-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2012-001
MIT krb5 Security Advisory 2012-001
Original release: 2012-07-31
Topic: KDC heap corruption and crash vulnerabilities
CVE-2012-1015: KDC frees uninitialized pointer
CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-008
MIT krb5 Security Advisory 2011-008
Original release: 2011-12-26
Last update: 2011-12-26
Topic: buffer overflow in telnetd
CVE-2011-4862
CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
CVSSv2 Base Score: 10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-007
MIT krb5 Security Advisory 2011-007
Original release: 2011-12-06
Last update: 2011-12-06
Topic: KDC null pointer dereference in TGS handling
CVE-2011-1530
KDC null pointer dereference in TGS handling
CVSSv2 Vector:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-006
MIT krb5 Security Advisory 2011-006
Original release: 2011-10-18
Last update: 2011-10-18
Topic: KDC denial of service vulnerabilities
CVE-2011-1527: null pointer dereference in KDC LDAP back end
CVSSv2 Vector:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-004
MIT krb5 Security Advisory 2011-004
Original release: 2011-04-12
Last update: 2011-04-12
Topic: kadmind invalid pointer free()
CVE-2011-0285
CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 10
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-003
MIT krb5 Security Advisory 2011-003
Original release: 2011-03-15
Last update: 2011-03-15
Topic: KDC vulnerable to double-free when PKINIT enabled
CVE-2011-0284
CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C
CVSSv2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-001
MIT krb5 Security Advisory 2011-001
Original release: 2011-02-08
Last update: 2011-02-08
Topic: kpropd denial of service
CVE-2010-4022
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C
CVSSv2 Base Score: 5
Access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2011-002
MIT krb5 Security Advisory 2011-002
Original release: 2011-02-08
Last update: 2011-02-08
Topic: KDC denial of service attacks
CVE-2011-0281: KDC vulnerable to hang when using LDAP back end
CVSSv2 Vector:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2010-007
MIT krb5 Security Advisory 2010-007
Original release: 2010-11-30
Last update: 2010-11-30
Topic: Multiple checksum handling vulnerabilities
CVE-2010-1324
* krb5 GSS-API applications may accept unkeyed checksums
* krb5 application
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2010-006
MIT krb5 Security Advisory 2010-006
Original release: 2010-10-05
Topic: KDC uninitialized pointer crash in authorization data handling
CVE-2010-1322
CVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C/E:H/RL:OF/RC:C
CVSSv2 Base Score:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2010-005
MIT krb5 Security Advisory 2010-005
Original release: 2010-05-18
Topic: GSS-API library null pointer dereference
CVE-2010-1321
CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 6.8
Access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2010-004
MIT krb5 Security Advisory 2010-004
Original release: 2010-04-20
Topic: double free in KDC
CVE-2010-1320
CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 9
Access Vector: Network
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2010-003
MIT krb5 Security Advisory 2010-003
Original release: 2010-04-06
Last update: 2010-04-06
Topic: denial of service in kadmind in older krb5 releases
CVE-2010-0629
denial of service in kadmind in older krb5 releases
CVSSv2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2010-002
MIT krb5 Security Advisory 2010-002
Original release: 2010-03-23
Last update: 2010-03-23
Topic: denial of service in SPNEGO
CVE-2010-0628
VU#839413
denial of service in SPNEGO
CVSSv2 Vector:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2010-001
MIT krb5 Security Advisory 2010-001
Original release: 2010-02-16
Last update: 2010-02-16
Topic: krb5-1.7 KDC denial of service
CVE-2010-0283
krb5-1.7 KDC denial of service
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:O/RC:C
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2009-004
MIT krb5 Security Advisory 2009-004
Original release: 2010-01-12
Topic: integer underflow in AES and RC4 decryption
CVE-2009-4212
integer underflow in AES and RC4 decryption
CVSSv2 Vector:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Updated to reflect the need to authenticate for successful
exploitation. This decreases the severity level of the vulnerability.
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2009-003
MIT krb5 Security Advisory 2009-003
Original release: 2009-12-28
Last update: 2009-12-28
Topic: KDC denial of service in cross-realm referral processing
CVE-2009-3295
KDC denial of service in cross-realm referral processing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2009-002
MIT krb5 Security Advisory 2009-002
Original release: 2009-04-07
Last update: 2009-04-07
Topic: ASN.1 decoder frees uninitialized pointer
[CVE-2009-0846]
ASN.1 GeneralizedTime decoder can free uninitialized pointer
CVSSv2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MITKRB5-SA-2009-001
MIT krb5 Security Advisory 2009-001
Original release: 2009-04-07
Last update: 2009-04-07
Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder
[CVE-2009-0844]
SPNEGO implementation can read beyond buffer end
CVSSv2 Vector:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The MIT Kerberos Team has discovered a problem with the originally
published patch for svc_auth_gss.c [CVE-2007-3999], which allowed a
32-byte overflow. Depending on the compilation environment and
machine architecture, this may or may not be a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2007-006
Original release: 2007-09-04
Last update: 2007-09-04
Topic: kadmind RPC lib buffer overflow, uninitialized pointer
[CVE-2007-3999/VU#883632]
RPC library buffer overflow
CVSSv2 Vector:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2007-004
Original release: 2007-06-26
Last update: 2007-06-26
Topic: kadmind affected by multiple RPC library vulnerabilities
Severity: CRITICAL
CVE: CVE-2007-2442
CERT: VU#356961
CVE: CVE-2007-2443
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2007-005
Original release: 2007-06-26
Last update: 2007-06-26
Topic: kadmind vulnerable to buffer overflow
Severity: CRITICAL
CVE: CVE-2007-2798
CERT: VU#554257
SUMMARY
===
The MIT krb5 Kerberos
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2007-002
Original release: 2007-04-03
Last update: 2007-04-03
Topic: KDC, kadmind stack overflow in krb5_klog_syslog
Severity: CRITICAL
CVE: CVE-2007-0957
CERT: VU#704024
SUMMARY
===
The library
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2007-001
Original release: 2007-04-03
Last update: 2007-04-03
Topic: telnetd allows login as arbitrary user
Severity: CRITICAL
CVE: CVE-2007-0956
CERT: VU#220816
SUMMARY
===
The MIT krb5 telnet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2007-003
Original release: 2007-04-03
Last update: 2007-04-03
Topic: double-free vulnerability in kadmind (via GSS-API library)
Severity: CRITICAL
CVE: CVE-2007-1216
CERT: VU#419344
SUMMARY
===
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2006-002
Original release: 2007-01-09
Last update: 2007-01-09
Topic: kadmind (via RPC library) calls uninitialized function pointer
Severity: CRITICAL
CVE: CVE-2006-6143
CERT: VU#481564
SUMMARY
===
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2006-003
Original release: 2007-01-09
Last update: 2007-01-09
Topic: kadmind (via GSS-API mechglue) frees uninitialized pointers
Severity: CRITICAL
CVE: CVE-2006-6144
CERT: VU#831452
SUMMARY
===
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2006-001
Original release: 2006-08-08
Last update: 2006-08-16
Topic: multiple local privilege escalation vulnerabilities
Severity: serious
SUMMARY
===
[patch corrected since original release]
In
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2006-001
Original release: 2006-08-08
Topic: multiple local privilege escalation vulnerabilities
Severity: serious
SUMMARY
===
In certain application programs packaged in the MIT Kerberos 5 source
-BEGIN PGP SIGNED MESSAGE-
MIT krb5 Security Advisory 2003-003
2003-03-18
Topic: faulty length checks in xdrmem_getbytes
Severity: serious
SUMMARY
===
The MIT Kerberos 5 implementation includes an RPC library derived from
SUNRPC. We have been notified that the
http://www.kb.cert.org/vuls/id/623217
CERT VU#442569
http://www.kb.cert.org/vuls/id/442569
ACKNOWLEDGMENTS
===
This advisory was written by Sam Hartman and Tom Yu. Ken Raeburn
participated in the analysis of the cryptographic vulnerabilities.
Steve Bellovin provided some
-BEGIN PGP SIGNED MESSAGE-
MIT krb5 Security Advisory 2002-002 [updated]
2002-10-25 [updated; revision history at end]
Original Release Date: 2002-10-22
Topic: Buffer overflow in kadmind4
Severity: CRITICAL - Remote user can gain root access to KDC host.
SUMMARY
===
-BEGIN PGP SIGNED MESSAGE-
MIT krb5 Security Advisory 2002-002
2002-10-22
Topic: Buffer overflow in kadmind4
Severity: CRITICAL - Remote user can gain root access to KDC host.
SUMMARY
===
A stack buffer overflow in the implementation of the Kerberos v4
-BEGIN PGP SIGNED MESSAGE-
MIT krb5 Security Advisory 2002-001
2002-08-02
Topic: Remote root vulnerability in MIT krb5 admin system
Severity: Remote user may be able to gain root access to a KDC host.
SUMMARY
===
There is an integer overflow bug in the
-BEGIN PGP SIGNED MESSAGE-
KRB5 TELNETD BUFFER OVERFLOWS
2001-07-31
SUMMARY:
Buffer overflows exist in the telnet daemon included with MIT krb5.
Exploits are believed to exist for various operating systems on at
least the i386 architecture.
IMPACT:
If telnetd is
-BEGIN PGP SIGNED MESSAGE-
KRB5 FTPD BUFFER OVERFLOWS
2001-04-25
SUMMARY:
Buffer overflows exist in the FTP daemon included with MIT krb5.
IMPACT:
* If anonymous FTP is enabled, a remote user may gain unauthorized
root access.
* A user with access to a local
-BEGIN PGP SIGNED MESSAGE-
UNSAFE TEMPORARY FILE HANDLING IN KRB4
2001-03-07
SUMMARY:
A /tmp race condition exists in MIT-derived implementations of
Kerberos 4.
IMPACT:
On a system running login daemons with Kerberos 4 support, a local
user may be able to overwrite
39 matches
Mail list logo