Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
Max CVSS
4.6
EPSS Score
0.04%
Published
1996-02-21
Updated
2022-08-17
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-06-11
Updated
2020-01-21
Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
1997-04-29
Updated
2020-01-21
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
Max CVSS
7.5
EPSS Score
0.55%
Published
1998-11-05
Updated
2008-09-05
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
3.70%
Published
2000-05-16
Updated
2020-01-21
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
1.90%
Published
2000-05-16
Updated
2020-01-21
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
1.90%
Published
2000-05-16
Updated
2020-01-21
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-05-16
Updated
2020-01-21
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.
Max CVSS
10.0
EPSS Score
0.71%
Published
2000-06-14
Updated
2020-01-21
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
Max CVSS
5.0
EPSS Score
0.80%
Published
2000-06-09
Updated
2021-02-02
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
Max CVSS
5.0
EPSS Score
0.80%
Published
2000-06-09
Updated
2021-02-02
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
Max CVSS
5.0
EPSS Score
0.82%
Published
2000-06-09
Updated
2021-02-02
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
Max CVSS
5.0
EPSS Score
1.03%
Published
2000-06-09
Updated
2020-01-21
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
Max CVSS
5.0
EPSS Score
2.31%
Published
2000-06-09
Updated
2020-01-21
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
Max CVSS
10.0
EPSS Score
1.90%
Published
2001-06-18
Updated
2020-01-21
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-06-27
Updated
2020-01-21
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Max CVSS
10.0
EPSS Score
0.92%
Published
2001-08-14
Updated
2022-01-21
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
Max CVSS
7.5
EPSS Score
2.42%
Published
2001-05-16
Updated
2021-11-04
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
Max CVSS
5.0
EPSS Score
8.35%
Published
2003-02-19
Updated
2020-01-21
Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.
Max CVSS
7.5
EPSS Score
2.84%
Published
2002-10-04
Updated
2008-09-05
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Max CVSS
10.0
EPSS Score
29.36%
Published
2002-11-04
Updated
2020-01-21
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
Max CVSS
5.0
EPSS Score
1.06%
Published
2004-03-03
Updated
2017-07-11
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
Max CVSS
7.5
EPSS Score
6.09%
Published
2002-12-31
Updated
2017-07-11
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Max CVSS
5.0
EPSS Score
95.52%
Published
2013-05-29
Updated
2021-02-02
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
Max CVSS
7.5
EPSS Score
96.79%
Published
2003-03-25
Updated
2020-01-21
155 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!