This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mit First view 2009-03-27
Product Kerberos Last view 2018-12-26
Version 5-1.6.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mit:kerberos

Activity : Overall

Related : CVE

  Date Alert Description
5.3 2018-12-26 CVE-2018-20217

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

6.5 2018-01-16 CVE-2018-5710

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

7.5 2018-01-16 CVE-2018-5709

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

9.8 2017-11-23 CVE-2017-15088

plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.

6.5 2016-02-12 CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

3.1 2016-02-12 CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

6.8 2015-11-08 CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

7.1 2015-11-08 CVE-2015-2696

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

7.1 2015-11-08 CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

3.5 2014-12-16 CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

5 2014-07-20 CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

4.3 2013-11-17 CVE-2013-1418

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

5 2013-05-29 CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

4 2013-04-19 CVE-2013-1416

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

7.1 2013-03-05 CVE-2013-1415

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

4.3 2013-03-04 CVE-2012-1016

The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.

5 2011-02-10 CVE-2011-0282

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.

5 2011-02-10 CVE-2011-0281

The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.

6.8 2010-05-19 CVE-2010-1321

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

4 2010-04-07 CVE-2010-0629

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

10 2010-01-13 CVE-2009-4212

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

4.3 2009-04-08 CVE-2009-0847

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.

10 2009-04-08 CVE-2009-0846

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

5.8 2009-04-08 CVE-2009-0844

The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

5 2009-03-27 CVE-2009-0845

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

CWE : Common Weakness Enumeration

%idName
35% (7) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15% (3) CWE-20 Improper Input Validation
10% (2) CWE-189 Numeric Errors
10% (2) CWE-18 Source Code
5% (1) CWE-617 Reachable Assertion
5% (1) CWE-476 NULL Pointer Dereference
5% (1) CWE-399 Resource Management Errors
5% (1) CWE-310 Cryptographic Issues
5% (1) CWE-200 Information Exposure
5% (1) CWE-190 Integer Overflow or Wraparound

Open Source Vulnerability Database (OSVDB)

id Description
70909 Kerberos KDC LDAP Backend Principal Name Handling DoS
70908 Kerberos KDC LDAP Backend Unparse Implementation DoS
70083 Oracle Database MIT Kerberos 5 kg_accept_krb5 Remote Denial of Service
64744 Kerberos GSS-API AP-REQ Authenticator NULL Dereference Remote DoS
63569 Kerberos src/kadmin/server/server_stubs.c init_2_svc() Function API Version N...
61795 MIT Kerberos 5 (krb5) Crypto Library AES / RC4 Decryption Functionality Malfo...
53385 MIT Kerberos 5 (krb5) ASN.1 Decoder PK-INIT asn1buf_imbed() Function Remote DoS
53384 MIT Kerberos 5 (krb5) SPNEGO GSS-API Mechanism Network Input Buffer Handling ...
53383 MIT Kerberos 5 (krb5) ASN.1 Decoder asn1_decode_generaltime() Function Remote...
52963 MIT Kerberos 5 (krb5) SPNEGO GSS-API Mechanism spnego_gss_accept_sec_context(...

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-07-30 Name : CentOS Update for krb5-devel CESA-2011:0199 centos5 x86_64
File : nvt/gb_CESA-2011_0199_krb5-devel_centos5_x86_64.nasl
2012-06-15 Name : Fedora Update for krb5 FEDORA-2012-8805
File : nvt/gb_fedora_2012_8805_krb5_fc15.nasl
2012-06-05 Name : RedHat Update for krb5 RHSA-2011:0200-01
File : nvt/gb_RHSA-2011_0200-01_krb5.nasl
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2012-03-16 Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX...
File : nvt/gb_VMSA-2011-0012.nasl
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-15 Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-03-15 Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an...
File : nvt/gb_VMSA-2010-0016.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-13 (mit-krb5)
File : nvt/glsa_201201_13.nasl
2012-02-01 Name : Fedora Update for krb5 FEDORA-2011-16284
File : nvt/gb_fedora_2011_16284_krb5_fc15.nasl
2011-11-18 Name : Fedora Update for krb5 FEDORA-2011-14650
File : nvt/gb_fedora_2011_14650_krb5_fc14.nasl
2011-11-18 Name : Fedora Update for krb5 FEDORA-2011-14673
File : nvt/gb_fedora_2011_14673_krb5_fc15.nasl
2011-08-09 Name : CentOS Update for krb5-devel CESA-2011:0199 centos5 i386
File : nvt/gb_CESA-2011_0199_krb5-devel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for krb5-devel CESA-2010:0343 centos5 i386
File : nvt/gb_CESA-2010_0343_krb5-devel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for krb5-devel CESA-2010:0029 centos5 i386
File : nvt/gb_CESA-2010_0029_krb5-devel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for krb5-devel CESA-2009:0408 centos5 i386
File : nvt/gb_CESA-2009_0408_krb5-devel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for krb5-devel CESA-2009:0409 centos4 i386
File : nvt/gb_CESA-2009_0409_krb5-devel_centos4_i386.nasl
2011-08-09 Name : CentOS Update for krb5 CESA-2009:0410-01 centos2 i386
File : nvt/gb_CESA-2009_0410-01_krb5_centos2_i386.nasl
2011-08-09 Name : CentOS Update for krb5-devel CESA-2009:0410 centos3 i386
File : nvt/gb_CESA-2009_0410_krb5-devel_centos3_i386.nasl
2011-05-12 Name : FreeBSD Ports: krb5
File : nvt/freebsd_krb512.nasl
2011-05-05 Name : Fedora Update for krb5 FEDORA-2011-5345
File : nvt/gb_fedora_2011_5345_krb5_fc14.nasl
2011-05-05 Name : Fedora Update for krb5 FEDORA-2011-5343
File : nvt/gb_fedora_2011_5343_krb5_fc13.nasl
2011-03-25 Name : Fedora Update for krb5 FEDORA-2011-3464
File : nvt/gb_fedora_2011_3464_krb5_fc13.nasl
2011-03-25 Name : Fedora Update for krb5 FEDORA-2011-3462
File : nvt/gb_fedora_2011_3462_krb5_fc14.nasl
2011-02-18 Name : Fedora Update for krb5 FEDORA-2011-1225
File : nvt/gb_fedora_2011_1225_krb5_fc14.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-B-0130 MIT Kerberos Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0042308
2013-B-0044 MIT Kerberos Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0037773
2011-A-0160 Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity: Category I - VMSKEY: V0030769
2011-A-0147 Multiple Vulnerabilities in VMware ESX and ESXi
Severity: Category I - VMSKEY: V0030545
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Snort® IPS/IDS

Date Description
2015-03-27 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 8888889 - Type : SERVER-OTHER - Revision : 1
2015-03-27 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 8888888 - Type : SERVER-OTHER - Revision : 1
2019-09-24 MIT Kerberos kpasswd UDP denial of service attempt
RuleID : 51212 - Type : SERVER-OTHER - Revision : 1
2015-06-23 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 34972 - Type : SERVER-OTHER - Revision : 1
2015-06-23 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 34971 - Type : SERVER-OTHER - Revision : 1
2014-01-10 MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt
RuleID : 27906 - Type : SERVER-OTHER - Revision : 2
2014-01-10 MIT Kerberos libkdb_ldap principal name handling denial of service attempt
RuleID : 26759 - Type : SERVER-OTHER - Revision : 6
2014-01-10 MIT Kerberos ASN.1 asn1_decode_generaltime uninitialized pointer reference at...
RuleID : 17741 - Type : SERVER-OTHER - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-ac7e19b0c8.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7db7ccda4d.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1398.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1240.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0011.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-1_0-0093.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-2_0-0007.nasl - Type: ACT_GATHER_INFO
2018-02-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1265.nasl - Type: ACT_GATHER_INFO
2018-01-19 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1007.nasl - Type: ACT_GATHER_INFO
2018-01-19 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1008.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2dd6c320a4.nasl - Type: ACT_GATHER_INFO
2018-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL15552.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1266.nasl - Type: ACT_GATHER_INFO
2017-11-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2948-1.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1012.nasl - Type: ACT_GATHER_INFO
2016-11-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-14.nasl - Type: ACT_GATHER_INFO
2016-04-22 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2016-691.nasl - Type: ACT_GATHER_INFO
2016-04-05 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160404_krb5_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-0532.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-0532.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0532.nasl - Type: ACT_GATHER_INFO
2016-03-24 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-0493.nasl - Type: ACT_GATHER_INFO
2016-03-24 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0039.nasl - Type: ACT_GATHER_INFO
2016-03-24 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160323_krb5_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2016-03-23 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-0493.nasl - Type: ACT_GATHER_INFO