MITKRB5-SA-2012-001: KDC heap corruption and crash [CVE-2012-1014 CVE-2012-1015]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2012-001 MIT krb5 Security Advisory 2012-001 Original release: 2012-07-31 Topic: KDC heap corruption and crash vulnerabilities CVE-2012-1015: KDC frees uninitialized pointer CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C

MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-008 MIT krb5 Security Advisory 2011-008 Original release: 2011-12-26 Last update: 2011-12-26 Topic: buffer overflow in telnetd CVE-2011-4862 CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C CVSSv2 Base Score: 10

MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-007 MIT krb5 Security Advisory 2011-007 Original release: 2011-12-06 Last update: 2011-12-06 Topic: KDC null pointer dereference in TGS handling CVE-2011-1530 KDC null pointer dereference in TGS handling CVSSv2 Vector:

MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-006 MIT krb5 Security Advisory 2011-006 Original release: 2011-10-18 Last update: 2011-10-18 Topic: KDC denial of service vulnerabilities CVE-2011-1527: null pointer dereference in KDC LDAP back end CVSSv2 Vector:

MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-004 MIT krb5 Security Advisory 2011-004 Original release: 2011-04-12 Last update: 2011-04-12 Topic: kadmind invalid pointer free() CVE-2011-0285 CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 10

MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-003 MIT krb5 Security Advisory 2011-003 Original release: 2011-03-15 Last update: 2011-03-15 Topic: KDC vulnerable to double-free when PKINIT enabled CVE-2011-0284 CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2

MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-001 MIT krb5 Security Advisory 2011-001 Original release: 2011-02-08 Last update: 2011-02-08 Topic: kpropd denial of service CVE-2010-4022 CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C CVSSv2 Base Score: 5 Access

MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-002 MIT krb5 Security Advisory 2011-002 Original release: 2011-02-08 Last update: 2011-02-08 Topic: KDC denial of service attacks CVE-2011-0281: KDC vulnerable to hang when using LDAP back end CVSSv2 Vector:

MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2010-007 MIT krb5 Security Advisory 2010-007 Original release: 2010-11-30 Last update: 2010-11-30 Topic: Multiple checksum handling vulnerabilities CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums * krb5 application

MITKRB5-SA-2010-006 [CVE-2010-1322] KDC uninitialized pointer crash in authorization data handling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2010-006 MIT krb5 Security Advisory 2010-006 Original release: 2010-10-05 Topic: KDC uninitialized pointer crash in authorization data handling CVE-2010-1322 CVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C/E:H/RL:OF/RC:C CVSSv2 Base Score:

MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2010-005 MIT krb5 Security Advisory 2010-005 Original release: 2010-05-18 Topic: GSS-API library null pointer dereference CVE-2010-1321 CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 6.8 Access

MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2010-004 MIT krb5 Security Advisory 2010-004 Original release: 2010-04-20 Topic: double free in KDC CVE-2010-1320 CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 9 Access Vector: Network

MITKRB5-SA-2010-003 [CVE-2010-0629] denial of service in kadmind in older krb5 releases

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2010-003 MIT krb5 Security Advisory 2010-003 Original release: 2010-04-06 Last update: 2010-04-06 Topic: denial of service in kadmind in older krb5 releases CVE-2010-0629 denial of service in kadmind in older krb5 releases CVSSv2

MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2010-002 MIT krb5 Security Advisory 2010-002 Original release: 2010-03-23 Last update: 2010-03-23 Topic: denial of service in SPNEGO CVE-2010-0628 VU#839413 denial of service in SPNEGO CVSSv2 Vector:

MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2010-001 MIT krb5 Security Advisory 2010-001 Original release: 2010-02-16 Last update: 2010-02-16 Topic: krb5-1.7 KDC denial of service CVE-2010-0283 krb5-1.7 KDC denial of service CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:O/RC:C

MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2009-004 MIT krb5 Security Advisory 2009-004 Original release: 2010-01-12 Topic: integer underflow in AES and RC4 decryption CVE-2009-4212 integer underflow in AES and RC4 decryption CVSSv2 Vector:

UPDATE: MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Updated to reflect the need to authenticate for successful exploitation. This decreases the severity level of the vulnerability. http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8

MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2009-003 MIT krb5 Security Advisory 2009-003 Original release: 2009-12-28 Last update: 2009-12-28 Topic: KDC denial of service in cross-realm referral processing CVE-2009-3295 KDC denial of service in cross-realm referral processing

MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2009-002 MIT krb5 Security Advisory 2009-002 Original release: 2009-04-07 Last update: 2009-04-07 Topic: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846] ASN.1 GeneralizedTime decoder can free uninitialized pointer CVSSv2

MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2009-001 MIT krb5 Security Advisory 2009-001 Original release: 2009-04-07 Last update: 2009-04-07 Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844] SPNEGO implementation can read beyond buffer end CVSSv2 Vector:

updated patch: MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The MIT Kerberos Team has discovered a problem with the originally published patch for svc_auth_gss.c [CVE-2007-3999], which allowed a 32-byte overflow. Depending on the compilation environment and machine architecture, this may or may not be a

MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2007-006 Original release: 2007-09-04 Last update: 2007-09-04 Topic: kadmind RPC lib buffer overflow, uninitialized pointer [CVE-2007-3999/VU#883632] RPC library buffer overflow CVSSv2 Vector:

MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2007-004 Original release: 2007-06-26 Last update: 2007-06-26 Topic: kadmind affected by multiple RPC library vulnerabilities Severity: CRITICAL CVE: CVE-2007-2442 CERT: VU#356961 CVE: CVE-2007-2443

MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2007-005 Original release: 2007-06-26 Last update: 2007-06-26 Topic: kadmind vulnerable to buffer overflow Severity: CRITICAL CVE: CVE-2007-2798 CERT: VU#554257 SUMMARY === The MIT krb5 Kerberos

MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2007-002 Original release: 2007-04-03 Last update: 2007-04-03 Topic: KDC, kadmind stack overflow in krb5_klog_syslog Severity: CRITICAL CVE: CVE-2007-0957 CERT: VU#704024 SUMMARY === The library

MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2007-001 Original release: 2007-04-03 Last update: 2007-04-03 Topic: telnetd allows login as arbitrary user Severity: CRITICAL CVE: CVE-2007-0956 CERT: VU#220816 SUMMARY === The MIT krb5 telnet

MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2007-003 Original release: 2007-04-03 Last update: 2007-04-03 Topic: double-free vulnerability in kadmind (via GSS-API library) Severity: CRITICAL CVE: CVE-2007-1216 CERT: VU#419344 SUMMARY === The

MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2006-002 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind (via RPC library) calls uninitialized function pointer Severity: CRITICAL CVE: CVE-2006-6143 CERT: VU#481564 SUMMARY ===

MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2006-003 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind (via GSS-API mechglue) frees uninitialized pointers Severity: CRITICAL CVE: CVE-2006-6144 CERT: VU#831452 SUMMARY ===

UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2006-001 Original release: 2006-08-08 Last update: 2006-08-16 Topic: multiple local privilege escalation vulnerabilities Severity: serious SUMMARY === [patch corrected since original release] In

MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MIT krb5 Security Advisory 2006-001 Original release: 2006-08-08 Topic: multiple local privilege escalation vulnerabilities Severity: serious SUMMARY === In certain application programs packaged in the MIT Kerberos 5 source

MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes

-BEGIN PGP SIGNED MESSAGE- MIT krb5 Security Advisory 2003-003 2003-03-18 Topic: faulty length checks in xdrmem_getbytes Severity: serious SUMMARY === The MIT Kerberos 5 implementation includes an RPC library derived from SUNRPC. We have been notified that the

MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4protocol

http://www.kb.cert.org/vuls/id/623217 CERT VU#442569 http://www.kb.cert.org/vuls/id/442569 ACKNOWLEDGMENTS === This advisory was written by Sam Hartman and Tom Yu. Ken Raeburn participated in the analysis of the cryptographic vulnerabilities. Steve Bellovin provided some

Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4

-BEGIN PGP SIGNED MESSAGE- MIT krb5 Security Advisory 2002-002 [updated] 2002-10-25 [updated; revision history at end] Original Release Date: 2002-10-22 Topic: Buffer overflow in kadmind4 Severity: CRITICAL - Remote user can gain root access to KDC host. SUMMARY ===

MITKRB5-SA-2002-002: Buffer overflow in kadmind4

-BEGIN PGP SIGNED MESSAGE- MIT krb5 Security Advisory 2002-002 2002-10-22 Topic: Buffer overflow in kadmind4 Severity: CRITICAL - Remote user can gain root access to KDC host. SUMMARY === A stack buffer overflow in the implementation of the Kerberos v4

MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 adminsystem

-BEGIN PGP SIGNED MESSAGE- MIT krb5 Security Advisory 2002-001 2002-08-02 Topic: Remote root vulnerability in MIT krb5 admin system Severity: Remote user may be able to gain root access to a KDC host. SUMMARY === There is an integer overflow bug in the

security advisory: krb5 telnetd buffer overflows

-BEGIN PGP SIGNED MESSAGE- KRB5 TELNETD BUFFER OVERFLOWS 2001-07-31 SUMMARY: Buffer overflows exist in the telnet daemon included with MIT krb5. Exploits are believed to exist for various operating systems on at least the i386 architecture. IMPACT: If telnetd is

Security advisory: krb5 ftpd buffer overflows

-BEGIN PGP SIGNED MESSAGE- KRB5 FTPD BUFFER OVERFLOWS 2001-04-25 SUMMARY: Buffer overflows exist in the FTP daemon included with MIT krb5. IMPACT: * If anonymous FTP is enabled, a remote user may gain unauthorized root access. * A user with access to a local

Security advisory: Unsafe temporary file handling in krb4

-BEGIN PGP SIGNED MESSAGE- UNSAFE TEMPORARY FILE HANDLING IN KRB4 2001-03-07 SUMMARY: A /tmp race condition exists in MIT-derived implementations of Kerberos 4. IMPACT: On a system running login daemons with Kerberos 4 support, a local user may be able to overwrite