MIT krb5 Security Advisory 2004-004 - The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host.
8afcac7cf93898ab1d3d2e0f2225c4a3929f21722ddcc457450e59dffa3526d6
MIT krb5 Security Advisory 2007-003 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a double-free attack in the RPCSEC_GSS authentication flavor of the RPC library, which itself results from a bug in the GSS-API library. Under some error conditions, the krb5 GSS-API mechanism can free a buffer which an application may then free again. This may result in arbitrary code execution. Third-party applications using the GSS-API library provided with MIT krb5 may also be vulnerable. Exploitation of double-free bugs is believed to be difficult. This is a bug in the GSS-API library included with MIT krb5, which is used by kadmind and by some third-party applications. It is not a bug in the Kerberos protocol.
f291c6c286ffbc83b72ebf4adc2f6466780b590111a25542252892793da975a8
MIT krb5 Security Advisory 2007-002 - The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. Exploitation of this vulnerability is probably simple. This is a vulnerability in the the kadm5 library, which is used by the KDC and kadmind, and possibly by some third-party applications. It is not a bug in the MIT krb5 protocol libraries or in the Kerberos protocol.
245649e1ac34647dc9b3ba7ed654bd1c43c69789f15fc8639c40e411278935ec
MIT krb5 Security Advisory 2007-001 - The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary user, when presented with a specially crafted username. Exploitation of this vulnerability is trivial.
e64c4495781023e309efa33945e4e58ff3e675128fbcd57e8f499a2e7933eeda
MIT krb5 Security Advisory 2006-003 - The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution. This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation. Third-party applications written using the GSS-API may also be vulnerable.
fe0c7983abc6fcc874c2ddd78be53dfa71e11c82dac8f76ce5847d09a230d0cb
MIT krb5 Security Advisory 2006-002 - The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library. Third-party server applications written using the RPC library provided with MIT krb5 may also be vulnerable.
87d587621f057226f60e716dfd1abc4d65dbd81c11c4a1edfa9d38e13eb53dcf
MIT krb5 Security Advisory 2006-001 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation.
5db9ff2738fcd6d0a0ced2e2d5163d49ea87c62d41b14cf20dadce5116a9f956
MIT krb5 Security Advisory 2005-003 - The krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code.
c917c32c8bddc3aebae93248fef24b5a38190c1463b051a86386603d031bc95a
MIT krb5 Security Advisory 2005-002 - KDC is susceptible to a buffer overflow and to heap corruption.
8ff75e490e1fcbb8b37693e060305697d011a5db2eedf60375cc98a8368833ff
MIT krb5 Security Advisory 2004-003 - The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.
4b2109c29e9989e5e67ce71b02139a53fc2c13e5eaf4a2bf4e66424813fd07e9
MIT krb5 Security Advisory 2004-002 - The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable.
16ff257fddc0998a5f6da56ebbdf309102fbd3f56729020f8e56995d76035635
MIT krb5 Security Advisory 2004-001 - The krb5_aname_to_localname() library function contains multiple buffer overflows which could be exploited to gain unauthorized root access. Exploitation of these flaws requires an unusual combination of factors, including successful authentication to a vulnerable service and a non-default configuration on the target service.
7cfc54ec053d139beffb7bab5ac5297855b62e23eb7d90b6c494e5f59da7df6a
MIT KRB5 Security Advisory 2003-004 - A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals, effectively subverting a site's entire Kerberos authentication infrastructure. Patch available here.
14875456b3677930de7d85ef3e48af3770413f99659abe08abd2b0eb213b33a2
MIT krb5 Security Advisory 2003-001: Multiple vulnerabilities have been found in MIT Kerberos 5 releases prior to release 1.2.5. These vulnerabilities allow a remote user the ability to crash the KDC, a user authenticated in a remote realm may be able to claim to be other non-local users to an application server, and it may be possible for a user to gain access to the KDC system and database.
b4f8f659f09ba8c3ad8b82d31e826dd9864091b0a2158b838d6900b5c237cea2