This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mit First view 2012-06-07
Product Kerberos 5 Last view 2019-09-26
Version 1.10.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mit:kerberos_5

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2019-09-26 CVE-2019-14844

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

6.5 2018-07-26 CVE-2017-7562

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

6.5 2018-01-16 CVE-2018-5710

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

7.5 2018-01-16 CVE-2018-5709

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

6.5 2017-08-09 CVE-2017-11368

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

5.3 2016-03-25 CVE-2016-3119

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.

6.5 2016-02-12 CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

3.1 2016-02-12 CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

6.8 2015-11-08 CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

7.1 2015-11-08 CVE-2015-2696

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

7.1 2015-11-08 CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

5 2015-02-20 CVE-2014-5355

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.

3.5 2014-12-16 CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

8.5 2014-08-14 CVE-2014-4345

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.

7.8 2014-08-14 CVE-2014-4344

The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.

7.6 2014-08-14 CVE-2014-4343

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.

5 2014-07-20 CVE-2014-4342

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

5 2014-07-20 CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

4 2013-11-17 CVE-2013-6800

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.

4.3 2013-11-17 CVE-2013-1418

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

5 2013-05-29 CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

4 2013-04-19 CVE-2013-1416

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

7.1 2013-03-05 CVE-2013-1415

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

4.3 2013-03-04 CVE-2012-1016

The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.

9.3 2012-08-06 CVE-2012-1015

The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.

CWE : Common Weakness Enumeration

%idName
30% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15% (3) CWE-20 Improper Input Validation
10% (2) CWE-476 NULL Pointer Dereference
10% (2) CWE-18 Source Code
5% (1) CWE-617 Reachable Assertion
5% (1) CWE-415 Double Free
5% (1) CWE-287 Improper Authentication
5% (1) CWE-264 Permissions, Privileges, and Access Controls
5% (1) CWE-200 Information Exposure
5% (1) CWE-190 Integer Overflow or Wraparound
5% (1) CWE-189 Numeric Errors

OpenVAS Exploits

id Description
2012-08-30 Name : Fedora Update for krb5 FEDORA-2012-11388
File : nvt/gb_fedora_2012_11388_krb5_fc17.nasl
2012-08-30 Name : Fedora Update for krb5 FEDORA-2012-2187
File : nvt/gb_fedora_2012_2187_krb5_fc17.nasl
2012-08-30 Name : Fedora Update for krb5 FEDORA-2012-8784
File : nvt/gb_fedora_2012_8784_krb5_fc17.nasl
2012-08-14 Name : Fedora Update for krb5 FEDORA-2012-11370
File : nvt/gb_fedora_2012_11370_krb5_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2518-1 (krb5)
File : nvt/deb_2518_1.nasl
2012-08-03 Name : CentOS Update for krb5-devel CESA-2012:1131 centos6
File : nvt/gb_CESA-2012_1131_krb5-devel_centos6.nasl
2012-08-03 Name : RedHat Update for krb5 RHSA-2012:1131-01
File : nvt/gb_RHSA-2012_1131-01_krb5.nasl
2012-08-03 Name : Mandriva Update for krb5 MDVSA-2012:120 (krb5)
File : nvt/gb_mandriva_MDVSA_2012_120.nasl
2012-08-03 Name : Ubuntu Update for krb5 USN-1520-1
File : nvt/gb_ubuntu_USN_1520_1.nasl
2012-07-10 Name : Mandriva Update for krb5 MDVSA-2012:102 (krb5)
File : nvt/gb_mandriva_MDVSA_2012_102.nasl
2012-06-15 Name : Fedora Update for krb5 FEDORA-2012-8803
File : nvt/gb_fedora_2012_8803_krb5_fc16.nasl
2012-06-15 Name : Fedora Update for krb5 FEDORA-2012-8805
File : nvt/gb_fedora_2012_8805_krb5_fc15.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0069 Multiple Vulnerabilities in MIT Kerberos 5
Severity: Category I - VMSKEY: V0060811
2013-B-0130 MIT Kerberos Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0042308
2013-B-0044 MIT Kerberos Denial of Service Vulnerabilities
Severity: Category I - VMSKEY: V0037773

Snort® IPS/IDS

Date Description
2015-03-27 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 8888889 - Type : SERVER-OTHER - Revision : 1
2015-03-27 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 8888888 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length den...
RuleID : 52392 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length den...
RuleID : 52391 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version s...
RuleID : 52390 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version s...
RuleID : 52389 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth vers...
RuleID : 52388 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length d...
RuleID : 52387 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version l...
RuleID : 52386 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version ...
RuleID : 52385 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth vers...
RuleID : 52384 - Type : SERVER-OTHER - Revision : 1
2019-09-24 MIT Kerberos kpasswd UDP denial of service attempt
RuleID : 51212 - Type : SERVER-OTHER - Revision : 1
2016-03-14 MIT Kerberos 5 IAKERB outbound token detected
RuleID : 36816 - Type : SERVER-OTHER - Revision : 5
2016-03-14 MIT Kerberos 5 SPNEGO incoming token detected
RuleID : 36815 - Type : SERVER-OTHER - Revision : 5
2016-03-14 MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt
RuleID : 36814 - Type : SERVER-OTHER - Revision : 5
2015-06-23 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 34972 - Type : SERVER-OTHER - Revision : 1
2015-06-23 MIT Kerberos KDC as-req sname null pointer dereference attempt
RuleID : 34971 - Type : SERVER-OTHER - Revision : 1
2015-07-08 MIT Kerberos 5 krb5_read_message denial of service attempt
RuleID : 34709 - Type : SERVER-OTHER - Revision : 4
2014-01-10 MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt
RuleID : 27906 - Type : SERVER-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-12-28 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1408.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1376.nasl - Type: ACT_GATHER_INFO
2018-11-07 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1361.nasl - Type: ACT_GATHER_INFO
2018-11-06 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1354.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1010.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0011.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1010.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0666.nasl - Type: ACT_GATHER_INFO
2018-02-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1265.nasl - Type: ACT_GATHER_INFO
2018-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL15552.nasl - Type: ACT_GATHER_INFO
2017-10-19 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_3f3837cc48fb4414aa465b1c23c9feae.nasl - Type: ACT_GATHER_INFO
2017-08-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-1058.nasl - Type: ACT_GATHER_INFO
2017-07-27 Name: The remote Fedora host is missing a security update.
File: fedora_2017-71c47e1e82.nasl - Type: ACT_GATHER_INFO
2017-07-27 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8e9d9771c4.nasl - Type: ACT_GATHER_INFO
2017-07-26 Name: The remote Fedora host is missing a security update.
File: fedora_2017-e5b36383f4.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1012.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1076.nasl - Type: ACT_GATHER_INFO
2017-02-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-793.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161103_krb5_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-11-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-2591.nasl - Type: ACT_GATHER_INFO
2016-11-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-14.nasl - Type: ACT_GATHER_INFO
2016-11-11 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-2591.nasl - Type: ACT_GATHER_INFO
2016-11-04 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-2591.nasl - Type: ACT_GATHER_INFO
2016-04-22 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2016-691.nasl - Type: ACT_GATHER_INFO
2016-04-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1088-1.nasl - Type: ACT_GATHER_INFO