VMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues.
f098818652aa3effa44d42e138d658b7a0d4635486d171c6267c1242f5e9088eGentoo Linux Security Advisory GLSA 200803-31 - Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply. Versions less than 1.6.3-r1 are affected.
687a1a18cfdf1045b45102f44dfce14c62dc95331cc6d0cad7c2e5ba130147aeMandriva Linux Security Advisory - A Kerberos v4 protocol packet handling issue relating to krb5 has been addressed in this advisory.
d0d2d944f37fbb2dbfe27231c0f06ae886e00dccec1c69b4b521628db6b650f4Mandriva Linux Security Advisory - Multiple memory management flaws, a Kerberos v4 protocol packet handling issue, and various other vulnerabilities relating to krb5 are addressed in this advisory.
fc277ea7c60148b444544fab9d8240618ecf77044de176d49396dda8e3ea9193Mandriva Linux Security Advisory - Multiple memory management flaws, a Kerberos v4 protocol packet handling issue, and various other vulnerabilities relating to krb5 are addressed in this advisory.
b9c93daed1f0633ea2aa214260c2d51bcb53b668537703dd134574d341ceca5fSUSE Security Announcement - The krb5 package has had multiple vulnerabilities patched including a dangling pointer issue, information leak, and out-of-bound array access flaws.
641290856b73f8cae8089c8e9a9bcb87e4f0611a4e29b4a75606297f548bcb1aUbuntu Security Notice 587-1 - It was discovered that krb5 did not correctly handle certain krb4 requests. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted traffic, which could expose sensitive information, cause a crash, or execute arbitrary code. A flaw was discovered in the kadmind service's handling of file descriptors. An unauthenticated remote attacker could send specially crafted requests that would cause a crash, resulting in a denial of service. Only systems with configurations allowing large numbers of open file descriptors were vulnerable.
f581e0285978dd62620e1c1de9af49877199e38b031752dc37bb3caa92216ba6Debian Security Advisory 1524-1 - Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network.
2089da61308ecd2ec71dd5f2215b34867dcf996866146c13d6afde09cafa6931
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed