Summary
Detail | |||
---|---|---|---|
Vendor | Mit | First view | 2007-12-05 |
Product | Kerberos 5 | Last view | 2008-03-19 |
Version | 1.1.1 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:mit:kerberos_5 |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2008-03-19 | CVE-2008-0063 | The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." |
9.3 | 2008-03-19 | CVE-2008-0062 | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. |
6.9 | 2007-12-05 | CVE-2007-5971 | Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. |
6.9 | 2007-12-05 | CVE-2007-5901 | Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-399 | Resource Management Errors |
25% (1) | CWE-189 | Numeric Errors |
25% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-26 | Leveraging Race Conditions |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
CAPEC-172 | Time and State Attacks |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
43346 | MIT Kerberos 5 lib/gssapi/mechglue/g_initialize.c gss_indicate_mechs Function... |
43345 | MIT Kerberos 5 (krb5) lib/gssapi/krb5/k5sealv3.c gss_krb5int_make_seal_token_... |
43342 | MIT Kerberos 5 KDC (krb5kdc) Error Response Information Disclosure |
43341 | MIT Kerberos 5 KDC (krb5kdc) Arbitrary Memory Disclosure |
OpenVAS Exploits
id | Description |
---|---|
2010-05-28 | Name : Ubuntu Update for krb5 vulnerabilities USN-940-1 File : nvt/gb_ubuntu_USN_940_1.nasl |
2010-04-09 | Name : Ubuntu Update for krb5 vulnerabilities USN-924-1 File : nvt/gb_ubuntu_USN_924_1.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDVSA-2008:070 (krb5) File : nvt/gb_mandriva_MDVSA_2008_070.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDVSA-2008:069 (krb5) File : nvt/gb_mandriva_MDVSA_2008_069.nasl |
2009-03-23 | Name : Ubuntu Update for krb5 vulnerabilities USN-587-1 File : nvt/gb_ubuntu_USN_587_1.nasl |
2009-03-06 | Name : RedHat Update for krb5 RHSA-2008:0164-01 File : nvt/gb_RHSA-2008_0164-01_krb5.nasl |
2009-03-06 | Name : RedHat Update for krb5 RHSA-2008:0180-01 File : nvt/gb_RHSA-2008_0180-01_krb5.nasl |
2009-03-06 | Name : RedHat Update for krb5 RHSA-2008:0181-01 File : nvt/gb_RHSA-2008_0181-01_krb5.nasl |
2009-02-27 | Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 i386 File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 x86_64 File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 i386 File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for krb5 CESA-2008:0181-01 centos2 i386 File : nvt/gb_CESA-2008_0181-01_krb5_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64 File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_x86_64.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2647 File : nvt/gb_fedora_2008_2647_krb5_fc8.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl |
2009-01-23 | Name : SuSE Update for krb5 SUSE-SA:2008:016 File : nvt/gb_suse_2008_016.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-31 (mit-krb5) File : nvt/glsa_200803_31.nasl |
2008-06-17 | Name : Kerberos < 1.6.4 vulnerability File : nvt/kerberos_CB-A08-0044.nasl |
2008-03-19 | Name : Debian Security Advisory DSA 1524-1 (krb5) File : nvt/deb_1524_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0164.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0180.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0181.nasl - Type: ACT_GATHER_INFO |
2013-03-09 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-924-1.nasl - Type: ACT_GATHER_INFO |
2013-01-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0182.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080318_krb5_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2010-05-20 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-940-1.nasl - Type: ACT_GATHER_INFO |
2010-01-06 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0164.nasl - Type: ACT_GATHER_INFO |
2009-07-27 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2008-0009.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2008-069.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2008-070.nasl - Type: ACT_GATHER_INFO |
2008-03-26 | Name: The remote Fedora host is missing a security update. File: fedora_2008-2637.nasl - Type: ACT_GATHER_INFO |
2008-03-26 | Name: The remote Fedora host is missing a security update. File: fedora_2008-2647.nasl - Type: ACT_GATHER_INFO |
2008-03-26 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200803-31.nasl - Type: ACT_GATHER_INFO |
2008-03-21 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0180.nasl - Type: ACT_GATHER_INFO |
2008-03-21 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1524.nasl - Type: ACT_GATHER_INFO |
2008-03-19 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0181.nasl - Type: ACT_GATHER_INFO |
2008-03-19 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0180.nasl - Type: ACT_GATHER_INFO |
2008-03-19 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0164.nasl - Type: ACT_GATHER_INFO |
2008-03-19 | Name: The remote openSUSE host is missing a security update. File: suse_krb5-5081.nasl - Type: ACT_GATHER_INFO |
2008-03-19 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_krb5-5082.nasl - Type: ACT_GATHER_INFO |
2008-03-19 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-587-1.nasl - Type: ACT_GATHER_INFO |
2008-03-19 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2008-002.nasl - Type: ACT_GATHER_INFO |
2008-03-19 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0181.nasl - Type: ACT_GATHER_INFO |
2008-01-16 | Name: The remote openSUSE host is missing a security update. File: suse_krb5-4851.nasl - Type: ACT_GATHER_INFO |