Kerberos Security Advisories
- KDC heap corruption and crash vulnerabilities
- buffer overflow in telnet daemon and client
- KDC null pointer dereference in TGS handling
- KDC denial of service vulnerabilities
- FTP daemon fails to set effective group ID
- kadmind invalid pointer free()
- KDC vulnerable to double-free when PKINIT enabled
- KDC denial of service attacks
- kpropd denial of service
- Multiple checksum handling vulnerabilities
- KDC uninitialized pointer crash in authorization data handling
- GSS-API library null pointer dereference
- double free in KDC
- denial of service in kadmind in older krb5 releases
- denial of service in SPNEGO
- krb5-1.7 KDC denial of service
- integer underflow in AES and RC4 decryption
- KDC denial of service in cross-realm referral processing
- ASN.1 decoder frees uninitialized pointer
- multiple vulnerabilities in SPNEGO, ASN.1 decoder
- array overrun in RPC library used by kadmind
- double-free, uninitialized data vulnerabilities in krb5kdc
- kadmind RPC library buffer overflow, uninitialized pointer
- kadmind vulnerable to buffer overflow
- kadmind affected by multiple RPC library vulnerabilities
- double-free vulnerability in kadmind (via GSS-API library)
- KDC, kadmind stack overflow in krb5_klog_syslog
- telnetd allows login as arbitrary user
- kadmind (via GSS-API mechglue) frees uninitialized pointers
- kadmind (via RPC library) calls uninitialized function pointer
- multiple local privilege escalation vulnerabilities
- double-free in krb5_recvauth
- buffer overflow, heap corruption in KDC
- Buffer overflows in telnet client
- Heap buffer overflow in libkadm5srv
- ASN.1 decoder denial-of-service
- Double-free vulnerabilities in KDC and libraries
- Buffer overrun in aname_to_localname
- Buffer overrun and underrun in principal name handling
- Cryptographic weaknesses in Kerberos v4 protocol; KDC and
realm compromise possible.
- Faulty length checks in xdrmem_getbytes may allow kadmind DoS.
- Multiple vulnerabilities, including possible KDC compromise, in
older releases (prior to 1.2.5).
[updated 2002-10-25] Buffer overflow in kadmind4
- Remote user can gain root access to KDC host.
Remote root vulnerability in MIT krb5 admin system
- Remote user may be able to gain root access to a KDC host.
- Buffer overflows in telnetd
- Buffer overflows in ftpd
- Unsafe temporary file handling in krb4
- A local user may overwrite arbitrary files as root
- Remote root vulnerability in GSSFTPD
- An attacker with access to a local account may gain
unauthorized root access via a krb5-1.1.x ftpd.
- Multiple denial of service
vulnerabilities in krb4 KDC
- A buffer overrun capable of causing a denial of service in
the krb4 KDC compat code was discovered. Additionally,
krb5-1.1.x KDCs with krb4 code enabled are vulnerable to a
separate denial of service.
- Buffer Overrun Vulnerabilities in
Kerberos 4 code
- Serious buffer overruns exist in krb4 compatibility code.
Also, these vulnerabilities likely exist in almost all
implementations derived from MIT krb4.
- Login bug when compiling using
--without-krb4 in 1.1.1
- Compiling remote login programs using the --without-krb4
option has disastrous side effects under 1.1 and 1.1.1
MITKRB5-SA-2002-002-kadm4 attack signature
- Note describing
attack signature associated with possible attacks on kadmind4.
Patches for MITKRB5-SA-2002-002-kadm4
Patches for MITKRB5-SA-2002-001-xdr
Patches for telnetd buffer overflow vulnerability
Patches for ftpd buffer overflow vulnerability
Patches for krb4 temporary file vulnerability
Patches for gssftpd vulnerability
Patches for KDC vulnerabilities
Patches for krb_rd_req() overruns:
The patches in some of the krb4 overrun original advisories
have been untabified, which causes some people to have trouble
applying them with the patch program. You may use
"patch -l" if your version of patch supports it, or you
may apply one of the patches below.
$Id: index.html,v 1.44 2012/08/09 01:17:39 tlyu Exp $
[ home ]
[ contact ]