Kerberos 5 < 1.3.5 Multiple Vulnerabilities

high Nessus Plugin ID 11512



It may be possible to execute arbitrary code on the remote Kerberos server.


The remote host is running Kerberos 5.

There are multiple flaws that affect this product. Make sure you are running the latest version with the latest patches.

Note that Nessus could not check for any of the flaws and solely relied on the presence of the service to issue an alert, so this might be a false positive.


Upgrade to Kerberos 5 (krb5) 1.3.5 or later.

See Also

Plugin Details

Severity: High

ID: 11512

File Name: kerberos5_issues.nasl

Version: 1.26

Type: remote

Family: Misc.

Published: 4/3/2003

Updated: 7/12/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 8/31/2004

Vulnerability Publication Date: 8/31/2004

Reference Information

CVE: CVE-2002-0036, CVE-2003-0059, CVE-2003-0060, CVE-2003-0072, CVE-2003-0082, CVE-2003-0138, CVE-2003-0139, CVE-2004-0642, CVE-2004-0643, CVE-2004-0644, CVE-2004-0772

BID: 6712, 6713, 6714, 7184, 7185, 11078, 11079

CWE: 119

RHSA: 2003:091-01