MIT krb5 Security Advisory 2004-004 - The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host.
8afcac7cf93898ab1d3d2e0f2225c4a3929f21722ddcc457450e59dffa3526d6
MIT krb5 Security Advisory 2015-001 - The MIT krb5 team has discovered four vulnerabilities affecting kadmind. Some of these vulnerabilities may also affect server applications which use the gssrpc library or the gss_process_context_token() function. These are implementation vulnerabilities, not vulnerabilities in the Kerberos protocol.
f28cbd6ed4a8c0e3d26bda041aee940c93d73705b7f39828878cb06bf34542dd
MIT krb5 Security Advisory 2014-001 - In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow). This is not a protocol vulnerability. Using LDAP for the KDC database is a non-default configuration for the KDC.
bae8ba206013d74a29880ba20751b206d092a9d7228d613cff50af35cbe8b9a7
MIT krb5 Security Advisory 2012-001 - The MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability. The MIT krb5 KDC daemon can dereference an uninitialized pointer while processing a malformed AS-REQ, causing the daemon to abnormally terminate. This vulnerability could theoretically lead to the execution of malicious code, but that is believed to be very difficult.
c6e678cd6912090035d37e0e943e9a727bca5c72a814f85c04f9e97cff64c21e
MIT krb5 Security Advisory 2011-008 - The telnet daemon (telnetd) in MIT krb5 (and in krb5-appl after the applications were moved to a separate distribution for krb5-1.8) is vulnerable to a buffer overflow. The flaw does not require authentication to exploit. Exploit code is reported to be actively used in the wild.
94f4852b4ef0d480fd44f6fff8a1a449daff42441b00c788d6970db82695afc2
MIT krb5 Security Advisory 2011-007 - In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference in code that handles TGS (Ticket Granting Service) requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a principal in the KDC's realm.
4ca042a5da054adcd94232f80427d3eb47e18bef1cfb4b02d416b3b522988c17
MIT krb5 Security Advisory 2011-006 - In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition is publicly known but not known to be widely circulated. In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. No exploit is known to exist, but there is public evidence that the unidentified trigger condition occurs in the field. In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. No exploit is known to exist.
8b04ece8c34bca3fda0990a86bfcf42198a26b09a9a26da0008d965a7b170253
MIT krb5 Security Advisory 2011-005 - A remote client of the GSS-API FTP daemon in the krb5-appl distribution can access files using the effective group ID that the FTP daemon process had when it started.
1fe339215ceaa9f7616aea04e0760e9c50130ea0ca8add4046b96df17325d31e
MIT krb5 Security Advisory 2011-004 - The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.
0e3e5240220bc86a2ebbd53af919f5eb300431e7d92522bea43cb28a37d3570e
MIT krb5 Security Advisory 2011-003 - The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult).
b0ca25ea27a1f31338f24d60a05c7d8d56f653b8316aaf2ac49d655c3abd9ae7
MIT krb5 Security Advisory 2011-002 - The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. CVE-2011-0281 and CVE-2011-0282 occur only in KDCs using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9 KDCs.
537effdd39dea6c8a3f21ad5bed3351a69acff15857c7c8386bb0ee6b9b645a5
MIT krb5 Security Advisory 2011-001 - The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on from receiving database updates from the master KDC.
7cf25f2ff026501a57cf8c31911a2fe6b46fe68de815df7baaf8ae13556ff833
MIT krb5 Security Advisory 2010-006 - When the MIT krb5 KDC receives certain Kerberos TGS request messages, it may dereference an uninitialized pointer while processing authorization data, causing a crash, or in rare cases, unauthorized information disclosure, ticket modification, or execution of arbitrary code. The crash may be triggered by legitimate requests. This is an implementation vulnerability in MIT krb5, and not a vulnerability in the Kerberos protocol.
f3039556ba2a6b5f444436e40cac97de156ae171ed4baa92a2d04b1d58559192
MIT krb5 Security Advisory 2010-005 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. This is an implementation vulnerability in MIT krb5, and not a vulnerability in the Kerberos protocol.
cc1b8fffda0bffb0aa4a0713ccb004929b6f728de0eb2f7abea453bcbceb2996
MIT krb5 Security Advisory 2010-004 - An authenticated remote attacker can crash the KDC by inducing the KDC to perform a double free. Under some circumstances on some platforms, this could also allow malicious code execution. Successfully inducing code execution by exploiting a double free is believed to be difficult, and no such exploits are known to exist for this vulnerability.
7b328a95b0feb5b66e3e8d9d97e9c430a50cbb70a4a9b3e5635ac7b96fad9238
MIT krb5 Security Advisory 2010-003 - In previous MIT krb5 releases krb5-1.5 through krb5-1.6.3, the Kerberos administration daemon (kadmind) can crash due to referencing freed memory. A legitimate user can trigger this crash by using a newer version of the kadmin protocol than the server supports.
52f15147f99a8b73ce1c76f66321a7b8f7baa3149d7fbbd12a0453ca1dd44b10
MIT krb5 Security Advisory 2010-002 - In MIT krb5 releases krb5-1.7 and later, the SPNEGO GSS-API mechanism can experience an assertion failure when receiving certain invalid messages. This can cause a GSS-API application to crash.
8b74aaf71f23d59e52c2c5e99d47fcfed5c74bdf28f1258ddc4c501fa74f3d46
MIT krb5 Security Advisory 2010-001 - Improper input validation in the KDC can cause an assertion failure and process termination. A functional exploit exists, but is not known to be publicly circulated. Releases prior to krb5-1.7 did not contain the vulnerable code. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol.
b1bd884f089b3170c3a079bd0375feef10cfbc74b302004b3d4841a87c15c4b9
MIT krb5 Security Advisory 2009-004 - Integer underflow bugs in the AES and RC4 decryption operations of the crypto library of the MIT Kerberos software can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution. Only releases krb5-1.3 and later are vulnerable, as earlier releases did not contain the functionality implemented by the vulnerable code.
193c3366049395667e47d23e4b590c4d4d8774883250a735de92418983d0d6ec
MIT krb5 Security Advisory 2009-003 - A null pointer dereference can occur in an error condition in the KDC cross-realm referral processing code in MIT krb5-1.7. This can cause the KDC to crash. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol.
492697d164ff8839715b475976bfa5ce3d9f4e7467ed101685ba6316dbd549a1
MIT krb5 Security Advisory 2009-002 - An ASN.1 decoder can free an uninitialized pointer when decoding an invalid encoding. This can cause a Kerberos application to crash, or, under theoretically possible but unlikely circumstances, execute arbitrary malicious code.
d26cdb51c70ac0de19c2b9607694e8b48c583d10e58fa642b3788316fae5852e
MIT krb5 Security Advisory 2009-001 - The MIT krb5 implementation of the SPNEGO GSS-API mechanism can read beyond the end of a network input buffer. This can cause a GSS-API application to crash by reading from invalid address space. The MIT krb5 implementation of the SPNEGO GSS-API mechanism can dereference a null pointer under error conditions. This can cause a GSS-API application to crash. MIT krb5 can perform an incorrect length check inside an ASN.1 decoder. This only presents a problem in the PK-INIT code paths. In the MIT krb5 KDC or kinit program, this could lead to spurious malloc() failures or, under some conditions, program crash.
583a1d16957cdf1f031324b91889dc97c740b74cc3658c16852a8bfb19d26197
MIT krb5 Security Advisory 2008-002 - Two bugs in the RPC library server code, used in the kadmin server, causes an array overrun if too many file descriptors are opened. Memory corruption can result.
babea146a2709b824d53e705a51818ddc0eafaabe79184f098c7bcaae51bc824
MIT krb5 Security Advisory 2007-006 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow in the RPCSEC_GSS authentication flavor of the RPC library. Third-party applications using the RPC library provided with MIT krb5 may also be affected. Updated version of the original advisory with a fixed patch.
c517f29d3963a74e5996d51015499a26393ca2069f0a85df1eae3889e291d2f7
MIT krb5 Security Advisory 2007-006 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow in the RPCSEC_GSS authentication flavor of the RPC library. Third-party applications using the RPC library provided with MIT krb5 may also be affected.
1a9330f6b961fff2fb28514f62dcab6e7a9f0930d3de7df2541edeccbfb12714
MIT krb5 Security Advisory 2007-005 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow.
5915f86c61c9564dc34aa5cb655f913b024147f3860c66cbc95b45eba5a08091