This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mit First view 2013-05-29
Product Kerberos 5 Last view 2019-09-26
Version 1.11.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mit:kerberos_5

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-09-26 CVE-2019-14844

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

6.5 2018-07-26 CVE-2017-7562

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

6.5 2018-01-16 CVE-2018-5710

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

7.5 2018-01-16 CVE-2018-5709

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

6.5 2017-08-09 CVE-2017-11368

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

5.3 2016-03-25 CVE-2016-3119

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.

6.5 2016-02-12 CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

3.1 2016-02-12 CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

6.8 2015-11-08 CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

7.1 2015-11-08 CVE-2015-2696

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

7.1 2015-11-08 CVE-2015-2695

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

5 2015-02-20 CVE-2014-5355

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.

5 2015-02-19 CVE-2014-9423

The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.

6.1 2015-02-19 CVE-2014-9422

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.

9 2015-02-19 CVE-2014-9421

The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.

9 2015-02-19 CVE-2014-5352

The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.

3.5 2014-12-16 CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

8.5 2014-08-14 CVE-2014-4345

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.

7.8 2014-08-14 CVE-2014-4344

The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.

7.6 2014-08-14 CVE-2014-4343

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.

5 2014-07-20 CVE-2014-4342

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

5 2014-07-20 CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

3.5 2013-11-20 CVE-2013-1417

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.

5 2013-05-29 CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

CWE : Common Weakness Enumeration

%idName
25% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15% (3) CWE-20 Improper Input Validation
10% (2) CWE-476 NULL Pointer Dereference
10% (2) CWE-200 Information Exposure
10% (2) CWE-18 Source Code
5% (1) CWE-617 Reachable Assertion
5% (1) CWE-415 Double Free
5% (1) CWE-287 Improper Authentication
5% (1) CWE-284 Access Control (Authorization) Issues
5% (1) CWE-190 Integer Overflow or Wraparound
5% (1) CWE-189 Numeric Errors

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0069 Multiple Vulnerabilities in MIT Kerberos 5
Severity: Category I - VMSKEY: V0060811

Snort® IPS/IDS

Date Description
2020-01-07 MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length den...
RuleID : 52392 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length den...
RuleID : 52391 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version s...
RuleID : 52390 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version s...
RuleID : 52389 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth vers...
RuleID : 52388 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length d...
RuleID : 52387 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version l...
RuleID : 52386 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version ...
RuleID : 52385 - Type : SERVER-OTHER - Revision : 1
2020-01-07 MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth vers...
RuleID : 52384 - Type : SERVER-OTHER - Revision : 1
2019-09-24 MIT Kerberos kpasswd UDP denial of service attempt
RuleID : 51212 - Type : SERVER-OTHER - Revision : 1
2016-03-14 MIT Kerberos 5 IAKERB outbound token detected
RuleID : 36816 - Type : SERVER-OTHER - Revision : 5
2016-03-14 MIT Kerberos 5 SPNEGO incoming token detected
RuleID : 36815 - Type : SERVER-OTHER - Revision : 5
2016-03-14 MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt
RuleID : 36814 - Type : SERVER-OTHER - Revision : 5
2015-07-08 MIT Kerberos 5 krb5_read_message denial of service attempt
RuleID : 34709 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-12-28 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1408.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1376.nasl - Type: ACT_GATHER_INFO
2018-11-07 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1361.nasl - Type: ACT_GATHER_INFO
2018-11-06 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1354.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1010.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0011.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1010.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0666.nasl - Type: ACT_GATHER_INFO
2018-02-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1265.nasl - Type: ACT_GATHER_INFO
2018-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL15552.nasl - Type: ACT_GATHER_INFO
2017-10-19 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_3f3837cc48fb4414aa465b1c23c9feae.nasl - Type: ACT_GATHER_INFO
2017-08-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-1058.nasl - Type: ACT_GATHER_INFO
2017-07-27 Name: The remote Fedora host is missing a security update.
File: fedora_2017-71c47e1e82.nasl - Type: ACT_GATHER_INFO
2017-07-27 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8e9d9771c4.nasl - Type: ACT_GATHER_INFO
2017-07-26 Name: The remote Fedora host is missing a security update.
File: fedora_2017-e5b36383f4.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1012.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1076.nasl - Type: ACT_GATHER_INFO
2017-02-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-793.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161103_krb5_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-11-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-2591.nasl - Type: ACT_GATHER_INFO
2016-11-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-14.nasl - Type: ACT_GATHER_INFO
2016-11-11 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-2591.nasl - Type: ACT_GATHER_INFO
2016-11-04 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-2591.nasl - Type: ACT_GATHER_INFO
2016-04-22 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2016-691.nasl - Type: ACT_GATHER_INFO
2016-04-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1088-1.nasl - Type: ACT_GATHER_INFO