MIT Kerberos 5-1.8 Alpha

CPE Details

MIT Kerberos 5-1.8 Alpha
mit
kerberos
5-1.8
2016-08-26
17h18 +00:00
2021-04-14
16h10 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:mit:kerberos:5-1.8:alpha1:*:*:*:*:*:*

Informations

Vendor

mit

Product

kerberos

Version

5-1.8

Update

alpha1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2018-20217 2018-12-26 19h00 +00:00 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
5.3
Moyen
CVE-2018-5709 2018-01-16 08h00 +00:00 An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
7.5
Haute
CVE-2018-5710 2018-01-16 08h00 +00:00 An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
6.5
Moyen
CVE-2014-4342 2014-07-20 08h00 +00:00 MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
5