Vulnerabilities (CVE)

Filtered by vendor Mit Subscribe
Total 152 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5894 1 Mit 1 Kerberos 5 2024-05-17 9.3 HIGH N/A
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.
CVE-2006-6143 2 Canonical, Mit 2 Ubuntu Linux, Kerberos 5 2024-02-09 9.3 HIGH N/A
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2007-4000 2 Fedoraproject, Mit 2 Fedora, Kerberos 5 2024-02-09 8.5 HIGH N/A
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
CVE-2007-2442 3 Canonical, Debian, Mit 3 Ubuntu Linux, Debian Linux, Kerberos 5 2024-02-09 10.0 HIGH N/A
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
CVE-2009-0846 5 Apple, Canonical, Fedoraproject and 2 more 9 Mac Os X, Ubuntu Linux, Fedora and 6 more 2024-02-09 10.0 HIGH N/A
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
CVE-2008-0062 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-02-09 9.3 HIGH 9.8 CRITICAL
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
CVE-2008-0063 7 Apple, Canonical, Debian and 4 more 11 Mac Os X, Mac Os X Server, Ubuntu Linux and 8 more 2024-02-09 4.3 MEDIUM 7.5 HIGH
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
CVE-2010-0629 5 Canonical, Fedoraproject, Mit and 2 more 5 Ubuntu Linux, Fedora, Kerberos 5 and 2 more 2024-02-02 4.0 MEDIUM 6.5 MEDIUM
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
CVE-2004-0642 3 Debian, Mit, Redhat 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more 2024-02-02 7.5 HIGH N/A
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
CVE-2004-0772 3 Debian, Mit, Openpkg 3 Debian Linux, Kerberos 5, Openpkg 2024-02-02 7.5 HIGH 9.8 CRITICAL
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
CVE-2005-1689 3 Apple, Debian, Mit 4 Mac Os X, Mac Os X Server, Debian Linux and 1 more 2024-02-02 7.5 HIGH 9.8 CRITICAL
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
CVE-2003-0041 3 Mandrakesoft, Mit, Redhat 4 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 1 more 2024-02-02 10.0 HIGH N/A
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
CVE-2023-39975 1 Mit 1 Kerberos 5 2024-02-01 N/A 8.8 HIGH
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
CVE-2023-36054 3 Debian, Mit, Netapp 7 Debian Linux, Kerberos 5, Active Iq Unified Manager and 4 more 2023-12-10 N/A 6.5 MEDIUM
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
CVE-2022-42898 3 Heimdal Project, Mit, Samba 3 Heimdal, Kerberos 5, Samba 2023-12-10 N/A 8.8 HIGH
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
CVE-2022-39028 4 Debian, Gnu, Mit and 1 more 4 Debian Linux, Inetutils, Kerberos 5 and 1 more 2023-12-10 N/A 7.5 HIGH
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
CVE-2020-27428 1 Mit 1 Scratch-svg-renderer 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.
CVE-2021-37750 5 Debian, Fedoraproject, Mit and 2 more 5 Debian Linux, Fedora, Kerberos 5 and 2 more 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
CVE-2021-32471 1 Mit 1 Universal Turing Machine 2023-12-10 7.2 HIGH 7.8 HIGH
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications."
CVE-2021-36222 4 Debian, Mit, Netapp and 1 more 7 Debian Linux, Kerberos 5, Active Iq Unified Manager and 4 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.