Filtered by vendor Mit Subscriptions
Total 157 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2000-0546 3 Cygnus Network Security Project, Kerbnet Project, Mit 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more 2025-04-03 N/A
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
CVE-2000-0547 3 Cygnus Network Security Project, Kerbnet Project, Mit 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more 2025-04-03 N/A
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
CVE-2000-0548 3 Cygnus Network Security Project, Kerbnet Project, Mit 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more 2025-04-03 N/A
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
CVE-2000-0549 2 Cygnus, Mit 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more 2025-04-03 N/A
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
CVE-2000-0550 2 Cygnus, Mit 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more 2025-04-03 N/A
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
CVE-2001-0417 1 Mit 2 Kerberos, Kerberos 5 2025-04-03 N/A
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
CVE-2004-0642 3 Debian, Mit, Redhat 6 Debian Linux, Kerberos 5, Enterprise Linux and 3 more 2025-04-03 N/A
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
CVE-2004-0644 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-03 N/A
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
CVE-2006-3083 3 Heimdal, Mit, Redhat 3 Heimdal, Kerberos 5, Enterprise Linux 2025-04-03 N/A
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
CVE-1999-0713 4 Cde, Digital, Mit and 1 more 4 Cde, Unix, Kerberos 5 and 1 more 2025-04-03 N/A
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
CVE-1999-1296 1 Mit 1 Kerberos 5 2025-04-03 N/A
Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.
CVE-2003-0072 2 Mit, Redhat 4 Kerberos, Kerberos 5, Enterprise Linux and 1 more 2025-04-03 N/A
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
CVE-2006-3084 2 Heimdal, Mit 2 Heimdal, Kerberos 5 2025-04-03 N/A
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
CVE-2003-0041 3 Mandrakesoft, Mit, Redhat 5 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 2 more 2025-04-03 N/A
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
CVE-2003-0082 2 Mit, Redhat 4 Kerberos, Kerberos 5, Enterprise Linux and 1 more 2025-04-03 N/A
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
CVE-2004-0643 3 Debian, Mit, Redhat 6 Debian Linux, Kerberos 5, Enterprise Linux and 3 more 2025-04-03 N/A
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
CVE-2001-1323 2 Mit, Redhat 2 Kerberos 5, Linux 2025-04-03 N/A
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
CVE-2024-26462 3 Mit, Netapp, Redhat 12 Kerberos 5, Active Iq Unified Manager, Cloud Volumes Ontap Mediator and 9 more 2025-03-25 5.5 Medium
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
CVE-2024-37371 3 Debian, Mit, Redhat 9 Debian Linux, Kerberos 5, Enterprise Linux and 6 more 2025-03-14 9.1 Critical
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
CVE-2024-37370 2 Mit, Redhat 8 Kerberos 5, Enterprise Linux, Rhel Aus and 5 more 2025-03-13 7.5 High
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.