Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Kerberos5 Multiple Integer Underflow Vulnerabilities

Information

Severity

Severity

Critical

Family

Family

Buffer overflow

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

3 years ago

Summary

This host is installed with Kerberos5 and is prone to multiple Integer Underflow vulnerability.

Insight

Insight

Multiple Integer Underflow due to errors within the 'AES' and 'RC4' decryption functionality in the crypto library in MIT Kerberos when processing ciphertext with a length that is too short to be valid.

Affected Software

Affected Software

kerberos5 version 1.3 to 1.6.3, and 1.7

Solution

Solution

Apply the patch mentioned in the advisories below. ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Common Vulnerabilities and Exposures (CVE)