MIT Kerberos 4.0

CPE Details

MIT Kerberos 4.0
mit
kerberos
4.0
2021-02-02
13h37 +00:00
2021-04-14
16h10 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mit:kerberos:4.0:-:*:*:*:*:*:*

Informations

Vendor

mit

Product

kerberos

Version

4.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-20217 2018-12-26 19h00 +00:00 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
5.3
Medium
CVE-2018-5709 2018-01-16 08h00 +00:00 An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
7.5
High
CVE-2018-5710 2018-01-16 08h00 +00:00 An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
6.5
Medium
CVE-2000-0548 2000-10-13 02h00 +00:00 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
5
CVE-2000-0549 2000-10-13 02h00 +00:00 Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
5
CVE-2000-0550 2000-10-13 02h00 +00:00 Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
5
CVE-2000-0389 2000-07-12 02h00 +00:00 Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
10
CVE-2000-0390 2000-07-12 02h00 +00:00 Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
10
CVE-2000-0391 2000-07-12 02h00 +00:00 Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
10
CVE-2000-0392 2000-07-12 02h00 +00:00 Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
7.2
CVE-2000-0546 2000-07-12 02h00 +00:00 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
5
CVE-2000-0547 2000-07-12 02h00 +00:00 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
5
CVE-1999-0143 1999-09-29 02h00 +00:00 Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
4.6