201 matches found
CVE-2007-1216
Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...
Double free
Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...
CVE-2007-1216
CVE-2007-1216 is a double-free vulnerability in the MIT Kerberos 5 GSS-API library (libgssapi/krb5/k5unseal.c) used by kadmind, exploitable when the RPCSEC_GSS authentication method is involved. It affects MIT krb5 prior to version 1.6.1, enabling remote authenticated users to execute arbitrary c...
CVE-2007-1216
Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...
CVE-2007-1216
Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...
MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-003 Original release: 2007-04-03 Last update: 2007-04-03 Topic: double-free vulnerability in kadmind via GSS-API library Severity: CRITICAL CVE: CVE-2007-1216 CERT: VU419344 SUMMARY ======= The MIT krb5 Kerberos...
US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-093B MIT Kerberos Vulnerabilities Original release date: April 03, 2007 Last revised: -- Source: US-CERT Systems Affected MIT Kerberos Other products based on the GSS-API or the RPC...
MIT Kerberos 5 GSS-API library double-free vulnerability
Overview The GSS-API library provided with MIT krb5 contains a vulnerability that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability in the way the GSS-API library provided with MIT krb5 handles messages with an invalid...
SUSE-SA:2007:004: krb5
The remote host is missing the patch for the advisory SUSE-SA:2007:004 krb5. Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute code in kadmind. - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an...
CVE-2006-6144
CVE-2006-6144 concerns the GSS-API mechglue in MIT Kerberos 5. The vulnerability affects Kerberos 5 implementations using the mechglue abstraction (Kerberos 5 up to 1.5.1, as used by kadmind and other products that rely on the GSS-API library). The issue is that a remote attacker can trigger a de...
CVE-2006-6144
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon kadmind and other products that use this library, allows remote attackers to cause a denial of service crash via unspecified vectors that cause mechglue to free...
Kerberos administration daemon may free uninitialized pointers
Overview A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code. Description The MIT krb 5 administration daemon...
MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2006-003 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind via GSS-API mechglue frees uninitialized pointers Severity: CRITICAL CVE: CVE-2006-6144 CERT: VU831452 SUMMARY ======= The Kerberos administration...
GSS-API library / MIT Kerberos kadmind (uninitialized pointer free)
free of unallocated memory pointer in mechglue GSS API layer...
CVE-2006-6144
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon kadmind and other products that use this library, allows remote attackers to cause a denial of service crash via unspecified vectors that cause mechglue to free...
CVE-2006-6144
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon kadmind and other products that use this library, allows remote attackers to cause a denial of service crash via unspecified vectors that cause mechglue to free...
CVE-2005-1124
Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API...
Solaris GSS API privilege escalation
Ralative part is used to load library...
[SA14971] Solaris Unspecified Generic Security Services Library Vulnerability
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Solaris Unspecified Generic Security Services Library...
CVE-2005-1124
CVE-2005-1124 affects Solaris 7–9 where the libgss Generic Security Services Library is vulnerable. The issue allows local users to gain privileges by loading their own GSS-API, with partial impact to confidentiality, integrity, and availability (per CVSS). The exploitation status and concrete fi...