HP Security Bulletin HPSBOV02682 SSRT100495 - Potential vulnerabilities have been identified with HP OpenVMS running Kerberos. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or execution of arbitrary code, or by a remote unauthorized user to modify data, prompts, or responses. Revision 1 of this advisory.
deba330be58344603284826e84811bfbbfe925a41948fff53b13f556755e818bGentoo Linux Security Advisory GLSA 200803-31 - Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply. Versions less than 1.6.3-r1 are affected.
687a1a18cfdf1045b45102f44dfce14c62dc95331cc6d0cad7c2e5ba130147aeMandriva Linux Security Advisory - Multiple memory management flaws, a Kerberos v4 protocol packet handling issue, and various other vulnerabilities relating to krb5 are addressed in this advisory.
fc277ea7c60148b444544fab9d8240618ecf77044de176d49396dda8e3ea9193Mandriva Linux Security Advisory - Multiple memory management flaws, a Kerberos v4 protocol packet handling issue, and various other vulnerabilities relating to krb5 are addressed in this advisory.
b9c93daed1f0633ea2aa214260c2d51bcb53b668537703dd134574d341ceca5fSUSE Security Announcement - The krb5 package has had multiple vulnerabilities patched including a dangling pointer issue, information leak, and out-of-bound array access flaws.
641290856b73f8cae8089c8e9a9bcb87e4f0611a4e29b4a75606297f548bcb1aUbuntu Security Notice 587-1 - It was discovered that krb5 did not correctly handle certain krb4 requests. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted traffic, which could expose sensitive information, cause a crash, or execute arbitrary code. A flaw was discovered in the kadmind service's handling of file descriptors. An unauthenticated remote attacker could send specially crafted requests that would cause a crash, resulting in a denial of service. Only systems with configurations allowing large numbers of open file descriptors were vulnerable.
f581e0285978dd62620e1c1de9af49877199e38b031752dc37bb3caa92216ba6Debian Security Advisory 1524-1 - Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network.
2089da61308ecd2ec71dd5f2215b34867dcf996866146c13d6afde09cafa6931MIT krb5 Security Advisory 2008-002 - Two bugs in the RPC library server code, used in the kadmin server, causes an array overrun if too many file descriptors are opened. Memory corruption can result.
babea146a2709b824d53e705a51818ddc0eafaabe79184f098c7bcaae51bc824
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed