MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2009-002 MIT krb5 Security Advisory 2009-002 Original release: 2009-04-07 Last update: 2009-04-07 Topic: ASN.1 decoder frees uninitialized pointer CVE-2009-0846 ASN.1 GeneralizedTime decoder can free uninitialized pointer CVSSv2 Vector:...

RHEL 2.1 / 3 : krb5 (RHSA-2009:0410)

Updated krb5 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authentica...

RHEL 5 : krb5 (RHSA-2009:0408)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:0408 advisory. - krb5: buffer over-read in SPNEGO GSS-API mechanism MITKRB5-SA-2009-001 CVE-2009-0844 - krb5: NULL pointer dereference in GSSAPI SPNEGO...

Important: Red Hat Security Advisory: krb5 security update

Updated krb5 packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to...

krb5 security update

1.3.4-60.el47.2 - whoops, actually add the patches 1.3.4-60.el47.1 - add fix for attempt to free uninitialized pointer in the ASN.1 decoder 491835, CVE-2009-0846 - add fix for bug in length validation in the ASN.1 decoder CVE-2009-0847...

krb5 security update

1.2.7-70 - override $SHLIBEXPFLAGS at build-time to ensure that shared libraries don't include an RPATH internal tools 1.2.7-69 - add backported fix for attempt to free uninitialized pointer in the ASN.1 decoder 491834, CVE-2009-0846 - add backported fix for bug in length validation in the ASN.1...

SuSE Security Advisory SUSE-SA:2009:014 (acroread)

The remote host is missing updates announced in advisory SUSE-SA:2009:014. OpenVAS Vulnerability Test $Id: susesa2009014.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:014 acroread Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

openSUSE 10 Security Update : acroread (acroread-6120)

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. CVE-2009-0658, CVE-2009-0927, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062...

OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...

Critical: Red Hat Security Advisory: acroread security update

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team...

ffdshow URL link buffer overflow

Added: 03/25/2009 CVE: CVE-2008-5381 BID: 32438 OSVDB: 50064 Background ffdshow tryouts also known just as ffdshow is an audio and video decoder for Windows. Problem A buffer overflow vulnerability allows command execution when a user opens a media stream with a long, specially crafted URL link...

Ubuntu: Security Advisory (USN-582-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for firefox vulnerabilities USN-645-2

Ubuntu Update for Linux kernel vulnerabilities USN-645-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN6452.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-645-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Amaya Web Browser 11 (bdo tag) Remote Stack Overflow Exploit (vista)

No description provided by source. !/usr/bin/perl Amaya 11 bdo tag stack overflow author: Rob Carter [email protected] targets: windows vista sp1 modified the alpha-numeric shell-code from metasploit since the first 12 bytes didn't fall within the ASCII range of 0x01-0x7f. otherwise my payload...

Power System Of Article Management (DD/XSS) Vulnerabilities

No description provided by source. --------------------------------------------------------- Portal Name: Power System Of Article Management Version : 3.0 Author : PouyaServer , [email protected] Vulnerability : DD/XSS --------------------------------------------------------- DD:...

psoam-ddxss.txt

--------------------------------------------------------- Portal Name: Power System Of Article Management Version : 3.0 Author : PouyaServer , [email protected] Vulnerability : DD/XSS --------------------------------------------------------- DD:...

Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting

--------------------------------------------------------- Portal Name: Power System Of Article Management Version : 3.0 Author : PouyaServer , [email protected] Vulnerability : DD/XSS --------------------------------------------------------- DD:...

OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...

Java Runtime UTF-8 Decoder Smuggling Vector

Due to misconfiguration of mailing lists, it was just pointed out this is already public. Apologies to those vendors who have not reacted to Sun's announcements of December 2nd in a timely manner; Mitre ID: CVE-2008-2938 Initial title: Java Runtime UTF-8 Decoding Flaw Actual title: Java Runtime...

Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes)

Linux/x86 - execve + ROT-7 Shellcode Encoder/Decoder 74 bytes. Shellcode exploit for Linuxx86 platform / ROT-7 Decoder Shellcode - Linux Intel/x86 Author: Stavros Metzidakis / a Python ROT-7 encoder for shellcode execve-stack...