This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mit First view 2007-12-05
Product Kerberos 5 Last view 2008-03-19
Version 1.4.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mit:kerberos_5

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2008-03-19 CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

9.3 2008-03-19 CVE-2008-0062

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

6.9 2007-12-05 CVE-2007-5971

Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.

6.9 2007-12-05 CVE-2007-5901

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-399 Resource Management Errors
25% (1) CWE-189 Numeric Errors
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-172 Time and State Attacks

Open Source Vulnerability Database (OSVDB)

id Description
43346 MIT Kerberos 5 lib/gssapi/mechglue/g_initialize.c gss_indicate_mechs Function...
43345 MIT Kerberos 5 (krb5) lib/gssapi/krb5/k5sealv3.c gss_krb5int_make_seal_token_...
43342 MIT Kerberos 5 KDC (krb5kdc) Error Response Information Disclosure
43341 MIT Kerberos 5 KDC (krb5kdc) Arbitrary Memory Disclosure

OpenVAS Exploits

id Description
2010-05-28 Name : Ubuntu Update for krb5 vulnerabilities USN-940-1
File : nvt/gb_ubuntu_USN_940_1.nasl
2010-04-09 Name : Ubuntu Update for krb5 vulnerabilities USN-924-1
File : nvt/gb_ubuntu_USN_924_1.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-04-09 Name : Mandriva Update for krb5 MDVSA-2008:070 (krb5)
File : nvt/gb_mandriva_MDVSA_2008_070.nasl
2009-04-09 Name : Mandriva Update for krb5 MDVSA-2008:069 (krb5)
File : nvt/gb_mandriva_MDVSA_2008_069.nasl
2009-03-23 Name : Ubuntu Update for krb5 vulnerabilities USN-587-1
File : nvt/gb_ubuntu_USN_587_1.nasl
2009-03-06 Name : RedHat Update for krb5 RHSA-2008:0164-01
File : nvt/gb_RHSA-2008_0164-01_krb5.nasl
2009-03-06 Name : RedHat Update for krb5 RHSA-2008:0180-01
File : nvt/gb_RHSA-2008_0180-01_krb5.nasl
2009-03-06 Name : RedHat Update for krb5 RHSA-2008:0181-01
File : nvt/gb_RHSA-2008_0181-01_krb5.nasl
2009-02-27 Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 i386
File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_i386.nasl
2009-02-27 Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 x86_64
File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 i386
File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_i386.nasl
2009-02-27 Name : CentOS Update for krb5 CESA-2008:0181-01 centos2 i386
File : nvt/gb_CESA-2008_0181-01_krb5_centos2_i386.nasl
2009-02-27 Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64
File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_x86_64.nasl
2009-02-16 Name : Fedora Update for krb5 FEDORA-2008-2647
File : nvt/gb_fedora_2008_2647_krb5_fc8.nasl
2009-02-16 Name : Fedora Update for krb5 FEDORA-2008-2637
File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl
2009-01-23 Name : SuSE Update for krb5 SUSE-SA:2008:016
File : nvt/gb_suse_2008_016.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200803-31 (mit-krb5)
File : nvt/glsa_200803_31.nasl
2008-06-17 Name : Kerberos < 1.6.4 vulnerability
File : nvt/kerberos_CB-A08-0044.nasl
2008-03-19 Name : Debian Security Advisory DSA 1524-1 (krb5)
File : nvt/deb_1524_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0164.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0180.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0181.nasl - Type: ACT_GATHER_INFO
2013-03-09 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-924-1.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0182.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080318_krb5_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2010-05-20 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-940-1.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0164.nasl - Type: ACT_GATHER_INFO
2009-07-27 Name: The remote VMware ESXi / ESX host is missing one or more security-related pat...
File: vmware_VMSA-2008-0009.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-069.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-070.nasl - Type: ACT_GATHER_INFO
2008-03-26 Name: The remote Fedora host is missing a security update.
File: fedora_2008-2637.nasl - Type: ACT_GATHER_INFO
2008-03-26 Name: The remote Fedora host is missing a security update.
File: fedora_2008-2647.nasl - Type: ACT_GATHER_INFO
2008-03-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200803-31.nasl - Type: ACT_GATHER_INFO
2008-03-21 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0180.nasl - Type: ACT_GATHER_INFO
2008-03-21 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1524.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0181.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0180.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0164.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote openSUSE host is missing a security update.
File: suse_krb5-5081.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_krb5-5082.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-587-1.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_SecUpd2008-002.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0181.nasl - Type: ACT_GATHER_INFO
2008-01-16 Name: The remote openSUSE host is missing a security update.
File: suse_krb5-4851.nasl - Type: ACT_GATHER_INFO