:00:00",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-06T21:51:07.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0391 (GCVE-0-2000-0391)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "4876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4876"
},
{
"name": "RHSA-2000:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "CA-2000-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "4876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4876"
},
{
"name": "RHSA-2000:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "CA-2000-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:20",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "4876",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4876"
},
{
"name": "RHSA-2000:025",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "CA-2000-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0391",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-06-14T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0072 (GCVE-0-2003-0072)
Vulnerability from cvelistv5
Published
2003-03-26 05:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "7184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7184"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "54042",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka \"array overrun\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "7184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7184"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "54042",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka \"array overrun\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt"
},
{
"name": "RHSA-2003:051",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "7184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7184"
},
{
"name": "DSA-266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "54042",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0072",
"datePublished": "2003-03-26T05:00:00",
"dateReserved": "2003-02-04T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0390 (GCVE-0-2000-0390)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "RHSA-2000:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "4884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4884"
},
{
"name": "CA-2000-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "RHSA-2000:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "4884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4884"
},
{
"name": "CA-2000-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:20",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "RHSA-2000:025",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "4884",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4884"
},
{
"name": "CA-2000-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0390",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-06-14T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0554 (GCVE-0-2001-0554)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2001:413",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000413"
},
{
"name": "MDKSA-2001:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3"
},
{
"name": "L-131",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/l-131.shtml"
},
{
"name": "SSRT0745U",
"tags": [
"vendor-advisory",
"x_refsource_COMPAQ",
"x_transferred"
],
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml"
},
{
"name": "telnetd-option-telrcv-bo(6875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6875"
},
{
"name": "809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/809"
},
{
"name": "MSS-OAR-E01-2001:298",
"tags": [
"vendor-advisory",
"x_refsource_IBM",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/3476"
},
{
"name": "20010725 Telnetd AYT overflow scanner",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/199496"
},
{
"name": "20010810 ADV/EXP: netkit \u003c=0.17 in.telnetd remote buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/203000"
},
{
"name": "3064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3064"
},
{
"name": "RHSA-2001:100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-100.html"
},
{
"name": "SuSE-SA:2001:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html"
},
{
"name": "CSSA-2001-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt"
},
{
"name": "RHSA-2001:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-099.html"
},
{
"name": "20020129 Cisco CatOS Telnet Buffer Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml"
},
{
"name": "HPSBUX0110-172",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0014.html"
},
{
"name": "DSA-075",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-075"
},
{
"name": "20010718 multiple vendor telnet daemon vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/197804"
},
{
"name": "CA-2001-21",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-21.html"
},
{
"name": "FreeBSD-SA-01:49",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc"
},
{
"name": "CSSA-2001-030.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt"
},
{
"name": "DSA-070",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-070"
},
{
"name": "20010725 SCO - Telnetd AYT overflow ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/199541"
},
{
"name": "20010801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P"
},
{
"name": "NetBSD-SA2001-012",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2001:413",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000413"
},
{
"name": "MDKSA-2001:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3"
},
{
"name": "L-131",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/l-131.shtml"
},
{
"name": "SSRT0745U",
"tags": [
"vendor-advisory",
"x_refsource_COMPAQ"
],
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml"
},
{
"name": "telnetd-option-telrcv-bo(6875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6875"
},
{
"name": "809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/809"
},
{
"name": "MSS-OAR-E01-2001:298",
"tags": [
"vendor-advisory",
"x_refsource_IBM"
],
"url": "http://online.securityfocus.com/advisories/3476"
},
{
"name": "20010725 Telnetd AYT overflow scanner",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/199496"
},
{
"name": "20010810 ADV/EXP: netkit \u003c=0.17 in.telnetd remote buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/203000"
},
{
"name": "3064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3064"
},
{
"name": "RHSA-2001:100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-100.html"
},
{
"name": "SuSE-SA:2001:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html"
},
{
"name": "CSSA-2001-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt"
},
{
"name": "RHSA-2001:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-099.html"
},
{
"name": "20020129 Cisco CatOS Telnet Buffer Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml"
},
{
"name": "HPSBUX0110-172",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0014.html"
},
{
"name": "DSA-075",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-075"
},
{
"name": "20010718 multiple vendor telnet daemon vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/197804"
},
{
"name": "CA-2001-21",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-21.html"
},
{
"name": "FreeBSD-SA-01:49",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc"
},
{
"name": "CSSA-2001-030.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt"
},
{
"name": "DSA-070",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-070"
},
{
"name": "20010725 SCO - Telnetd AYT overflow ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/199541"
},
{
"name": "20010801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P"
},
{
"name": "NetBSD-SA2001-012",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2001:413",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000413"
},
{
"name": "MDKSA-2001:068",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3"
},
{
"name": "L-131",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/l-131.shtml"
},
{
"name": "SSRT0745U",
"refsource": "COMPAQ",
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml"
},
{
"name": "telnetd-option-telrcv-bo(6875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6875"
},
{
"name": "809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/809"
},
{
"name": "MSS-OAR-E01-2001:298",
"refsource": "IBM",
"url": "http://online.securityfocus.com/advisories/3476"
},
{
"name": "20010725 Telnetd AYT overflow scanner",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/199496"
},
{
"name": "20010810 ADV/EXP: netkit \u003c=0.17 in.telnetd remote buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/203000"
},
{
"name": "3064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3064"
},
{
"name": "RHSA-2001:100",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-100.html"
},
{
"name": "SuSE-SA:2001:029",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html"
},
{
"name": "CSSA-2001-SCO.10",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt"
},
{
"name": "RHSA-2001:099",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-099.html"
},
{
"name": "20020129 Cisco CatOS Telnet Buffer Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml"
},
{
"name": "HPSBUX0110-172",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0014.html"
},
{
"name": "DSA-075",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-075"
},
{
"name": "20010718 multiple vendor telnet daemon vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/197804"
},
{
"name": "CA-2001-21",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-21.html"
},
{
"name": "FreeBSD-SA-01:49",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc"
},
{
"name": "CSSA-2001-030.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt"
},
{
"name": "DSA-070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-070"
},
{
"name": "20010725 SCO - Telnetd AYT overflow ?",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/199541"
},
{
"name": "20010801-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P"
},
{
"name": "NetBSD-SA2001-012",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0554",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-07-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0417 (GCVE-0-2001-0417)
Vulnerability from cvelistv5
Published
2001-05-24 04:00
Modified
2024-08-08 04:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:37.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010307 Security advisory: Unsafe temporary file handling in krb4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html"
},
{
"name": "RHSA-2001:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-04-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010307 Security advisory: Unsafe temporary file handling in krb4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html"
},
{
"name": "RHSA-2001:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010307 Security advisory: Unsafe temporary file handling in krb4",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html"
},
{
"name": "RHSA-2001:025",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0417",
"datePublished": "2001-05-24T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:37.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0139 (GCVE-0-2003-0139)
Vulnerability from cvelistv5
Published
2003-03-21 05:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "VU#442569",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/442569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "DSA-273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"name": "oval:org.mitre.oval:def:250",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "20030330 GLSA: openafs (200303-26)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/317130/30/25250/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and \"ticket splicing.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "VU#442569",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/442569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "DSA-273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"name": "oval:org.mitre.oval:def:250",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "20030330 GLSA: openafs (200303-26)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/317130/30/25250/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and \"ticket splicing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "VU#442569",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/442569"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"name": "RHSA-2003:091",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "DSA-273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"name": "oval:org.mitre.oval:def:250",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250"
},
{
"name": "RHSA-2003:051",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"name": "DSA-266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "20030330 GLSA: openafs (200303-26)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/317130/30/25250/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0139",
"datePublished": "2003-03-21T05:00:00",
"dateReserved": "2003-03-13T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0389 (GCVE-0-2000-0389)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "RHSA-2000:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "CA-2000-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "RHSA-2000:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "CA-2000-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:20",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "RHSA-2000:025",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "CA-2000-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0389",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-06-14T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4212 (GCVE-0-2009-4212)
Vulnerability from cvelistv5
Published
2010-01-13 19:00
Modified
2024-08-07 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "38140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38140"
},
{
"name": "ADV-2010-0096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0096"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100074869"
},
{
"name": "38126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38126"
},
{
"name": "DSA-1969",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1969"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "USN-881-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-881-1"
},
{
"name": "SSRT100495",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
},
{
"name": "FEDORA-2010-0503",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
},
{
"name": "MDVSA-2010:006",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
},
{
"name": "1023440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023440"
},
{
"name": "38080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38080"
},
{
"name": "275530",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
},
{
"name": "1021779",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
},
{
"name": "oval:org.mitre.oval:def:8192",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
},
{
"name": "38203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
},
{
"name": "FEDORA-2010-0515",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "38108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38108"
},
{
"name": "37749",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37749"
},
{
"name": "oval:org.mitre.oval:def:11272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
},
{
"name": "RHSA-2010:0029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "oval:org.mitre.oval:def:7357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
},
{
"name": "38696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38696"
},
{
"name": "ADV-2010-0129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0129"
},
{
"name": "HPSBOV02682",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "38184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2010-06-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "38140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38140"
},
{
"name": "ADV-2010-0096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0096"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100074869"
},
{
"name": "38126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38126"
},
{
"name": "DSA-1969",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1969"
},
{
"name": "ADV-2010-1481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "USN-881-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-881-1"
},
{
"name": "SSRT100495",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
},
{
"name": "FEDORA-2010-0503",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
},
{
"name": "MDVSA-2010:006",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
},
{
"name": "1023440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023440"
},
{
"name": "38080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38080"
},
{
"name": "275530",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
},
{
"name": "1021779",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
},
{
"name": "oval:org.mitre.oval:def:8192",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
},
{
"name": "38203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
},
{
"name": "FEDORA-2010-0515",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40220"
},
{
"name": "38108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38108"
},
{
"name": "37749",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37749"
},
{
"name": "oval:org.mitre.oval:def:11272",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
},
{
"name": "RHSA-2010:0029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "oval:org.mitre.oval:def:7357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
},
{
"name": "38696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38696"
},
{
"name": "ADV-2010-0129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0129"
},
{
"name": "HPSBOV02682",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "38184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "38140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38140"
},
{
"name": "ADV-2010-0096",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0096"
},
{
"name": "http://support.avaya.com/css/P8/documents/100074869",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100074869"
},
{
"name": "38126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38126"
},
{
"name": "DSA-1969",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1969"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "USN-881-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-881-1"
},
{
"name": "SSRT100495",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt"
},
{
"name": "FEDORA-2010-0503",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html"
},
{
"name": "MDVSA-2010:006",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:006"
},
{
"name": "1023440",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023440"
},
{
"name": "38080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38080"
},
{
"name": "275530",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1"
},
{
"name": "1021779",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1"
},
{
"name": "oval:org.mitre.oval:def:8192",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192"
},
{
"name": "38203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38203"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=545015",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015"
},
{
"name": "FEDORA-2010-0515",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "38108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38108"
},
{
"name": "37749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37749"
},
{
"name": "oval:org.mitre.oval:def:11272",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272"
},
{
"name": "RHSA-2010:0029",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0029.html"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "oval:org.mitre.oval:def:7357",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357"
},
{
"name": "38696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38696"
},
{
"name": "ADV-2010-0129",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0129"
},
{
"name": "HPSBOV02682",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "38184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4212",
"datePublished": "2010-01-13T19:00:00",
"dateReserved": "2009-12-04T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5709 (GCVE-0-2018-5709)
Vulnerability from cvelistv5
Published
2018-01-16 09:00
Modified
2024-08-05 05:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T16:06:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
"refsource": "MISC",
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5709",
"datePublished": "2018-01-16T09:00:00",
"dateReserved": "2018-01-16T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6800 (GCVE-0-2013-6800)
Vulnerability from cvelistv5
Published
2013-11-16 11:00
Modified
2024-08-06 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757"
},
{
"name": "63770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757"
},
{
"name": "63770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d"
},
{
"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757",
"refsource": "CONFIRM",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757"
},
{
"name": "63770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6800",
"datePublished": "2013-11-16T11:00:00",
"dateReserved": "2013-11-15T00:00:00",
"dateUpdated": "2024-08-06T17:46:23.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0847 (GCVE-0-2009-0847)
Vulnerability from cvelistv5
Published
2009-04-09 00:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "MDVSA-2009:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"name": "VU#662091",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "ADV-2009-0960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"name": "oval:org.mitre.oval:def:6387",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387"
},
{
"name": "34637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34637"
},
{
"name": "ADV-2009-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2084"
},
{
"name": "34408",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34408"
},
{
"name": "34640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "1021993",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021993"
},
{
"name": "256728",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "GLSA-200904-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "ADV-2009-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"name": "34617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34734"
},
{
"name": "ADV-2009-2248",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34622"
},
{
"name": "FEDORA-2009-2852",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "FEDORA-2009-2834",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "34594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"name": "HPSBUX02421",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
},
{
"name": "SSRT090047",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "MDVSA-2009:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"name": "VU#662091",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "ADV-2009-0960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"name": "oval:org.mitre.oval:def:6387",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387"
},
{
"name": "34637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34637"
},
{
"name": "ADV-2009-2084",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2084"
},
{
"name": "34408",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34408"
},
{
"name": "34640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "1021993",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021993"
},
{
"name": "256728",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "GLSA-200904-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "ADV-2009-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"name": "34617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34734"
},
{
"name": "ADV-2009-2248",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34622"
},
{
"name": "FEDORA-2009-2852",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "FEDORA-2009-2834",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "34594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"name": "HPSBUX02421",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
},
{
"name": "SSRT090047",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html",
"refsource": "MISC",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "MDVSA-2009:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"name": "VU#662091",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "ADV-2009-0960",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"name": "oval:org.mitre.oval:def:6387",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387"
},
{
"name": "34637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34637"
},
{
"name": "ADV-2009-2084",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2084"
},
{
"name": "34408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34408"
},
{
"name": "34640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "1021993",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021993"
},
{
"name": "256728",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "GLSA-200904-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html",
"refsource": "MISC",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "ADV-2009-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"name": "34617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34734"
},
{
"name": "ADV-2009-2248",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058",
"refsource": "MISC",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34622"
},
{
"name": "FEDORA-2009-2852",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "FEDORA-2009-2834",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0058",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "34594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"name": "HPSBUX02421",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
},
{
"name": "SSRT090047",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124896429301168\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0847",
"datePublished": "2009-04-09T00:00:00",
"dateReserved": "2009-03-06T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0282 (GCVE-0-2011-0282)
Vulnerability from cvelistv5
Published
2011-02-10 17:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "46271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46271"
},
{
"name": "ADV-2011-0347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-dos(65323)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
},
{
"name": "ADV-2011-0330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "43275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2011:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "46271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46271"
},
{
"name": "ADV-2011-0347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-dos(65323)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
},
{
"name": "ADV-2011-0330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "43275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:025",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "46271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46271"
},
{
"name": "ADV-2011-0347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43273"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-dos(65323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
},
{
"name": "ADV-2011-0330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "43275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0282",
"datePublished": "2011-02-10T17:00:00",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-06T21:51:07.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1321 (GCVE-0-1999-1321)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-01 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19981105 security patch for ssh-1.2.26 kerberos code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://lists.netspace.org/cgi-bin/wa?A2=ind9811A\u0026L=bugtraq\u0026P=R4814"
},
{
"name": "4883",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1998-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19981105 security patch for ssh-1.2.26 kerberos code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://lists.netspace.org/cgi-bin/wa?A2=ind9811A\u0026L=bugtraq\u0026P=R4814"
},
{
"name": "4883",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19981105 security patch for ssh-1.2.26 kerberos code",
"refsource": "BUGTRAQ",
"url": "http://lists.netspace.org/cgi-bin/wa?A2=ind9811A\u0026L=bugtraq\u0026P=R4814"
},
{
"name": "4883",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1321",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0547 (GCVE-0-2000-0547)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "1338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1338"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "1338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1338"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2000-11",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "1338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1338"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0547",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1323 (GCVE-0-2010-1323)
Vulnerability from cvelistv5
Published
2010-12-02 16:00
Modified
2024-08-07 01:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name": "ADV-2010-3094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "MDVSA-2010:246",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"
},
{
"name": "FEDORA-2010-18425",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"
},
{
"name": "45118",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45118"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/1035108"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "ADV-2010-3118",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3118"
},
{
"name": "SSRT100495",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:12121",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"
},
{
"name": "ADV-2011-0187",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0187"
},
{
"name": "MDVSA-2010:245",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"
},
{
"name": "69610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69610"
},
{
"name": "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"
},
{
"name": "RHSA-2010:0926",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"
},
{
"name": "SUSE-SR:2010:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42420"
},
{
"name": "HPSBUX02623",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"
},
{
"name": "SSRT100355",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"name": "ADV-2010-3095",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "ADV-2010-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3101"
},
{
"name": "42399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42399"
},
{
"name": "SUSE-SU-2012:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name": "1024803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024803"
},
{
"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name": "FEDORA-2010-18409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "RHSA-2010:0925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"
},
{
"name": "USN-1030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1030-1"
},
{
"name": "HPSBOV02682",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "43015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4581"
},
{
"name": "DSA-2129",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2129"
},
{
"name": "42436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2012:0042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name": "ADV-2010-3094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "MDVSA-2010:246",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"
},
{
"name": "FEDORA-2010-18425",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"
},
{
"name": "45118",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45118"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/1035108"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "ADV-2010-3118",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3118"
},
{
"name": "SSRT100495",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:12121",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"
},
{
"name": "ADV-2011-0187",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0187"
},
{
"name": "MDVSA-2010:245",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"
},
{
"name": "69610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69610"
},
{
"name": "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"
},
{
"name": "RHSA-2010:0926",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"
},
{
"name": "SUSE-SR:2010:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42420"
},
{
"name": "HPSBUX02623",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"
},
{
"name": "SSRT100355",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"name": "ADV-2010-3095",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "ADV-2010-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3101"
},
{
"name": "42399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42399"
},
{
"name": "SUSE-SU-2012:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name": "1024803",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024803"
},
{
"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name": "FEDORA-2010-18409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "RHSA-2010:0925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"
},
{
"name": "USN-1030-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1030-1"
},
{
"name": "HPSBOV02682",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "43015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4581"
},
{
"name": "DSA-2129",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2129"
},
{
"name": "42436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name": "ADV-2010-3094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3094"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "MDVSA-2010:246",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"
},
{
"name": "FEDORA-2010-18425",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"
},
{
"name": "45118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45118"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "http://kb.vmware.com/kb/1035108",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/kb/1035108"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "ADV-2010-3118",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3118"
},
{
"name": "SSRT100495",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:12121",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"
},
{
"name": "ADV-2011-0187",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0187"
},
{
"name": "MDVSA-2010:245",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"
},
{
"name": "69610",
"refsource": "OSVDB",
"url": "http://osvdb.org/69610"
},
{
"name": "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"
},
{
"name": "RHSA-2010:0926",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"
},
{
"name": "SUSE-SR:2010:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42420"
},
{
"name": "HPSBUX02623",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"
},
{
"name": "SSRT100355",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
},
{
"name": "ADV-2010-3095",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3095"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "ADV-2010-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3101"
},
{
"name": "42399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42399"
},
{
"name": "SUSE-SU-2012:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name": "1024803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024803"
},
{
"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name": "FEDORA-2010-18409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "RHSA-2010:0925",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"
},
{
"name": "USN-1030-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1030-1"
},
{
"name": "HPSBOV02682",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497213107107\u0026w=2"
},
{
"name": "43015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43015"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
},
{
"name": "DSA-2129",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2129"
},
{
"name": "42436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1323",
"datePublished": "2010-12-02T16:00:00",
"dateReserved": "2010-04-08T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0549 (GCVE-0-2000-0549)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"name": "RHSA-2000:031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"name": "RHSA-2000:031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2000-11",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"name": "RHSA-2000:031",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0549",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0138 (GCVE-0-2003-0138)
Vulnerability from cvelistv5
Published
2003-03-21 05:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-269",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-269"
},
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"name": "oval:org.mitre.oval:def:248",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "DSA-273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "VU#623217",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/623217"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"name": "7113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-269",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-269"
},
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"name": "oval:org.mitre.oval:def:248",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "DSA-273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "VU#623217",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/623217"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"name": "7113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-269",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-269"
},
{
"name": "RHSA-2003:052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"name": "oval:org.mitre.oval:def:248",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248"
},
{
"name": "RHSA-2003:091",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "DSA-273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"name": "RHSA-2003:051",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "VU#623217",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/623217"
},
{
"name": "DSA-266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104791775804776\u0026w=2"
},
{
"name": "7113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0138",
"datePublished": "2003-03-21T05:00:00",
"dateReserved": "2003-03-13T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0143 (GCVE-0-1999-0143)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:46:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0143",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0143",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0550 (GCVE-0-2000-0550)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"name": "RHSA-2000:031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"name": "1465",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kerberos 4 KDC program improperly frees memory twice (aka \"double-free\"), which allows remote attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2000-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"name": "RHSA-2000:031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"name": "1465",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerberos 4 KDC program improperly frees memory twice (aka \"double-free\"), which allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2000-11",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-11.html"
},
{
"name": "K-051",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/k-051.shtml"
},
{
"name": "20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt"
},
{
"name": "RHSA-2000:031",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-031.html"
},
{
"name": "1465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0550",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0845 (GCVE-0-2009-0845)
Vulnerability from cvelistv5
Published
2009-03-27 16:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"name": "VU#662091",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "34257",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34257"
},
{
"name": "ADV-2009-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0847"
},
{
"name": "34347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34347"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875\u0026r2=22084"
},
{
"name": "RHSA-2009:0408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"name": "34637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34637"
},
{
"name": "34640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "MDVSA-2009:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:082"
},
{
"name": "256728",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "GLSA-200904-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"name": "34630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34630"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "ADV-2009-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"name": "34617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34734"
},
{
"name": "kerberos-spnego-dos(49448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49448"
},
{
"name": "oval:org.mitre.oval:def:6449",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449"
},
{
"name": "ADV-2009-2248",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=6402"
},
{
"name": "FEDORA-2009-2852",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "1021867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021867"
},
{
"name": "FEDORA-2009-2834",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "oval:org.mitre.oval:def:10044",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "34594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"name": "VU#662091",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "34257",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34257"
},
{
"name": "ADV-2009-0847",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0847"
},
{
"name": "34347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34347"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875\u0026r2=22084"
},
{
"name": "RHSA-2009:0408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"name": "34637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34637"
},
{
"name": "34640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "MDVSA-2009:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:082"
},
{
"name": "256728",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "GLSA-200904-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"name": "34630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34630"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "ADV-2009-1057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"name": "34617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34734"
},
{
"name": "kerberos-spnego-dos(49448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49448"
},
{
"name": "oval:org.mitre.oval:def:6449",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449"
},
{
"name": "ADV-2009-2248",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=6402"
},
{
"name": "FEDORA-2009-2852",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "1021867",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021867"
},
{
"name": "FEDORA-2009-2834",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "oval:org.mitre.oval:def:10044",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "34594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html",
"refsource": "MISC",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded"
},
{
"name": "VU#662091",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "34257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34257"
},
{
"name": "ADV-2009-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0847"
},
{
"name": "34347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34347"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"name": "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875\u0026r2=22084",
"refsource": "CONFIRM",
"url": "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875\u0026r2=22084"
},
{
"name": "RHSA-2009:0408",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"name": "34637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34637"
},
{
"name": "34640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "MDVSA-2009:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:082"
},
{
"name": "256728",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "GLSA-200904-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html",
"refsource": "MISC",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"name": "34630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34630"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "ADV-2009-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt"
},
{
"name": "34617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34734"
},
{
"name": "kerberos-spnego-dos(49448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49448"
},
{
"name": "oval:org.mitre.oval:def:6449",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449"
},
{
"name": "ADV-2009-2248",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058",
"refsource": "MISC",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34622"
},
{
"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=6402",
"refsource": "CONFIRM",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest\u0026pass=guest\u0026id=6402"
},
{
"name": "FEDORA-2009-2852",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "1021867",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021867"
},
{
"name": "FEDORA-2009-2834",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0058",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "oval:org.mitre.oval:def:10044",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044"
},
{
"name": "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084",
"refsource": "CONFIRM",
"url": "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "34594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0845",
"datePublished": "2009-03-27T16:00:00",
"dateReserved": "2009-03-06T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0392 (GCVE-0-2000-0392)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "RHSA-2000:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "CA-2000-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:20",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "RHSA-2000:025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "CA-2000-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:20",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html"
},
{
"name": "RHSA-2000:025",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-025.html"
},
{
"name": "CA-2000-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-06.html"
},
{
"name": "20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html"
},
{
"name": "1220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0392",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-06-14T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0523 (GCVE-0-2004-0523)
Vulnerability from cvelistv5
Published
2004-06-03 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2004:860",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860"
},
{
"name": "FEDORA-2004-149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lwn.net/Articles/88206/"
},
{
"name": "RHSA-2004:236",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-236.html"
},
{
"name": "oval:org.mitre.oval:def:991",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991"
},
{
"name": "DSA-520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-520"
},
{
"name": "oval:org.mitre.oval:def:724",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724"
},
{
"name": "20040601 MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108612325909496\u0026w=2"
},
{
"name": "VU#686862",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/686862"
},
{
"name": "GLSA-200406-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "Kerberos-krb5anametolocalname-bo(16268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16268"
},
{
"name": "20040602 TSSA-2004-009 - kerberos5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108619161815320\u0026w=2"
},
{
"name": "MDKSA-2004:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056"
},
{
"name": "101512",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1"
},
{
"name": "2004-0032",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108619250923790\u0026w=2"
},
{
"name": "10448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10448"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:2002",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002"
},
{
"name": "oval:org.mitre.oval:def:10295",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2004:860",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860"
},
{
"name": "FEDORA-2004-149",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lwn.net/Articles/88206/"
},
{
"name": "RHSA-2004:236",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-236.html"
},
{
"name": "oval:org.mitre.oval:def:991",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991"
},
{
"name": "DSA-520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-520"
},
{
"name": "oval:org.mitre.oval:def:724",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724"
},
{
"name": "20040601 MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108612325909496\u0026w=2"
},
{
"name": "VU#686862",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/686862"
},
{
"name": "GLSA-200406-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml"
},
{
"name": "20040605-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "Kerberos-krb5anametolocalname-bo(16268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16268"
},
{
"name": "20040602 TSSA-2004-009 - kerberos5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108619161815320\u0026w=2"
},
{
"name": "MDKSA-2004:056",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056"
},
{
"name": "101512",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1"
},
{
"name": "2004-0032",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108619250923790\u0026w=2"
},
{
"name": "10448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10448"
},
{
"name": "20040604-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:2002",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002"
},
{
"name": "oval:org.mitre.oval:def:10295",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2004:860",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860"
},
{
"name": "FEDORA-2004-149",
"refsource": "FEDORA",
"url": "http://lwn.net/Articles/88206/"
},
{
"name": "RHSA-2004:236",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-236.html"
},
{
"name": "oval:org.mitre.oval:def:991",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991"
},
{
"name": "DSA-520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-520"
},
{
"name": "oval:org.mitre.oval:def:724",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724"
},
{
"name": "20040601 MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108612325909496\u0026w=2"
},
{
"name": "VU#686862",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/686862"
},
{
"name": "GLSA-200406-21",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml"
},
{
"name": "20040605-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "Kerberos-krb5anametolocalname-bo(16268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16268"
},
{
"name": "20040602 TSSA-2004-009 - kerberos5",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108619161815320\u0026w=2"
},
{
"name": "MDKSA-2004:056",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056"
},
{
"name": "101512",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1"
},
{
"name": "2004-0032",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq\u0026m=108619250923790\u0026w=2"
},
{
"name": "10448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10448"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:2002",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002"
},
{
"name": "oval:org.mitre.oval:def:10295",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0523",
"datePublished": "2004-06-03T04:00:00",
"dateReserved": "2004-06-03T00:00:00",
"dateUpdated": "2024-08-08T00:24:25.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11368 (GCVE-0-2017-11368)
Vulnerability from cvelistv5
Published
2017-08-09 18:00
Modified
2024-08-05 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"
},
{
"name": "FEDORA-2017-e5b36383f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/"
},
{
"name": "RHSA-2018:0666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0666"
},
{
"name": "100291",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100291"
},
{
"name": "FEDORA-2017-8e9d9771c4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"
},
{
"name": "FEDORA-2017-e5b36383f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/"
},
{
"name": "RHSA-2018:0666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0666"
},
{
"name": "100291",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100291"
},
{
"name": "FEDORA-2017-8e9d9771c4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"
},
{
"name": "FEDORA-2017-e5b36383f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/"
},
{
"name": "RHSA-2018:0666",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0666"
},
{
"name": "100291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100291"
},
{
"name": "FEDORA-2017-8e9d9771c4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11368",
"datePublished": "2017-08-09T18:00:00",
"dateReserved": "2017-07-17T00:00:00",
"dateUpdated": "2024-08-05T18:05:30.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5710 (GCVE-0-2018-5710)
Vulnerability from cvelistv5
Published
2018-01-16 09:00
Modified
2024-08-05 05:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)",
"refsource": "MISC",
"url": "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5710",
"datePublished": "2018-01-16T09:00:00",
"dateReserved": "2018-01-16T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}