exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 40 of 40 RSS Feed

Files

MIT krb5 Security Advisory 2009-001
Posted Apr 7, 2009
Site web.mit.edu

MIT krb5 Security Advisory 2009-001 - The MIT krb5 implementation of the SPNEGO GSS-API mechanism can read beyond the end of a network input buffer. This can cause a GSS-API application to crash by reading from invalid address space. The MIT krb5 implementation of the SPNEGO GSS-API mechanism can dereference a null pointer under error conditions. This can cause a GSS-API application to crash. MIT krb5 can perform an incorrect length check inside an ASN.1 decoder. This only presents a problem in the PK-INIT code paths. In the MIT krb5 KDC or kinit program, this could lead to spurious malloc() failures or, under some conditions, program crash.

tags | advisory
advisories | CVE-2009-0844, CVE-2009-0845, CVE-2009-0847
SHA-256 | 583a1d16957cdf1f031324b91889dc97c740b74cc3658c16852a8bfb19d26197

Related Files

MITKRB5-SA-2007-003.txt
Posted Apr 5, 2007
Site web.mit.edu

MIT krb5 Security Advisory 2007-003 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a double-free attack in the RPCSEC_GSS authentication flavor of the RPC library, which itself results from a bug in the GSS-API library. Under some error conditions, the krb5 GSS-API mechanism can free a buffer which an application may then free again. This may result in arbitrary code execution. Third-party applications using the GSS-API library provided with MIT krb5 may also be vulnerable. Exploitation of double-free bugs is believed to be difficult. This is a bug in the GSS-API library included with MIT krb5, which is used by kadmind and by some third-party applications. It is not a bug in the Kerberos protocol.

tags | advisory, arbitrary, code execution, protocol
advisories | CVE-2007-1216
SHA-256 | f291c6c286ffbc83b72ebf4adc2f6466780b590111a25542252892793da975a8
MITKRB5-SA-2007-002.txt
Posted Apr 5, 2007
Site web.mit.edu

MIT krb5 Security Advisory 2007-002 - The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. Exploitation of this vulnerability is probably simple. This is a vulnerability in the the kadm5 library, which is used by the KDC and kadmind, and possibly by some third-party applications. It is not a bug in the MIT krb5 protocol libraries or in the Kerberos protocol.

tags | advisory, protocol
advisories | CVE-2007-0957
SHA-256 | 245649e1ac34647dc9b3ba7ed654bd1c43c69789f15fc8639c40e411278935ec
MITKRB5-SA-2007-001.txt
Posted Apr 5, 2007
Site web.mit.edu

MIT krb5 Security Advisory 2007-001 - The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary user, when presented with a specially crafted username. Exploitation of this vulnerability is trivial.

tags | advisory, arbitrary
advisories | CVE-2007-0956
SHA-256 | e64c4495781023e309efa33945e4e58ff3e675128fbcd57e8f499a2e7933eeda
MITKRB5-SA-2006-003.txt
Posted Jan 13, 2007
Site web.mit.edu

MIT krb5 Security Advisory 2006-003 - The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution. This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation. Third-party applications written using the GSS-API may also be vulnerable.

tags | advisory, arbitrary, code execution
advisories | CVE-2006-6144
SHA-256 | fe0c7983abc6fcc874c2ddd78be53dfa71e11c82dac8f76ce5847d09a230d0cb
MITKRB5-SA-2006-002.txt
Posted Jan 13, 2007
Site web.mit.edu

MIT krb5 Security Advisory 2006-002 - The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library. Third-party server applications written using the RPC library provided with MIT krb5 may also be vulnerable.

tags | advisory, arbitrary
advisories | CVE-2006-6143
SHA-256 | 87d587621f057226f60e716dfd1abc4d65dbd81c11c4a1edfa9d38e13eb53dcf
MITKRB-SA-2006-001.txt
Posted Aug 18, 2006
Site web.mit.edu

MIT krb5 Security Advisory 2006-001 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation.

tags | advisory, local, vulnerability
advisories | CVE-2006-3083, CVE-2006-3084
SHA-256 | 5db9ff2738fcd6d0a0ced2e2d5163d49ea87c62d41b14cf20dadce5116a9f956
MITKRB5-SA-2005-003.txt
Posted Jul 13, 2005
Site web.mit.edu

MIT krb5 Security Advisory 2005-003 - The krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2005-1689
SHA-256 | c917c32c8bddc3aebae93248fef24b5a38190c1463b051a86386603d031bc95a
MITKRB5-SA-2005-002.txt
Posted Jul 13, 2005
Site web.mit.edu

MIT krb5 Security Advisory 2005-002 - KDC is susceptible to a buffer overflow and to heap corruption.

tags | advisory, overflow
advisories | CVE-2005-1174, CVE-2005-1175
SHA-256 | 8ff75e490e1fcbb8b37693e060305697d011a5db2eedf60375cc98a8368833ff
MITKRB5-SA-2005-001-telnet.txt
Posted Mar 29, 2005
Site web.mit.edu

MIT krb5's supplied telnet client is vulnerable to buffer overflows in the functions slc_add_reply() and env_opt_add(). These can be exploited by a malicious server to which the client is trying to connect.

tags | advisory, overflow
advisories | CVE-2005-0468
SHA-256 | e4c1476ad7afba11079985f9690f65b19a9f0750826a16ff4f4d3bf05f3d8da9
libkadm5srv.txt
Posted Dec 31, 2004
Site web.mit.edu

MIT krb5 Security Advisory 2004-004 - The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host.

tags | advisory, overflow, arbitrary
advisories | CVE-2004-1189
SHA-256 | 8afcac7cf93898ab1d3d2e0f2225c4a3929f21722ddcc457450e59dffa3526d6
mit-2004-003.txt
Posted Sep 8, 2004
Site web.mit.edu

MIT krb5 Security Advisory 2004-003 - The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.

tags | advisory
SHA-256 | 4b2109c29e9989e5e67ce71b02139a53fc2c13e5eaf4a2bf4e66424813fd07e9
mit-2004-002.txt
Posted Sep 8, 2004
Site web.mit.edu

MIT krb5 Security Advisory 2004-002 - The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2004-0642, CVE-2004-0772, CVE-2004-0643
SHA-256 | 16ff257fddc0998a5f6da56ebbdf309102fbd3f56729020f8e56995d76035635
MITKRB5-SA-2004-001.txt
Posted Jun 2, 2004
Authored by Christopher Nebergall, Nico Williams

MIT krb5 Security Advisory 2004-001 - The krb5_aname_to_localname() library function contains multiple buffer overflows which could be exploited to gain unauthorized root access. Exploitation of these flaws requires an unusual combination of factors, including successful authentication to a vulnerable service and a non-default configuration on the target service.

tags | advisory, overflow, root
SHA-256 | 7cfc54ec053d139beffb7bab5ac5297855b62e23eb7d90b6c494e5f59da7df6a
MITKRB5-SA-2003-004-krb4.txt
Posted Mar 18, 2003
Site web.mit.edu

MIT KRB5 Security Advisory 2003-004 - A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals, effectively subverting a site's entire Kerberos authentication infrastructure. Patch available here.

tags | advisory, protocol
SHA-256 | 14875456b3677930de7d85ef3e48af3770413f99659abe08abd2b0eb213b33a2
MITKRB5-SA-2003-001-multiple.txt
Posted Feb 4, 2003
Site web.mit.edu

MIT krb5 Security Advisory 2003-001: Multiple vulnerabilities have been found in MIT Kerberos 5 releases prior to release 1.2.5. These vulnerabilities allow a remote user the ability to crash the KDC, a user authenticated in a remote realm may be able to claim to be other non-local users to an application server, and it may be possible for a user to gain access to the KDC system and database.

tags | advisory, remote, local, vulnerability
SHA-256 | b4f8f659f09ba8c3ad8b82d31e826dd9864091b0a2158b838d6900b5c237cea2
Page 2 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close