Download
| Alert*
CVE-1999-0143
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. CVE-2000-0391 Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. CVE-2000-0390 Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. CVE-2000-0549 Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. CVE-2000-0548 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. CVE-2000-0547 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function. CVE-2000-0546 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function. CVE-2000-0389 Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. CVE-2000-0550 Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service. CVE-2000-0392 Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. CVE-2017-7562 An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. CVE-2018-20217 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. |