Low: Red Hat Security Advisory: sssd security and bug fix update

Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

USN-1841-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS...

Design/Logic Flaw

Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inboundproxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication...

Authentication flaw

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain...

CVE-2010-0231

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain...

Microsoft SMB NTLM Authentication Lack of Entropy (MS10-012; CVE-2010-0231)

The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. An elevation of privilege vulnerability has been reported in the way that Microsoft Server Message Block SMB Protocol software handles authentication attempts. The vulnerability is due to a lack of...

Mandriva Update for mutt MDKSA-2007:113 (mutt)

Check for the Version of mutt OpenVAS Vulnerability Test Mandriva Update for mutt MDKSA-2007:113 mutt Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1

Ubuntu Update for Linux kernel vulnerabilities USN-528-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5281.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

MS04-007 Microsoft ASN.1 Library Bitstring Heap Overflow

This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. Windows...

McAfee e-Business Server无效数据长度拒绝服务漏洞

McAfee e-Business Server用于为存储和共享文档的企业和个人提供透明加密。 McAfee e-Business Server在处理畸形的认证请求时存在漏洞，远程攻击者可能利用此漏洞导致服务器崩溃。 如果攻击者在认证到McAfee e-Business Server期间发送了畸形认证报文的话就会导致服务器崩溃。收到报文后服务器会读取其长度，然后试图从缓冲区读取该长度的字节。如果攻击者能够指定很大的长度值但发送了很小的报文，就会导致服务器读取到所映射堆内存之外，触发无法处理的异常，管理服务器会崩溃。 0 McAfee E-Business Server 8.5.1.101...

CVE-2005-1543

Multiple stack-based and heap-based buffer overflows in Remote Management authentication zenrem32.exe on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via 1 unspecifie...

CVE-2004-1459

Cisco Secure Access Control Server ACS 3.2, when configured as a Light Extensible Authentication Protocol LEAP RADIUS proxy, allows remote attackers to cause a denial of service device crash via certain LEAP authentication requests...

CVE-2001-0375

Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests...

CVE-2001-0375

Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests...

KTH Kerberos 4 - Arbitrary Proxy Usage

source: https://www.securityfocus.com/bid/2090/info Kerberos is a widely used network service authentication system. The version of Kerberos developed and maintained by KTH Swedish Royal Institute of Technology contains a vulnerability that may allow/assist in a local or remote root compromise. K...

CVE-2000-0651

The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine...

Potential DoS Attack on RSA's ACE/Server

Hi folks, RSA Security http://www.rsasecurity.com/ produce a 2 factor secure authentication solution called ACE/Server. This uses SecurID tokens to enforce authentication and runs on NT/2000 and Solaris. It is possible for a nonprivileged user on the same network as the ACE/Server to trivially...

ColdFusion Server 2.03.x4.x - Administrator Login Password Denial of Service

ColdFusion Server 2.03.x4.x - Administrator Login Password Denial of Service source: https://www.securityfocus.com/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire...