CVE-2017-7327

Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll...

Debian DSA-3395-1 : krb5 - security update

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-2695 It was discovered that applications which call gssinquirecontext on a partially-established SPNEGO context can...

Debian DLA-340-1 : krb5 security update

CVE-2015-2695 It was discovered that applications which call gssinquirecontext on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2697 It was discovered that the buildprincipalva function...

MGASA-2015-0436 Updated krb5 packages fix security vulnerabilities

Updated krb5 packages fix security vulnerabilities: In MIT krb5 1.5 and later, applications which call gssinquirecontext on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. This bug may go unnotice...

CVE-2006-6144

The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon kadmind and other products that use this library, allows remote attackers to cause a denial of service crash via unspecified vectors that cause mechglue to free...

flukso4r Gem for Ruby /lib/flukso/R.rb任意命令执行漏洞

flukso4r Gem for Ruby是一款Flukso API库。 flukso4r Gem for Ruby /lib/flukso/R.rb不正确过滤用户提交的输入，允许远程攻击者利用漏洞提交特意输入，并以应用程序上下文执行。 0 flukso4r Gem for Ruby 0.3.8 目前没有详细解决方案提供： http://rubygems.org/gems/flukso4r...

Scientific Linux Security Update : krb5 on SL4.x, SL5.x i386/x86_64

An input validation flaw was found in the ASN.1 Abstract Syntax Notation One decoder used by MIT Kerberos. A remote attacker could use this flaw to crash a network service using the MIT Kerberos library, such as kadmind or krb5kdc, by causing it to dereference or free an uninitialized pointer...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7440)

IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other...

SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4024)

IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other...

Fedora 11 : krb5-1.6.3-31.fc11 (2010-8796)

Shawn Emery discovered a remotely-triggerable NULL pointer dereference in the Kerberos GSS-API library which could be used to cause GSS-API-authenticated services to crash. This update incorporates fixes to instead correctly detect the error and return an error code. Note that Tenable Network...

CVE-2010-1321

The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...

CVE-2010-1321

CVE-2010-1321 affects MIT Kerberos 5’s GSS-API library (krb5) in kg_accept_krb5/accept_sec_context.c. The flaw permits remote authenticated users to cause a denial of service via an AP-REQ with a missing authenticator checksum, triggering a NULL pointer dereference and daemon crash. Affected are ...

CVE-2010-1321

The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...

CVE-2010-1321

The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...

MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2009-001 MIT krb5 Security Advisory 2009-001 Original release: 2009-04-07 Last update: 2009-04-07 Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder CVE-2009-0844 SPNEGO implementation can read beyond buffer end CVSSv2 Vector:...

CVE-2007-1216

Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...

CVE-2007-1216

Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...

CVE-2007-1216

Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...

MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-003 Original release: 2007-04-03 Last update: 2007-04-03 Topic: double-free vulnerability in kadmind via GSS-API library Severity: CRITICAL CVE: CVE-2007-1216 CERT: VU419344 SUMMARY ======= The MIT krb5 Kerberos...