Kerberos MIT Kerberos

Do you want an email whenever new security vulnerabilities are reported in MIT Kerberos?

By the Year

In 2022 there have been 0 vulnerabilities in MIT Kerberos . Kerberos did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 3 6.43

It may take a day or so for new Kerberos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent MIT Kerberos Security Vulnerabilities

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17

CVE-2018-20217 5.3 - Medium - December 26, 2018

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

assertion failure

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16

CVE-2018-5709 7.5 - High - January 16, 2018

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Integer Overflow or Wraparound

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16

CVE-2018-5710 6.5 - Medium - January 16, 2018

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

NULL Pointer Dereference

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems

CVE-2001-0554 - August 14, 2001

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Classic Buffer Overflow

Buffer overflow in Kerberos 4 KDC program

CVE-2000-0546 - June 09, 2000

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

Classic Buffer Overflow

Buffer overflow in Kerberos 4 KDC program

CVE-2000-0547 - June 09, 2000

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.

Classic Buffer Overflow

Buffer overflow in Kerberos 4 KDC program

CVE-2000-0548 - June 09, 2000

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

Classic Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for MIT Kerberos 5 or by MIT? Click the Watch button to subscribe.

MIT
Vendor

MIT Kerberos
Product

subscribe