Vendor Dictionary: MIT

MIT

Short Name:	[None Entered]
Previous Names:	[None Entered]
URL:	[None Entered]
Email:	[None Entered]
Security URL:	[None Entered]
Security Email:	[None Entered]
Knowledge Base:	[None Entered]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

MIT

MIT

Kerberos: 4.0 patch 10; OSVDB ID: 4875 MIT Kerberos 4/5 e_msg Variable kerb_err_reply Function Remote Overflow; krb5-1.0.x; OSVDB ID: 4875 MIT Kerberos 4/5 e_msg Variable kerb_err_reply Function Remote Overflow; krb5-1.1; OSVDB ID: 4875 MIT Kerberos 4/5 e_msg Variable kerb_err_reply Function Remote Overflow; krb5-1.1.1; OSVDB ID: 4875 MIT Kerberos 4/5 e_msg Variable kerb_err_reply Function Remote Overflow; 5-1.3.1; OSVDB ID: 9409 MIT Kerberos 5 krb524d Double-free Error Condition Code Execution; OSVDB ID: 9408 MIT Kerberos 5 krb524d krb5_rd_cred() Arbitrary Code Execution; 1.3.3; OSVDB ID: 9406 MIT Kerberos 5 ASN.1 Decoder DoS; 5.0; OSVDB ID: 84635 MIT Kerberos Key Distribution Center (KDC) Ticket-Granting Ticket (TGT) Spoofing Authentication Bypass; 4.0 patch 10; OSVDB ID: 84635 MIT Kerberos Key Distribution Center (KDC) Ticket-Granting Ticket (TGT) Spoofing Authentication Bypass

Kerneros 5: 5.0 -1.0.x; OSVDB ID: 4890 KTH Kerberos 4 Ticket File Symlink Arbitrary File Overwrite

krb5: 1.2.2; OSVDB ID: 809 Multiple BSD Telnet telrcv Functin Remote Command Execution; 1.7; OSVDB ID: 61423 MIT Kerberos 5 Key Distribution Center (KDC) Cross-Realm Referral kdc/do_tgs_req.c prep_reprocess_req Function Ticket Request Remote DoS

Kerberos 5 Applications: 1.0.1; OSVDB ID: 73617 MIT Kerberos 5 Applications GSS-API FTP Daemon EGID Privilege Matching Restriction Bypass

Kerberos FTP: Unknown or Unspecified; OSVDB ID: 4898 Multiple Vendors FTP Client Pipe Character Arbitrary Code Execution

Kerberos 4: 1.0; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; 1.1; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; 4.0; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; OSVDB ID: 4880 MIT Kerberos 4 Key Server Session Key Masquerade; OSVDB ID: 4890 KTH Kerberos 4 Ticket File Symlink Arbitrary File Overwrite; 4.0 patch 10; OSVDB ID: 4884 MIT Kerberos 5 krb425_conv_principal Function Remote Overflow; OSVDB ID: 4890 KTH Kerberos 4 Ticket File Symlink Arbitrary File Overwrite; Patch 10 and below; OSVDB ID: 4886 MIT Kerberos 4 Key Distribution Center (KDC) AUTH_MSG_KDC_REQUEST DoS

Kerberos 5: 1.0; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; 1.0.6; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; 1.1; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; 1.1.1; OSVDB ID: 4896 MIT Kerberos 5 ASN.1 Decoder Heap Corruption DoS; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; 1.2; OSVDB ID: 4896 MIT Kerberos 5 ASN.1 Decoder Heap Corruption DoS; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; 1.2.1; OSVDB ID: 4896 MIT Kerberos 5 ASN.1 Decoder Heap Corruption DoS; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; OSVDB ID: 4890 KTH Kerberos 4 Ticket File Symlink Arbitrary File Overwrite; 1.2.2; OSVDB ID: 4896 MIT Kerberos 5 ASN.1 Decoder Heap Corruption DoS; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; 1.2.3; OSVDB ID: 4896 MIT Kerberos 5 ASN.1 Decoder Heap Corruption DoS; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; 1.2.4; OSVDB ID: 4896 MIT Kerberos 5 ASN.1 Decoder Heap Corruption DoS; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; OSVDB ID: 4879 MIT Kerberos 5 Key Distribution Center Format String Logging; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; 1.2.5; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; 1.2.6; OSVDB ID: 4870 Multiple Kerberos Compatibility Administration Daemon Overflow; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; 5.0 -1.0.x; OSVDB ID: 4876 MIT Kerberos 5 krshd Overflow; 5.0 -1.1.1; OSVDB ID: 4885 MIT Kerberos 5 GSSFTP FTP Command Restriction Issue; OSVDB ID: 4876 MIT Kerberos 5 krshd Overflow; OSVDB ID: 4890 KTH Kerberos 4 Ticket File Symlink Arbitrary File Overwrite; 5.0-1.0.x; OSVDB ID: 4884 MIT Kerberos 5 krb425_conv_principal Function Remote Overflow; 5.0-1.1.1; OSVDB ID: 4884 MIT Kerberos 5 krb425_conv_principal Function Remote Overflow; 5.0 -1.1; OSVDB ID: 4885 MIT Kerberos 5 GSSFTP FTP Command Restriction Issue; OSVDB ID: 4890 KTH Kerberos 4 Ticket File Symlink Arbitrary File Overwrite; 5.0 -1.2beta1; OSVDB ID: 4885 MIT Kerberos 5 GSSFTP FTP Command Restriction Issue; OSVDB ID: 4890 KTH Kerberos 4 Ticket File Symlink Arbitrary File Overwrite; 5.0 -1.2beta2; OSVDB ID: 4885 MIT Kerberos 5 GSSFTP FTP Command Restriction Issue; OSVDB ID: 4890 KTH Kerberos 4 Ticket File Symlink Arbitrary File Overwrite; 1.0.5; OSVDB ID: 4894 MIT Kerberos 5 KRB_CONF Elevated Privilege; 1.0.x; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; 1.1.x; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; 1.2.7; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; 1.3-alpha1; OSVDB ID: 4901 MIT Kerberos 5 Key Distribution Center (KDC) Array Overrun DoS; <1.2.7; 1.3.3; OSVDB ID: 6846 MIT Kerberos 5 krb5_aname_to_localname() Buffer Overflow; 1.3.4; OSVDB ID: 9406 MIT Kerberos 5 ASN.1 Decoder DoS; OSVDB ID: 9407 MIT Kerberos 5 Double-free Error Condition Code Execution; OSVDB ID: 11117 MIT Kerberos 5 send-pr.sh Symlink Arbitrary File Manipulation; 1.2.x; OSVDB ID: 9406 MIT Kerberos 5 ASN.1 Decoder DoS; 1.3.0; OSVDB ID: 9406 MIT Kerberos 5 ASN.1 Decoder DoS; 1.3.1; OSVDB ID: 9406 MIT Kerberos 5 ASN.1 Decoder DoS; 1.3.2; OSVDB ID: 9406 MIT Kerberos 5 ASN.1 Decoder DoS; 1.4.3; OSVDB ID: 27869 MIT Kerberos 5 krshd setuid() Local Privilege Escalation; OSVDB ID: 27870 MIT Kerberos 5 v4rcp setuid() Local Privilege Escalation; OSVDB ID: 27871 MIT Kerberos 5 ftpd seteuid() Local Privilege Escalation; OSVDB ID: 27872 MIT Kerberos 5 ksu seteuid() Local Privilege Escalation; 1.4.4; OSVDB ID: 27869 MIT Kerberos 5 krshd setuid() Local Privilege Escalation; OSVDB ID: 27870 MIT Kerberos 5 v4rcp setuid() Local Privilege Escalation; OSVDB ID: 27871 MIT Kerberos 5 ftpd seteuid() Local Privilege Escalation; OSVDB ID: 27872 MIT Kerberos 5 ksu seteuid() Local Privilege Escalation; 1.5; OSVDB ID: 27869 MIT Kerberos 5 krshd setuid() Local Privilege Escalation; OSVDB ID: 27870 MIT Kerberos 5 v4rcp setuid() Local Privilege Escalation; OSVDB ID: 27871 MIT Kerberos 5 ftpd seteuid() Local Privilege Escalation; OSVDB ID: 27872 MIT Kerberos 5 ksu seteuid() Local Privilege Escalation; 1.5.1; OSVDB ID: 27869 MIT Kerberos 5 krshd setuid() Local Privilege Escalation; OSVDB ID: 27870 MIT Kerberos 5 v4rcp setuid() Local Privilege Escalation; OSVDB ID: 27871 MIT Kerberos 5 ftpd seteuid() Local Privilege Escalation; OSVDB ID: 27872 MIT Kerberos 5 ksu seteuid() Local Privilege Escalation; &lt;1.2.7; OSVDB ID: 4902 MIT Kerberos 5 Key Distribution Center Heap Corruption DoS; 1.7; OSVDB ID: 69607 MIT Kerberos 5 Key Distribution Center (KDC) TGS Request TGT Credentials Inner Request KrbFastReq Forgery Issue; OSVDB ID: 71183 MIT Kerberos 5 Key Distribution Center (KDC) src/kdc/do_as_req.c prepare_error_as() Function AS-REQ Request Double-free Arbitrary Code Execution; OSVDB ID: 70907 MIT Kerberos 5 kpropd do_standalone() Function Unspecified DoS; 1.8; OSVDB ID: 69608 MIT Kerberos 5 (krb5) RC4 Key-derivation Checksums One-byte Stream-cipher Operation Signature Forgery Issue; OSVDB ID: 68525 MIT Kerberos 5 Key Distribution Center (KDC) kdc_authdata.c merge_authdata Function TGS Request Remote DoS; OSVDB ID: 71183 MIT Kerberos 5 Key Distribution Center (KDC) src/kdc/do_as_req.c prepare_error_as() Function AS-REQ Request Double-free Arbitrary Code Execution; OSVDB ID: 84424 MIT Kerberos 5 src/kdc/kdc_util.c kdc_handle_protected_negotiation() Function Checksum Creation Key Type Verification AS-REQ Parsing Remote Code Execution; OSVDB ID: 76659 MIT Kerberos 5 Key Distribution Center (KDC) Multiple Lockout Function Assertation Weakness Remote DoS; OSVDB ID: 76661 MIT Kerberos 5 Key Distribution Center (KDC) lookup_lockout_policy() Function NULL Pointer Dereference Remote DoS; 1.8.1; OSVDB ID: 69608 MIT Kerberos 5 (krb5) RC4 Key-derivation Checksums One-byte Stream-cipher Operation Signature Forgery Issue; OSVDB ID: 69609 MIT Kerberos 5 (krb5) Checksum Acceptability Weakness RC4 Key GSS Token Forgery Issue; OSVDB ID: 68525 MIT Kerberos 5 Key Distribution Center (KDC) kdc_authdata.c merge_authdata Function TGS Request Remote DoS; OSVDB ID: 69610 MIT Kerberos 5 Checksum Acceptability Weakness KDC / KRB-SAFE Message Forgery Issue; 1.8.2; OSVDB ID: 69608 MIT Kerberos 5 (krb5) RC4 Key-derivation Checksums One-byte Stream-cipher Operation Signature Forgery Issue; OSVDB ID: 69609 MIT Kerberos 5 (krb5) Checksum Acceptability Weakness RC4 Key GSS Token Forgery Issue; OSVDB ID: 68525 MIT Kerberos 5 Key Distribution Center (KDC) kdc_authdata.c merge_authdata Function TGS Request Remote DoS; OSVDB ID: 69610 MIT Kerberos 5 Checksum Acceptability Weakness KDC / KRB-SAFE Message Forgery Issue; 1.8.3; OSVDB ID: 69608 MIT Kerberos 5 (krb5) RC4 Key-derivation Checksums One-byte Stream-cipher Operation Signature Forgery Issue; OSVDB ID: 69609 MIT Kerberos 5 (krb5) Checksum Acceptability Weakness RC4 Key GSS Token Forgery Issue; OSVDB ID: 68525 MIT Kerberos 5 Key Distribution Center (KDC) kdc_authdata.c merge_authdata Function TGS Request Remote DoS; OSVDB ID: 69610 MIT Kerberos 5 Checksum Acceptability Weakness KDC / KRB-SAFE Message Forgery Issue; 1.7.x; OSVDB ID: 69609 MIT Kerberos 5 (krb5) Checksum Acceptability Weakness RC4 Key GSS Token Forgery Issue; 1.8.0; OSVDB ID: 69609 MIT Kerberos 5 (krb5) Checksum Acceptability Weakness RC4 Key GSS Token Forgery Issue; OSVDB ID: 69610 MIT Kerberos 5 Checksum Acceptability Weakness KDC / KRB-SAFE Message Forgery Issue; 1.3.x; OSVDB ID: 69610 MIT Kerberos 5 Checksum Acceptability Weakness KDC / KRB-SAFE Message Forgery Issue; 1.4.x; OSVDB ID: 69610 MIT Kerberos 5 Checksum Acceptability Weakness KDC / KRB-SAFE Message Forgery Issue; 1.5.x; OSVDB ID: 69610 MIT Kerberos 5 Checksum Acceptability Weakness KDC / KRB-SAFE Message Forgery Issue; 1.6.x; OSVDB ID: 69610 MIT Kerberos 5 Checksum Acceptability Weakness KDC / KRB-SAFE Message Forgery Issue; 1.7.x; OSVDB ID: 69610 MIT Kerberos 5 Checksum Acceptability Weakness KDC / KRB-SAFE Message Forgery Issue; OSVDB ID: 70908 MIT Kerberos 5 Key Distribution Center (KDC) LDAP Backend Unparse Implementation DoS; OSVDB ID: 70909 MIT Kerberos 5 Key Distribution Center (KDC) LDAP Backend Principal Name Handling DoS; 1.8; OSVDB ID: 70907 MIT Kerberos 5 kpropd do_standalone() Function Unspecified DoS; 1.9; OSVDB ID: 71183 MIT Kerberos 5 Key Distribution Center (KDC) src/kdc/do_as_req.c prepare_error_as() Function AS-REQ Request Double-free Arbitrary Code Execution; OSVDB ID: 70907 MIT Kerberos 5 kpropd do_standalone() Function Unspecified DoS; 1.6.x; OSVDB ID: 70908 MIT Kerberos 5 Key Distribution Center (KDC) LDAP Backend Unparse Implementation DoS; OSVDB ID: 70909 MIT Kerberos 5 Key Distribution Center (KDC) LDAP Backend Principal Name Handling DoS; 1.8.x; OSVDB ID: 70908 MIT Kerberos 5 Key Distribution Center (KDC) LDAP Backend Unparse Implementation DoS; OSVDB ID: 70909 MIT Kerberos 5 Key Distribution Center (KDC) LDAP Backend Principal Name Handling DoS; 1.9; OSVDB ID: 70908 MIT Kerberos 5 Key Distribution Center (KDC) LDAP Backend Unparse Implementation DoS; OSVDB ID: 70909 MIT Kerberos 5 Key Distribution Center (KDC) LDAP Backend Principal Name Handling DoS; 1.9; OSVDB ID: 70910 MIT Kerberos 5 Key Distribution Center (KDC) Unspecified DoS; OSVDB ID: 76659 MIT Kerberos 5 Key Distribution Center (KDC) Multiple Lockout Function Assertation Weakness Remote DoS; OSVDB ID: 76661 MIT Kerberos 5 Key Distribution Center (KDC) lookup_lockout_policy() Function NULL Pointer Dereference Remote DoS; 1.10.1; OSVDB ID: 82650 MIT Kerberos 5 src/lib/kadm5/srv/svr_principal.c check_1_6_dummy() Function Create-Principal Request Parsing NULL Pointer Dereference Remote DoS; OSVDB ID: 82816 MIT Kerberos 5 kadmin Protocol Implementation server/server_stubs.c Global List Privilege Remote String Attribute Manipulation; 1.10.1; 1.10; OSVDB ID: 84423 MIT Kerberos 5 src/kdc/do_as_req.c finish_process_as_req() Function AS-REQ Parsing Remote Memory Corruption; OSVDB ID: 82816 MIT Kerberos 5 kadmin Protocol Implementation server/server_stubs.c Global List Privilege Remote String Attribute Manipulation; 1.10; 1.8; krb5-1.9 branch; OSVDB ID: 77572 MIT Kerberos 5 src/kdc/do_tgs_req.c process_tgs_req() Function TGS Request Parsing Remote DoS; krb5-1.9; OSVDB ID: 76660 MIT Kerberos 5 Key Distribution Center (KDC) krb5_ldap_get_principal() Function NULL Pointer Dereference Remote DoS; OSVDB ID: 71789 MIT Kerberos 5 kadmind Unspecified Packet Handling Remote DoS; 1.8.4; OSVDB ID: 76659 MIT Kerberos 5 Key Distribution Center (KDC) Multiple Lockout Function Assertation Weakness Remote DoS; OSVDB ID: 76661 MIT Kerberos 5 Key Distribution Center (KDC) lookup_lockout_policy() Function NULL Pointer Dereference Remote DoS; 1.8.3; OSVDB ID: 76659 MIT Kerberos 5 Key Distribution Center (KDC) Multiple Lockout Function Assertation Weakness Remote DoS; OSVDB ID: 76661 MIT Kerberos 5 Key Distribution Center (KDC) lookup_lockout_policy() Function NULL Pointer Dereference Remote DoS; 1.8.2; OSVDB ID: 76659 MIT Kerberos 5 Key Distribution Center (KDC) Multiple Lockout Function Assertation Weakness Remote DoS; OSVDB ID: 76661 MIT Kerberos 5 Key Distribution Center (KDC) lookup_lockout_policy() Function NULL Pointer Dereference Remote DoS; 1.8.1; OSVDB ID: 76659 MIT Kerberos 5 Key Distribution Center (KDC) Multiple Lockout Function Assertation Weakness Remote DoS; OSVDB ID: 76661 MIT Kerberos 5 Key Distribution Center (KDC) lookup_lockout_policy() Function NULL Pointer Dereference Remote DoS; 1.9.1; OSVDB ID: 76659 MIT Kerberos 5 Key Distribution Center (KDC) Multiple Lockout Function Assertation Weakness Remote DoS; OSVDB ID: 76661 MIT Kerberos 5 Key Distribution Center (KDC) lookup_lockout_policy() Function NULL Pointer Dereference Remote DoS; krb5-1.7; OSVDB ID: 71789 MIT Kerberos 5 kadmind Unspecified Packet Handling Remote DoS; 1.7.x; OSVDB ID: 90609 MIT Kerberos 5 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c pkinit_check_kdc_pkid() Function NULL Pointer Dereference Crafted Packet Parsing Remote DoS; 1.8.x; OSVDB ID: 90609 MIT Kerberos 5 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c pkinit_check_kdc_pkid() Function NULL Pointer Dereference Crafted Packet Parsing Remote DoS; 1.9.x; OSVDB ID: 90609 MIT Kerberos 5 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c pkinit_check_kdc_pkid() Function NULL Pointer Dereference Crafted Packet Parsing Remote DoS; 1.10.3; OSVDB ID: 90609 MIT Kerberos 5 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c pkinit_check_kdc_pkid() Function NULL Pointer Dereference Crafted Packet Parsing Remote DoS; 1.11; OSVDB ID: 90609 MIT Kerberos 5 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c pkinit_check_kdc_pkid() Function NULL Pointer Dereference Crafted Packet Parsing Remote DoS; 1.10.3; OSVDB ID: 90895 MIT Kerberos 5 Key Distribution Center (KDC) plugins/preauth/pkinit/pkinit_srv.c pkinit_server_return_padata Function Crafted Draft 9 Request Remote DoS; 1.7; OSVDB ID: 92540 MIT Kerberos 5 src/kdc/do_tgs_req prep_reprocess_req() Function Crafted Request Handling NULL Pointer Dereference Remote DoS; 1.10.4; OSVDB ID: 92540 MIT Kerberos 5 src/kdc/do_tgs_req prep_reprocess_req() Function Crafted Request Handling NULL Pointer Dereference Remote DoS; 1.11.2; OSVDB ID: 93240 MIT Kerberos 5 kpasswd Service Spoofed Packet Remote DoS

cgiemail: 1.6; OSVDB ID: 650 cgiemail cgicso Arbitrary Command Execution; OSVDB ID: 3955 cgiemail Open E-Mail Relay; OSVDB ID: 11631 CGIEmail cgisco.c query Parameter Remote Overflow; OSVDB ID: 651 CGIEmail cgisco query Parameter XSS

Kerberos 5: 1.6.3; OSVDB ID: 90609 MIT Kerberos 5 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c pkinit_check_kdc_pkid() Function NULL Pointer Dereference Crafted Packet Parsing Remote DoS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.