201 matches found
CVE-2010-1321
The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...
Null pointer dereference
The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...
CVE-2010-1321
CVE-2010-1321 affects MIT Kerberos 5’s GSS-API library (krb5) in kg_accept_krb5/accept_sec_context.c. The flaw permits remote authenticated users to cause a denial of service via an AP-REQ with a missing authenticator checksum, triggering a NULL pointer dereference and daemon crash. Affected are ...
CVE-2010-1321
The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...
CVE-2010-1321
The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...
MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability
MIT Kerberos contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is in the GSS-API acceptor component due to lack of pointer validation. An authenticated, remote attacker could exploit the vulnerability by makin...
RHEL 3 / 4 / 5 : krb5 (RHSA-2010:0423)
Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
Important: Red Hat Security Advisory: krb5 security update
Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
CVE-2010-1321
The kgacceptkrb5 function in krb5/acceptseccontext.c in the GSS-API library in MIT Kerberos 5 aka krb5 through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of...
openSUSE Security Update : krb5 (krb5-2188)
MITKRB5-SA-2010-002: unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon kadmind to crash. CVE-2010-0628 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
CVE-2010-0628
The spnegogssacceptseccontext function in lib/gssapi/spnego/spnegomech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 aka krb5 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service assertion failure and daemon crash via an invalid packet that triggers...
CVE-2010-0628
The spnegogssacceptseccontext function in lib/gssapi/spnego/spnegomech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 aka krb5 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service assertion failure and daemon crash via an invalid packet that triggers...
CVE-2010-0628
The spnegogssacceptseccontext function in lib/gssapi/spnego/spnegomech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 aka krb5 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service assertion failure and daemon crash via an invalid packet that triggers...
CVE-2010-0628
The CVE-2010-0628 issue affects MIT Kerberos 5 SPNEGO GSS-API (spnego_mech.c) and is triggered when processing an invalid packet in the SPNEGO mechanism. Affects krb5 1.7.x before 1.7.2 and 1.8.x before 1.8.1, where the error token preparation can fail, causing an assertion failure and a daemon c...
CVE-2010-0628
The spnegogssacceptseccontext function in lib/gssapi/spnego/spnegomech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 aka krb5 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service assertion failure and daemon crash via an invalid packet that triggers...
USN-916-1: Kerberos vulnerabilities
Emmanuel Bouillon discovered that Kerberos did not correctly handle certain message types. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC to crash, leading to a denial of service. CVE-2010-0283 Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz...
krb5 -- multiple denial of service vulnerabilities
Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows: An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial ...
CentOS 5 : krb5 (CESA-2009:0408)
Updated krb5 packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authentica...
SuSE 10 Security Update : Kerberos (ZYPP Patch Number 6140)
Clients sending negotiation requests with invalid flags could crash the kerberos server. CVE-2009-0845 GSS-API clients could crash when reading from an invalid address space. CVE-2009-0844 Invalid length checks could crash applications using the kerberos ASN.1 parser. CVE-2009-0847 Under certain...
SuSE 11 Security Update : Kerberos (SAT Patch Number 738)
Clients sending negotiation requests with invalid flags could crash the kerberos server. CVE-2009-0845 GSS-API clients could crash when reading from an invalid address space. CVE-2009-0844 Invalid length checks could crash applications using the kerberos ASN.1 parser. CVE-2009-0847 Under certain...