This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mit First view 2010-02-22
Product Kerberos Last view 2018-12-26
Version 5-1.8 Type Application
Update alpha  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mit:kerberos

Activity : Overall

Related : CVE

  Date Alert Description
5.3 2018-12-26 CVE-2018-20217

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

6.5 2018-01-16 CVE-2018-5710

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

7.5 2018-01-16 CVE-2018-5709

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

9.8 2017-11-23 CVE-2017-15088

plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.

6.5 2016-02-12 CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

3.1 2016-02-12 CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

6.8 2015-11-08 CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

7.1 2015-11-08 CVE-2015-2696

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

7.1 2015-11-08 CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

3.5 2014-12-16 CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

5 2014-07-20 CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

4.3 2013-11-17 CVE-2013-1418

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

5 2013-05-29 CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

4 2013-04-19 CVE-2013-1416

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

7.1 2013-03-05 CVE-2013-1415

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

4.3 2013-03-04 CVE-2012-1016

The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.

6.8 2010-05-19 CVE-2010-1321

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

7.8 2010-02-22 CVE-2010-0283

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

CWE : Common Weakness Enumeration

%idName
42% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (2) CWE-20 Improper Input Validation
14% (2) CWE-18 Source Code
7% (1) CWE-617 Reachable Assertion
7% (1) CWE-476 NULL Pointer Dereference
7% (1) CWE-200 Information Exposure
7% (1) CWE-190 Integer Overflow or Wraparound

Open Source Vulnerability Database (OSVDB)

id Description
70083 Oracle Database MIT Kerberos 5 kg_accept_krb5 Remote Denial of Service
64744 Kerberos GSS-API AP-REQ Authenticator NULL Dereference Remote DoS
62391 Kerberos KDC Authorization Data Request Remote DoS

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-15 Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an...
File : nvt/gb_VMSA-2010-0016.nasl
2012-03-15 Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv...
File : nvt/gb_VMSA-2011-0013.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-13 (mit-krb5)
File : nvt/glsa_201201_13.nasl
2011-05-05 Name : Fedora Update for krb5 FEDORA-2011-5343
File : nvt/gb_fedora_2011_5343_krb5_fc13.nasl
2011-03-25 Name : Fedora Update for krb5 FEDORA-2011-3464
File : nvt/gb_fedora_2011_3464_krb5_fc13.nasl
2011-02-18 Name : Fedora Update for krb5 FEDORA-2011-1210
File : nvt/gb_fedora_2011_1210_krb5_fc13.nasl
2010-12-23 Name : Fedora Update for krb5 FEDORA-2010-18425
File : nvt/gb_fedora_2010_18425_krb5_fc13.nasl
2010-07-23 Name : Ubuntu Update for krb5 vulnerability USN-940-2
File : nvt/gb_ubuntu_USN_940_2.nasl
2010-07-12 Name : Mandriva Update for heimdal MDVSA-2010:130 (heimdal)
File : nvt/gb_mandriva_MDVSA_2010_130.nasl
2010-06-03 Name : Debian Security Advisory DSA 2052-1 (krb5)
File : nvt/deb_2052_1.nasl
2010-05-28 Name : Fedora Update for krb5 FEDORA-2010-8805
File : nvt/gb_fedora_2010_8805_krb5_fc12.nasl
2010-05-28 Name : Ubuntu Update for krb5 vulnerabilities USN-940-1
File : nvt/gb_ubuntu_USN_940_1.nasl
2010-05-28 Name : Mandriva Update for krb5 MDVSA-2010:100 (krb5)
File : nvt/gb_mandriva_MDVSA_2010_100.nasl
2010-05-28 Name : Fedora Update for krb5 FEDORA-2010-8796
File : nvt/gb_fedora_2010_8796_krb5_fc11.nasl
2010-05-28 Name : RedHat Update for krb5 RHSA-2010:0423-01
File : nvt/gb_RHSA-2010_0423-01_krb5.nasl
2010-05-28 Name : CentOS Update for krb5-devel CESA-2010:0423 centos4 i386
File : nvt/gb_CESA-2010_0423_krb5-devel_centos4_i386.nasl
2010-05-28 Name : CentOS Update for krb5-devel CESA-2010:0423 centos3 i386
File : nvt/gb_CESA-2010_0423_krb5-devel_centos3_i386.nasl
2010-04-30 Name : Mandriva Update for netcdf MDVA-2010:129 (netcdf)
File : nvt/gb_mandriva_MDVA_2010_129.nasl
2010-04-30 Name : Mandriva Update for rpm MDVA-2010:130 (rpm)
File : nvt/gb_mandriva_MDVA_2010_130.nasl
2010-04-29 Name : Fedora Update for krb5 FEDORA-2010-7130
File : nvt/gb_fedora_2010_7130_krb5_fc12.nasl
2010-04-21 Name : FreeBSD Ports: krb5
File : nvt/freebsd_krb53.nasl
2010-03-31 Name : Fedora Update for krb5 FEDORA-2010-4677
File : nvt/gb_fedora_2010_4677_krb5_fc12.nasl
2010-03-31 Name : Ubuntu Update for krb5 vulnerabilities USN-916-1
File : nvt/gb_ubuntu_USN_916_1.nasl
2010-03-22 Name : Mandriva Update for rootcerts MDVA-2010:100 (rootcerts)
File : nvt/gb_mandriva_MDVA_2010_100.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-B-0130 MIT Kerberos Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0042308
2013-B-0044 MIT Kerberos Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0037773
2011-A-0160 Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity: Category I - VMSKEY: V0030769
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Snort® IPS/IDS

Date Description
2015-03-27 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 8888889 - Type : SERVER-OTHER - Revision : 1
2015-03-27 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 8888888 - Type : SERVER-OTHER - Revision : 1
2019-09-24 MIT Kerberos kpasswd UDP denial of service attempt
RuleID : 51212 - Type : SERVER-OTHER - Revision : 1
2015-06-23 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 34972 - Type : SERVER-OTHER - Revision : 1
2015-06-23 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 34971 - Type : SERVER-OTHER - Revision : 1
2014-01-10 MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt
RuleID : 27906 - Type : SERVER-OTHER - Revision : 2
2014-01-10 MIT Kerberos KDC authentication denial of service attempt
RuleID : 18534 - Type : SERVER-OTHER - Revision : 9
2014-01-10 MIT Kerberos KDC authentication denial of service attempt
RuleID : 18533 - Type : SERVER-OTHER - Revision : 9

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-ac7e19b0c8.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7db7ccda4d.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1398.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1240.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0011.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-1_0-0093.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-2_0-0007.nasl - Type: ACT_GATHER_INFO
2018-02-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1265.nasl - Type: ACT_GATHER_INFO
2018-01-19 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1007.nasl - Type: ACT_GATHER_INFO
2018-01-19 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1008.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2dd6c320a4.nasl - Type: ACT_GATHER_INFO
2018-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL15552.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1266.nasl - Type: ACT_GATHER_INFO
2017-11-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2948-1.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1012.nasl - Type: ACT_GATHER_INFO
2016-11-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-14.nasl - Type: ACT_GATHER_INFO
2016-04-22 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2016-691.nasl - Type: ACT_GATHER_INFO
2016-04-05 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160404_krb5_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-0532.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-0532.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0532.nasl - Type: ACT_GATHER_INFO
2016-03-24 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-0493.nasl - Type: ACT_GATHER_INFO
2016-03-24 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0039.nasl - Type: ACT_GATHER_INFO
2016-03-24 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160323_krb5_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2016-03-23 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-0493.nasl - Type: ACT_GATHER_INFO