RSS   Vulnerabilities for 'Kerberos 5'   RSS

2008-03-18
 
CVE-2008-0947

 

 
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

 
2008-03-19
 
CVE-2008-0063

 

 
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

 
 
CVE-2008-0062

 

 
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

 
2007-12-05
 
CVE-2007-5971

 

 
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.

 
 
CVE-2007-5901

 

 
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.

 

 >>> Vendor: MIT 7 Products
Kerberos
Pgp public key server
Cgiemail
Kerberos ftp client
Kerberos 5
Mit kerberos
Krb5-appl


Copyright 2018, cxsecurity.com

 

Back to Top