Search Results (160 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0523 5 Mit, Redhat, Sgi and 2 more 8 Kerberos, Kerberos 5, Enterprise Linux and 5 more 2026-04-16 N/A
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
CVE-2000-0547 3 Cygnus Network Security Project, Kerbnet Project, Mit 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more 2026-04-16 N/A
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
CVE-2002-0900 1 Mit 1 Pgp Public Key Server 2026-04-16 N/A
Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.
CVE-2001-0247 5 Freebsd, Mit, Netbsd and 2 more 5 Freebsd, Kerberos 5, Netbsd and 2 more 2026-04-16 N/A
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
CVE-1999-0713 4 Cde, Digital, Mit and 1 more 4 Cde, Unix, Kerberos 5 and 1 more 2026-04-16 N/A
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
CVE-2006-3084 2 Heimdal, Mit 2 Heimdal, Kerberos 5 2026-04-16 N/A
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
CVE-2003-0041 3 Mandrakesoft, Mit, Redhat 5 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 2 more 2026-04-16 N/A
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
CVE-2003-0058 3 Mit, Redhat, Sun 6 Kerberos 5, Enterprise Linux, Linux and 3 more 2026-04-16 N/A
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
CVE-2003-0138 2 Mit, Redhat 3 Kerberos, Enterprise Linux, Linux 2026-04-16 N/A
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
CVE-2003-0060 1 Mit 1 Kerberos 5 2026-04-16 N/A
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
CVE-2000-0390 3 Cygnus, Mit, Redhat 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more 2026-04-16 N/A
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
CVE-2005-1175 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2026-04-16 N/A
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
CVE-2005-1174 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2026-04-16 N/A
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
CVE-2000-0549 2 Cygnus, Mit 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more 2026-04-16 N/A
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
CVE-2002-1652 1 Mit 1 Cgiemail 2026-04-16 N/A
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
CVE-1999-1321 1 Mit 1 Kerberos 2026-04-16 N/A
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
CVE-2006-3083 3 Heimdal, Mit, Redhat 3 Heimdal, Kerberos 5, Enterprise Linux 2026-04-16 N/A
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
CVE-2000-0389 3 Cygnus, Mit, Redhat 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more 2026-04-16 N/A
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
CVE-2002-1235 4 Debian, Kth, Mit and 1 more 6 Debian Linux, Kth Kerberos 4, Kth Kerberos 5 and 3 more 2026-04-16 N/A
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
CVE-2004-0772 4 Debian, Mit, Openpkg and 1 more 4 Debian Linux, Kerberos 5, Openpkg and 1 more 2026-04-16 9.8 Critical
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.