Summary
Detail | |||
---|---|---|---|
Vendor | Mit | First view | 2011-10-20 |
Product | Kerberos 5 | Last view | 2020-11-06 |
Version | 1.9.1 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:mit:kerberos_5 |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2020-11-06 | CVE-2020-28196 | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. |
7.5 | 2019-09-26 | CVE-2019-14844 | A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. |
6.5 | 2018-07-26 | CVE-2017-7562 | An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. |
6.5 | 2018-01-16 | CVE-2018-5710 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client. |
7.5 | 2018-01-16 | CVE-2018-5709 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. |
9.8 | 2017-11-23 | CVE-2017-15088 | plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat. |
6.5 | 2017-08-09 | CVE-2017-11368 | In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. |
5.3 | 2016-03-25 | CVE-2016-3119 | The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. |
6.5 | 2016-02-12 | CVE-2015-8631 | Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. |
5.3 | 2016-02-12 | CVE-2015-8629 | The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. |
4 | 2015-11-08 | CVE-2015-2697 | The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. |
7.1 | 2015-11-08 | CVE-2015-2696 | lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. |
5 | 2015-11-08 | CVE-2015-2695 | lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. |
5 | 2015-02-20 | CVE-2014-5355 | MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. |
3.5 | 2014-12-16 | CVE-2014-5353 | The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. |
8.5 | 2014-08-14 | CVE-2014-4345 | Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. |
5 | 2014-07-20 | CVE-2014-4342 | MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. |
5 | 2014-07-20 | CVE-2014-4341 | MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. |
4.3 | 2013-11-17 | CVE-2013-1418 | The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. |
5 | 2013-05-29 | CVE-2002-2443 | schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. |
4 | 2013-04-19 | CVE-2013-1416 | The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. |
5 | 2013-03-05 | CVE-2013-1415 | The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. |
5 | 2013-03-04 | CVE-2012-1016 | The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request. |
4 | 2012-06-07 | CVE-2012-1013 | The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password. |
7.8 | 2011-10-20 | CVE-2011-1529 | The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
26% (6) | CWE-476 | NULL Pointer Dereference |
17% (4) | CWE-20 | Improper Input Validation |
13% (3) | CWE-125 | Out-of-bounds Read |
8% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
4% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
4% (1) | CWE-763 | Release of Invalid Pointer or Reference |
4% (1) | CWE-674 | Uncontrolled Recursion |
4% (1) | CWE-617 | Reachable Assertion |
4% (1) | CWE-287 | Improper Authentication |
4% (1) | CWE-190 | Integer Overflow or Wraparound |
4% (1) | CWE-189 | Numeric Errors |
4% (1) | CWE-18 | Source Code |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
76661 | Kerberos KDC lookup_lockout_policy() Function NULL Pointer Dereference Remote... |
76660 | Kerberos KDC krb5_ldap_get_principal() Function NULL Pointer Dereference Remo... |
76659 | Kerberos KDC Multiple Function Assertation Weakness Remote DoS |
OpenVAS Exploits
id | Description |
---|---|
2012-08-30 | Name : Fedora Update for krb5 FEDORA-2012-8784 File : nvt/gb_fedora_2012_8784_krb5_fc17.nasl |
2012-08-14 | Name : Fedora Update for krb5 FEDORA-2012-11370 File : nvt/gb_fedora_2012_11370_krb5_fc16.nasl |
2012-08-03 | Name : CentOS Update for krb5-devel CESA-2012:1131 centos6 File : nvt/gb_CESA-2012_1131_krb5-devel_centos6.nasl |
2012-08-03 | Name : RedHat Update for krb5 RHSA-2012:1131-01 File : nvt/gb_RHSA-2012_1131-01_krb5.nasl |
2012-08-03 | Name : Ubuntu Update for krb5 USN-1520-1 File : nvt/gb_ubuntu_USN_1520_1.nasl |
2012-07-10 | Name : Mandriva Update for krb5 MDVSA-2012:102 (krb5) File : nvt/gb_mandriva_MDVSA_2012_102.nasl |
2012-07-09 | Name : RedHat Update for krb5 RHSA-2011:1379-01 File : nvt/gb_RHSA-2011_1379-01_krb5.nasl |
2012-06-15 | Name : Fedora Update for krb5 FEDORA-2012-8803 File : nvt/gb_fedora_2012_8803_krb5_fc16.nasl |
2012-06-15 | Name : Fedora Update for krb5 FEDORA-2012-8805 File : nvt/gb_fedora_2012_8805_krb5_fc15.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-13 (mit-krb5) File : nvt/glsa_201201_13.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2379-1 (krb5) File : nvt/deb_2379_1.nasl |
2012-02-01 | Name : Fedora Update for krb5 FEDORA-2011-16284 File : nvt/gb_fedora_2011_16284_krb5_fc15.nasl |
2011-11-18 | Name : Fedora Update for krb5 FEDORA-2011-14650 File : nvt/gb_fedora_2011_14650_krb5_fc14.nasl |
2011-11-18 | Name : Fedora Update for krb5 FEDORA-2011-14673 File : nvt/gb_fedora_2011_14673_krb5_fc15.nasl |
2011-10-31 | Name : Mandriva Update for krb5 MDVSA-2011:160 (krb5) File : nvt/gb_mandriva_MDVSA_2011_160.nasl |
2011-10-21 | Name : Ubuntu Update for krb5 USN-1233-1 File : nvt/gb_ubuntu_USN_1233_1.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-B-0069 | Multiple Vulnerabilities in MIT Kerberos 5 Severity: Category I - VMSKEY: V0060811 |
2013-B-0130 | MIT Kerberos Denial of Service Vulnerabilities Severity: Category I - VMSKEY: V0042308 |
2013-B-0044 | MIT Kerberos Denial of Service Vulnerabilities Severity: Category I - VMSKEY: V0037773 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-27 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 8888889 - Type : SERVER-OTHER - Revision : 1 |
2015-03-27 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 8888888 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length den... RuleID : 52392 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length den... RuleID : 52391 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version s... RuleID : 52390 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version s... RuleID : 52389 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth vers... RuleID : 52388 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length d... RuleID : 52387 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version l... RuleID : 52386 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version ... RuleID : 52385 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth vers... RuleID : 52384 - Type : SERVER-OTHER - Revision : 1 |
2019-09-24 | MIT Kerberos kpasswd UDP denial of service attempt RuleID : 51212 - Type : SERVER-OTHER - Revision : 1 |
2015-06-23 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 34972 - Type : SERVER-OTHER - Revision : 2 |
2015-06-23 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 34971 - Type : SERVER-OTHER - Revision : 2 |
2015-07-08 | MIT Kerberos 5 krb5_read_message denial of service attempt RuleID : 34709 - Type : SERVER-OTHER - Revision : 4 |
2014-01-10 | MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt RuleID : 27906 - Type : SERVER-OTHER - Revision : 3 |
2014-01-10 | MIT Kerberos kdb_ldap plugin kinit operation denial of service attempt RuleID : 26575 - Type : SERVER-OTHER - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-12-28 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1408.nasl - Type: ACT_GATHER_INFO |
2018-12-10 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1398.nasl - Type: ACT_GATHER_INFO |
2018-11-21 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1376.nasl - Type: ACT_GATHER_INFO |
2018-11-07 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1361.nasl - Type: ACT_GATHER_INFO |
2018-11-06 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1354.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1240.nasl - Type: ACT_GATHER_INFO |
2018-09-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1010.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0011.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-1_0-0093.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-2_0-0007.nasl - Type: ACT_GATHER_INFO |
2018-05-11 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1010.nasl - Type: ACT_GATHER_INFO |
2018-04-27 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-0666.nasl - Type: ACT_GATHER_INFO |
2018-02-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-1265.nasl - Type: ACT_GATHER_INFO |
2018-01-19 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1007.nasl - Type: ACT_GATHER_INFO |
2018-01-19 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1008.nasl - Type: ACT_GATHER_INFO |
2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-2dd6c320a4.nasl - Type: ACT_GATHER_INFO |
2018-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL15552.nasl - Type: ACT_GATHER_INFO |
2017-11-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1266.nasl - Type: ACT_GATHER_INFO |
2017-11-09 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2948-1.nasl - Type: ACT_GATHER_INFO |
2017-10-19 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_3f3837cc48fb4414aa465b1c23c9feae.nasl - Type: ACT_GATHER_INFO |
2017-08-15 | Name: The remote Debian host is missing a security update. File: debian_DLA-1058.nasl - Type: ACT_GATHER_INFO |
2017-07-27 | Name: The remote Fedora host is missing a security update. File: fedora_2017-71c47e1e82.nasl - Type: ACT_GATHER_INFO |
2017-07-27 | Name: The remote Fedora host is missing a security update. File: fedora_2017-8e9d9771c4.nasl - Type: ACT_GATHER_INFO |
2017-07-26 | Name: The remote Fedora host is missing a security update. File: fedora_2017-e5b36383f4.nasl - Type: ACT_GATHER_INFO |
2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1012.nasl - Type: ACT_GATHER_INFO |