Kerberos MIT Kerberos

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in MIT Kerberos.

By the Year

In 2024 there have been 0 vulnerabilities in MIT Kerberos . Kerberos did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 3 6.43

It may take a day or so for new Kerberos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent MIT Kerberos Security Vulnerabilities

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17

CVE-2018-20217 5.3 - Medium - December 26, 2018

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

assertion failure

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16

CVE-2018-5709 7.5 - High - January 16, 2018

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Integer Overflow or Wraparound

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16

CVE-2018-5710 6.5 - Medium - January 16, 2018

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

NULL Pointer Dereference

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems

CVE-2001-0554 - August 14, 2001

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Classic Buffer Overflow

Buffer overflow in Kerberos 4 KDC program

CVE-2000-0546 - June 09, 2000

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

Classic Buffer Overflow

Buffer overflow in Kerberos 4 KDC program

CVE-2000-0547 - June 09, 2000

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.

Classic Buffer Overflow

Buffer overflow in Kerberos 4 KDC program

CVE-2000-0548 - June 09, 2000

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

Classic Buffer Overflow

Kerberos 4 key servers

CVE-1999-0143 - February 21, 1996

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Sunos or by MIT? Click the Watch button to subscribe.

MIT
Vendor

MIT Kerberos
Product

subscribe