CRITICAL9.8CVE-2017-15088plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which… from 0, < 1.15.2-2
CRITICAL9.8CVE-2017-11462Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion… from 0, < 1.15.2-1
CRITICAL9.8krb5 - multiple vulnerabilities
from 0, < 1.6.dfsg.3~beta1-4
CRITICAL9.8krb5 - multiple vulnerabilities
from 0, < 1.3.6-2sarge6
CRITICAL9.8Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbit…
from 0, < 1.3.6-4
CRITICAL9.8Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to exe…
from 0, < 1.3.4-3
CRITICAL9.8acm - integer overflow
from 0, < 1.2.4-5woody1
CRITICAL9.8acm - integer overflow
from 0, < 1.2.5-2
CRITICAL9.1In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message…
from 0, < 1.18.3-6+deb11u5
HIGH8.8krb5 - security update
from 0, < 1.18.3-6+deb11u3
HIGH8.8krb5 - security update
from 0, < 1.18.3-6+deb11u3
HIGH8.8krb5 - security update
from 0, < 1.17-3+deb10u5
HIGH7.5krb5 - security update
from 0, < 1.18.3-6+deb11u5
HIGH7.5krb5 - security update
from 0, < 1.18.3-6+deb11u5
HIGH7.5Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
from 0
HIGH7.5krb5 - security update
from 0, < 1.17-3+deb10u2
HIGH7.5krb5 - security update
from 0, < 1.18.3-6
HIGH7.5krb5 - security update
from 0, < 1.15-1+deb9u2
HIGH7.5krb5 - security update
from 0, < 1.17-3+deb10u1
HIGH7.5krb5 - security update
from 0, < 1.18.3-1
HIGH7.5An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16.
from 0
HIGH7.5The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (ak…
from 0, < 1.13.2+dfsg-5
HIGH7.5The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error m…
from 0, < 1.6.dfsg.3~beta1-4
HIGH7.1krb5 - security update
from 0, < 1.18.3-6+deb11u6
HIGH7.1krb5 - security update
from 0, < 1.18.3-6+deb11u6
MEDIUM6.5krb5 - security update
from 0, < 1.17-3+deb10u6
MEDIUM6.5krb5 - security update
from 0, < 1.18.3-6+deb11u4
MEDIUM6.5The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc…
from 0, < 1.18.3-6+deb11u1
MEDIUM6.5An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16.
from 0, < 1.16.1-1
MEDIUM6.5krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u8
MEDIUM6.5krb5 - security update
from 0, < 1.15.1-2
MEDIUM6.5The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x be…
from 0, < 1.14.3+dfsg-1
MEDIUM6.5Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow…
from 0, < 1.13.2+dfsg-5
MEDIUM6.5krb5 - denial of service
from 0, < 1.7+dfsg-1
MEDIUM6.5krb5 - denial of service
from 0, < 1.6.dfsg.4~beta1-5lenny3
MEDIUM6.3MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to…
from 0, < 1.8.3+dfsg-3
MEDIUM5.9In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_acce…
from 0
MEDIUM5.9In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a syste…
from 0
MEDIUM5.9krb5 - security update
from 0, < 1.18.3-6+deb11u7
MEDIUM5.9krb5 - security update
from 0, < 1.18.3-6+deb11u7
MEDIUM5.5Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
from 0, < 1.20.1-2+deb12u3
MEDIUM5.3Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
from 0
MEDIUM5.3krb5 - security update
from 0, < 1.15-1+deb9u3
MEDIUM5.3krb5 - security update
from 0, < 1.12.1+dfsg-19+deb8u5
MEDIUM5.3krb5 - security update
from 0, < 1.16.2-1
MEDIUM5.3The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb…
from 0, < 1.14.2+dfsg-1
MEDIUM5.3krb5 - security update
from 0, < 1.13.2+dfsg-5
MEDIUM5.3krb5 - security update
from 0, < 1.8.3+dfsg-4squeeze11
MEDIUM5.3krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u7
MEDIUM5.0An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.
from 0
MEDIUM4.7MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of se…
from 0, < 1.16.1-1
LOW3.8MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN cont…
from 0, < 1.16.1-1
LOW3.7MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remot…
from 0, < 1.8.3+dfsg-3
LOW3.7krb5 - checksum verification weakness
from 0, < 1.6.dfsg.4~beta1-5lenny6
LOW3.7krb5 - checksum verification weakness
from 0, < 1.8.3+dfsg-3
—The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly…
from 0, < 1.13.2+dfsg-4
—krb5 - security update
from 0, < 1.13.2+dfsg-3
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u6
—lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers…
from 0, < 1.13.2+dfsg-3
—krb5 - security update
from 0, < 1.8.3+dfsg-4squeeze10
—krb5 - security update
from 0, < 1.13.2+dfsg-3
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u4
—The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has be…
from 0, < 1.12.1+dfsg-20
—MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '…
from 0, < 1.12.1+dfsg-18
—The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.…
from 0, < 1.12.1+dfsg-17
—The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.…
from 0, < 1.12.1+dfsg-17
—The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and…
from 0, < 1.12.1+dfsg-17
—krb5 - security update
from 0, < 1.8.3+dfsg-4squeeze9
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u3
—krb5 - security update
from 0, < 1.12.1+dfsg-17
—plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows…
from 0, < 1.12.1+dfsg-16
—The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.…
from 0, < 1.12.1+dfsg-16
—The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys…
from 0, < 1.12.1+dfsg-10
—Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmi…
from 0, < 1.12.1+dfsg-7
—The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x befor…
from 0, < 1.12.1+dfsg-5
—Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (a…
from 0, < 1.12.1+dfsg-5
—MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL…
from 0, < 1.12.1+dfsg-4
—krb5 - security update
from 0, < 1.12.1+dfsg-4
—krb5 - security update
from 0, < 1.8.3+dfsg-4squeeze8
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u2
—do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is us…
from 0, < 1.11.3+dfsg-3+nmu1
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u9
—krb5 - security update
from 0, < 1.11.3+dfsg-3+nmu1
—krb5 - denial of service
from 0, < 1.10.1+dfsg-6
—krb5 - denial of service
from 0, < 1.8.3+dfsg-4squeeze7
—The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not pr…
from 0, < 1.10.1+dfsg-5
—The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution C…
from 0, < 1.10.1+dfsg-4
—The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center…
from 0, < 1.10.1+dfsg-4+nmu1
—The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5,…
from 0, < 1.10.1+dfsg-2
—krb5 - denial of service
from 0, < 1.10.1+dfsg-2
—krb5 - denial of service
from 0, < 1.8.3+dfsg-4squeeze6
—The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.…
from 0, < 1.10.1+dfsg-3
—server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict acce…
from 0, < 1.10.1+dfsg-1
—krb5 - buffer overflow
from 0, < 1.8+dfsg~aa+r23527-1
—krb5 - buffer overflow
from 0, < 1.6.dfsg.4~beta1-5lenny7
—The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows rem…
from 0, < 1.10+dfsg~alpha1-7
—The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka…
from 0, < 1.10+dfsg~alpha1-1
—The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.…
from 0, < 1.10+dfsg~alpha1-1
—krb5 - several
from 0, < 1.10+dfsg~alpha1-1
—krb5 - several
from 0, < 1.8.3+dfsg-4squeeze5
—The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, al…
from 0, < 1.10+dfsg~alpha1-1
—The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9…
from 0, < 1.9.1+dfsg-1
—Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5)…
from 0, < 1.8.3+dfsg-6
—The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to…
from 0, < 1.8.3+dfsg-5
—The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is use…
from 0, < 1.8.3+dfsg-5
—The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalo…
from 0, < 1.8.3+dfsg-5
—The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS r…
from 0, < 1.8+dfsg~alpha1-1
—The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not…
from 0, < 1.8.3+dfsg-2
—krb5 - denial of service
from 0, < 1.8.1+dfsg-3
—krb5 - denial of service
from 0, < 1.6.dfsg.4~beta1-5lenny4
—Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 al…
from 0, < 1.8.1+dfsg-2
—The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka kr…
from 0, < 1.8+dfsg-1.1
—The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial o…
from 0, < 1.8+dfsg~alpha1-7
—krb5 - denial of service
from 0, < 1.4.4-7etch8
—krb5 - denial of service
from 0, < 1.8+dfsg~alpha1-1
—The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT…
from 0, < 1.7+dfsg-4
—The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause…
from 0, < 1.6.dfsg.4~beta1-13
—The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) befo…
from 0, < 1.6.dfsg.4~beta1-13
—krb5 - several vulnerabilities
from 0, < 1.4.4-7etch7
—krb5 - several vulnerabilities
from 0, < 1.6.dfsg.4~beta1-13
—The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO i…
from 0, < 1.6.dfsg.4~beta1-13
—Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably ot…
from 0, < 1.3-1
—Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to exec…
from 0, < 1.6.dfsg.3~beta1-4
—Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown…
from 0, < 1.6.dfsg.4~beta1-1
—The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certa…
from 0, < 1.6.dfsg.4~beta1-1
—Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and…
from 0, < 1.6.dfsg.4~beta1-1
—Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown…
from 0, < 1.6.dfsg.4~beta1-1
—Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to ha…
from 0, < 1.6.dfsg.4~beta1-1
—librpcsecgss
from 0, < 1.6.dfsg.1-7
—librpcsecgss - arbitrary code execution
from 0, < 1.4.4-7etch4
—The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (…
from 0, < 1.6.dfsg.1-7
—librpcsecgss - arbitrary code execution
from 0, < 1.6.dfsg.1-7
—Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earl…
from 0, < 1.6.dfsg.1-5
—krb5
from 0, < 1.3.6-2sarge5
—Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remo…
from 0, < 1.6.dfsg.1-5
—krb5
from 0, < 1.6.dfsg.1-5
—Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in M…
from 0, < 1.4.4-8
—krb5 - several vulnerabilities
from 0, < 1.3.6-2sarge4
—krb5 - several vulnerabilities
from 0, < 1.4.4-8
—Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind)…
from 0, < 1.4.4-8
—The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other produ…
from 0, < 1.4.4-6
—The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not…
from 0, < 1.4.3-9
—krb5 - programming error
from 0, < 1.4.3-9
—krb5 - programming error
from 0, < 1.3.6-2sarge3
—krb5 - buffer overflow, double-free memory
from 0, < 1.2.4-5woody10
—krb5 - buffer overflow, double-free memory
from 0, < 1.3.6-4
—Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause…
from 0, < 1.3.6-4
—Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive e…
from 0, < 1.8.3+dfsg-4
—heimdal - buffer overflow
from 0, < 1.3.6-2
—krb4 - buffer overflows
from 0, < 1.3.6-2
—krb4 - buffer overflows
from 0, < 1.2.4-5woody8
—The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allo…
from 0, < 1.13.2+dfsg-2
—krb5 - buffer overflow
from 0, < 1.2.4-5woody7
—krb5 - buffer overflow
from 0, < 1.3.6-1
—krb5 -- several vulnerabilities
from 0, < 1.3.4-3
—Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitra…
from 0, < 1.3.4-3
—The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a…
from 0, < 1.3.4-3
—krb5 -- several vulnerabilities
from 0, < 1.2.4-5woody6
—krb5 - buffer overflows
from 0, < 1.3.3-2
—krb5 - buffer overflows
from 0, < 1.2.4-5woody5
—The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of servic…
from 0, < 1.3.3-2
—The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of servic…
from 0, < 1.2.7-3
—glibc - integer overflow
from 0, < 1.2.4-5woody4
—glibc - integer overflow
from 0, < 1.3.3-2
—krb4 - Cryptographic weakness
from 0, < 1.2.7-3
—Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are us…
from 0, < 1.2.7-3
—MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KD…
from 0, < 1.2.5-1
—Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers…
from 0, < 1.2.4
—Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate…
from 0, < 1.2.5-1
—heimdal - buffer overflow
from 0, < 1.2.6-2
—heimdal - buffer overflow
from 0, < 1.2.4-5woody3