Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.


Entered Topic
2023-08-14 krb5 -- Double-free in KDC TGS processing
2022-11-15 krb5 -- Integer overflow vulnerabilities in PAC parsing
2017-10-18 krb5 -- Multiple vulnerabilities
2015-05-28 krb5 -- requires_preauth bypass in PKINIT-enabled KDC
2015-02-12 krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
2015-02-04 krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
2013-06-03 krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]
2013-02-22 krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]
2011-12-14 krb5 -- KDC null pointer dereference in TGS handling
2011-04-14 krb5 -- MITKRB5-SA-2011-001, kpropd denial of service
krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end
krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled
krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]
2010-12-09 krb5 -- client impersonation vulnerability
krb5 -- multiple checksum handling vulnerabilities
krb5 -- multiple checksum handling vulnerabilities
krb5 -- RFC 3961 key-derivation checksum handling vulnerability
krb5 -- unkeyed PAC checksum handling vulnerability
2010-04-21 krb5 -- KDC double free vulnerability
2010-04-19 krb5 -- multiple denial of service vulnerabilities
2010-04-18 krb5 -- remote denial of service vulnerability
2004-12-21 krb5 -- heap buffer overflow vulnerability in libkadm5srv
2004-08-31 krb5 -- ASN.1 decoder denial-of-service vulnerability
krb5 -- double-free vulnerabilities