Ubuntu USN-828-1 (pam)

The remote host is missing an update to pam announced via advisory USN-828-1. OpenVAS Vulnerability Test $Id: ubuntu8281.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu8281.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-828-1 pam Authors: Thomas Reinke...

[SECURITY] Fedora 10 Update: pam_krb5-2.3.5-1.fc10

This is pamkrb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV ticke ts. The included pamkrb5afs module also gets AFS tokens if so configured...

DEBIAN-CVE-2009-1273

pamssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...

Fedora Update for pam_krb5 FEDORA-2008-8618

Check for the Version of pamkrb5 OpenVAS Vulnerability Test Fedora Update for pamkrb5 FEDORA-2008-8618 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

DEBIAN-CVE-2009-0360

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...

Retrospect Backup Server < 7.6 Authentication Module Password Hash Disclosure (ESA-08-009)

Binary data 4607.prm...

Retrospect Backup Server Authentication Module Password Hash Weakness (ESA-08-009)

According to its version number, the Authentication Module in the Retrospect Backup Server installed on the remote host uses a weak hash algorithm to hash a user's password, which could allow a remote attacker to gain control of a client's machine. C Tenable Network Security, Inc...

CVE-2006-0736

CVE-2006-0736 is a stack-based buffer overflow in the pam_micasa PAM authentication module of CASA, affecting Novell Linux Desktop 9 and Open Enterprise Server 1. The vulnerability allows remote code execution and could grant root access, via remote vectors. The SUSE advisory SUSE-SA:2006:010 con...

Update Protection against A Format String Vulnerability in mod_auth_pgsql for Apache

A vulnerability exists in multiple versions of an authentication module modauthpgsql for Apache httpd. To exploit this vulnerability, a user can supply specially crafted information to trigger a flaw in certain logging functions of the module. Successful exploitation could result in the execution...

Debian DSA-785-1 : libpam-ldap - authentication bypass

It has been discovered that libpam-ldap, the Pluggable Authentication Module allowing LDAP interfaces, ignores the result of an attempt to authenticate against an LDAP server that does not set an optional data field. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 785-1 [email protected] http://www.debian.org/security/ Martin Schulze August 25th, 2005 http://www.debian.org/security/faq -...

GLSA-200506-02 : Mailutils: SQL Injection

The remote host is affected by the vulnerability described in GLSA-200506-02 Mailutils: SQL Injection When GNU Mailutils is built with the 'mysql' or 'postgres' USE flag, the sqlescapestring function of the authentication module fails to properly escape the '' character, rendering it vulnerable t...

Mailutils: SQL Injection

Background GNU Mailutils is a collection of mail-related utilities. Description When GNU Mailutils is built with the "mysql" or "postgres" USE flag, the sqlescapestring function of the authentication module fails to properly escape the "" character, rendering it vulnerable to a SQL command...

CVE-2005-1824

The sqlescapestring function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "" backslash character, which is used as an escape character and makes the module vulnerable to SQL injection attacks...

CVE-2005-1824

The sqlescapestring function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "" backslash character, which is used as an escape character and makes the module vulnerable to SQL injection attacks...

CVE-2001-1459

OpenSSH

CVE-2001-1459

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module PAM session if commands are executed with no pty, which allows local users to bypass resource limits rlimits set in pam.d...

[Full-Disclosure] Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows

Security Advisory Advisory: ADLAB-04002Jabberd2.x remote Buffer Overflows Authors: [email protected] Class: Boundary Condition Error CVE:CAN-2004-0953 Remote: Yes, could allow remote compromise Vulnerable: Jabberd 2. Unvulnerable: Jabberd 1.4 Vendor: http://jabberd.jabberstudio.org/ I.INFO:...

CVE-2003-0982

Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password...

Cisco ACNS contains buffer overflow vulnerability in the authentication module when supplied an overly long password

Overview Cisco Application and Content Networking Software ACNS contains a buffer overflow that may enable an attacker to execute arbitrary code on the affected device. Description Cisco ACNS Software "...combines demand-pull caching and pre-positioning for accelerated delivery of web application...