Search for packages
| purl | pkg:deb/ubuntu/krb5@1.15-1ubuntu0.1 |
| Next non-vulnerable version | 1.17-6ubuntu4.1 |
| Latest non-vulnerable version | 1.17-6ubuntu4.1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1h5c-cqhe-aaak
Aliases: CVE-2018-5729 |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. |
Affected by 2 other vulnerabilities. |
|
VCID-apac-1qn7-aaaj
Aliases: CVE-2017-11462 |
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. |
Affected by 5 other vulnerabilities. |
|
VCID-auyb-cyjc-aaap
Aliases: CVE-2020-28196 |
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. |
Affected by 0 other vulnerabilities. |
|
VCID-r5je-12xj-aaac
Aliases: CVE-2018-5710 |
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client. |
Affected by 2 other vulnerabilities. |
|
VCID-sj56-jfqf-aaar
Aliases: CVE-2018-5730 |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. |
Affected by 2 other vulnerabilities. |
|
VCID-t627-mg9v-aaah
Aliases: CVE-2017-11368 |
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. |
Affected by 7 other vulnerabilities. |
|
VCID-uzwh-v7yj-aaak
Aliases: CVE-2017-15088 |
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat. |
Affected by 5 other vulnerabilities. |
|
VCID-z695-hub6-aaar
Aliases: CVE-2018-20217 |
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|