Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.
5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9VMware Security Advisory 2011-0013 - Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.
bfa44b90a996832dc4d48ee3d88431651288c9f75d7f7f82d502411d95c5dce3Red Hat Security Advisory 2011-0880-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. Various other issues were also addressed.
23e57d99b78195d5d080dfd7d6831e809d977086b9839464c667dc791c8b7697VMware Security Advisory 2010-0016 - This patch updates the service console kernel to fix multiple security issues. Updates to the likewisekrb5, likewiseopenldap, likewiseopen, and pamkrb5 packages address several security issues.
07d894e6a7a9e88a8d84a552ceb2b2d8a971a3c2b551994cd04d95e15402b1ccVMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3.
d9f282f0d9f5fec35a2bbedbc199700f42e61ad6e7d07ff47128d015784fd210Ubuntu Security Notice 940-2 - USN-940-1 fixed vulnerabilities in Kerberos. This update provides the corresponding updates for Ubuntu 10.04. Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service.
3c8b93fd0edd6e58fca580bf1a44eb064495e54a3d68d843006bbfd410e691eaMandriva Linux Security Advisory 2010-130 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct this issue.
5a363510cc86fa88ee8aa14537b88ea5f742ae16d68959c2ce6346cb423c3ff1Mandriva Linux Security Advisory 2010-129 - The krshd and v4rcp applications in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. The ftpd and ksu programs in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct these issues.
1229d0c29790afa2ad1dd4aa3ac27bed53aaf20094ab9e3f74e7252954698b5dHP Security Bulletin - Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.
74962b06b4a33ce0a59c0eac814963277e24f8113b42042b84eecfd2ac0c3973Debian Linux Security Advisory 2052-1 - Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field.
6f3d78e03ea57964721893e934702126fc045a2b77d0bd036864e7d173302c72Ubuntu Security Notice 940-1 - It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service.
3a1b15d7feb5baa1e9ef51b23ea5560f739645a55f3ec4b92a3235d5043a3820Mandriva Linux Security Advisory 2010-100 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.
0f940ffa82adab2d23257ec3d063e5627e8a6ec0a43531f062da07e8bd98ce77MIT krb5 Security Advisory 2010-005 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. This is an implementation vulnerability in MIT krb5, and not a vulnerability in the Kerberos protocol.
cc1b8fffda0bffb0aa4a0713ccb004929b6f728de0eb2f7abea453bcbceb2996
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed