177 matches found
openSUSE Security Update : krb5 (krb5-740)
Clients sending negotiation requests with invalid flags could crash the kerberos server CVE-2009-0845. GSS-API clients could crash when reading from an invalid address space CVE-2009-0844. Invalid length checks could crash applications using the kerberos ASN.1 parser CVE-2009-0847. Under certain...
openSUSE Security Update : krb5 (krb5-740)
Clients sending negotiation requests with invalid flags could crash the kerberos server CVE-2009-0845. GSS-API clients could crash when reading from an invalid address space CVE-2009-0844. Invalid length checks could crash applications using the kerberos ASN.1 parser CVE-2009-0847. Under certain...
ESX Service Console update for krb5
a. Service Console package krb5 updateKerberos is a network authentication protocol. It is designed toprovide strong authentication for client/server applications byusing secret-key cryptography.An input validation flaw in the asn1decodegeneraltime function inMIT Kerberos 5 before 1.6.4 allows...
VMSA-2009-0008:ESX Service Console update for krb5
VMSA-2009-0008.2 ESX Service Console update for krb5 VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2009-0008.2 VMware Security Advisory Synopsis: ESX Service Console update for krb5 VMware Security Advisory Issue date: 2009-06-30 VMware Security Advisory Updated on: 2009-08-...
Fedora 10 : krb5-1.6.3-18.fc10 (2009-2852)
This update incorporates patches to fix potential read overflow and NULL pointer dereferences in the implementation of the SPNEGO GSSAPI mechanism CVE-2009-0844, CVE-2009-0845, attempts to free an uninitialized pointer during protocol parsing CVE-2009-0846, and a bug in length validation during...
RedHat Security Advisory RHSA-2009:0408
The remote host is missing updates announced in advisory RHSA-2009:0408. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center KDC. The Generic Security Service...
Debian Security Advisory DSA 1766-1 (krb5)
The remote host is missing an update to krb5 announced via advisory DSA 1766-1. OpenVAS Vulnerability Test $Id: deb17661.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1766-1 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Fedora Core 10 FEDORA-2009-2852 (krb5)
The remote host is missing an update to krb5 announced via advisory FEDORA-2009-2852. OpenVAS Vulnerability Test $Id: fcore20092852.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-2852 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...
Fedora Core 9 FEDORA-2009-2834 (krb5)
The remote host is missing an update to krb5 announced via advisory FEDORA-2009-2834. OpenVAS Vulnerability Test $Id: fcore20092834.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-2834 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...
SuSE Security Advisory SUSE-SA:2009:019 (krb5)
The remote host is missing updates announced in advisory SUSE-SA:2009:019. OpenVAS Vulnerability Test $Id: susesa2009019.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:019 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
CentOS Security Advisory CESA-2009:0408 (krb5)
The remote host is missing updates to krb5 announced in advisory CESA-2009:0408. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
Fedora Core 9 FEDORA-2009-2834 (krb5)
The remote host is missing an update to krb5 announced via advisory FEDORA-2009-2834. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
[SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA-1766-1 [email protected] http://www.debian.org/security/ Nico Golde April 9th, 2009 http://www.debian.org/security/faq -...
openSUSE 10 Security Update : krb5 (krb5-6139)
Clients sending negotiation requests with invalid flags could crash the kerberos server CVE-2009-0845. GSS-API clients could crash when reading from an invalid address space CVE-2009-0844. Invalid length checks could crash applications using the kerberos ASN.1 parser CVE-2009-0847. Under certain...
RHEL 5 : krb5 (RHSA-2009:0408)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:0408 advisory. - krb5: buffer over-read in SPNEGO GSS-API mechanism MITKRB5-SA-2009-001 CVE-2009-0844 - krb5: NULL pointer dereference in GSSAPI SPNEGO...
krb5 security update
1.6.1-31.el53.3 - update to revised patch for CVE-2009-0844/CVE-2009-0845 1.6.1-31.el53.2 - add fix for potential buffer read overrun in the SPNEGO GSSAPI mechanism 490635, CVE-2009-0844 - add fix for NULL pointer dereference when handling certain error cases in the SPNEGO GSSAPI mechanism 490635...
Mandrake Security Advisory MDVSA-2009:082 (krb5)
The remote host is missing an update to krb5 announced via advisory MDVSA-2009:082. OpenVAS Vulnerability Test $Id: mdksa2009082.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:082 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Mandrake Security Advisory MDVSA-2009:082 (krb5)
The remote host is missing an update to krb5 announced via advisory MDVSA-2009:082. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
[ MDVSA-2009:082 ] krb5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:082 http://www.mandriva.com/security/ Package : krb5 Date : March 30, 2009 Affected: 2008.0, 2008.1, 2009.0 Problem Description: The spnegogssacceptseccontext function in lib/gssapi/spnego/spnegomech.c in MI...
MIT Kerberos NegTokenInit令牌处理远程拒绝服务漏洞
BUGTRAQ ID: 34257 CVECAN ID: CVE-2009-0845 Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。 Kerberos 5的src/lib/gssapi/spnego/spnegomech.c文件中的spnegogssacceptseccontext 函数存在空指针引用错误,如果远程攻击者在认证过程中发送了带有特制ContextFlags标记的NegTokenInit令牌就可以触发这个漏洞,导致守护程序崩溃。 MIT Kerberos 5 1.6.3 厂商补...