MGASA-2013-0178 Updated nfs-utils packages fix security vulnerability

It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication. Because of this, if a user where able to poison DNS to a victim's computer, they would be able to trick rpc.gssd into talking to another server perhaps with le...

CVE-2012-4545

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...

Slackware: Security Advisory (SSA:2006-272-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20120620)

OpenSSH is OpenBSD's Secure Shell SSH protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the...

Scientific Linux Security Update : openssh on SL5.x

Problem description : A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. CVE-2007-3102 A flaw was found in the way the OpenSSH...

Scientific Linux Security Update : openssh on SL4.x i386/x86_64

A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. CVE-2007-3102 A flaw was found in the way the OpenSSH server processes GSSAPI...

CentOS 6 : openssh (CESA-2012:0884)

Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which...

openssh: post-authentication resource exhaustion bug via GSSAPI

The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service memory consumption via a large value in a certain length field. NOTE: there may be limited scenarios in which...

Low: Red Hat Security Advisory: openssh security, bug fix, and enhancement update

Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which...

Mandriva Linux Security Advisory : curl (MDVSA-2011:116)

A vulnerability was discovered and corrected in curl : The Curlinputnegotiate function in httpnegotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients vi...

CVE-2011-2192

The Curlinputnegotiate function in httpnegotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests...

CVE-2011-2192

The Curlinputnegotiate function in httpnegotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests...

CVE-2011-2192

The Curlinputnegotiate function in httpnegotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests...

CVE-2011-2192

CVE-2011-2192 affects libcurl 7.10.6–7.21.6 (used by curl and related products): the Curl_input_negotiate function unconditionally delegates GSSAPI credentials during authentication, enabling a remote server to impersonate the client via GSSAPI. Evidence in connected docs shows MiracleLinux advis...

[SECURITY] [DSA 2271-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2271-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano July 02, 2011 http://www.debian.org/security/faq -...

[USN-1158-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1158-1 June 24, 2011 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

Ubuntu: Security Advisory (USN-1158-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-2192

The Curlinputnegotiate function in httpnegotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests...

SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184)

Several security problems were fixed in OpenSSH : - A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. CVE-2006-4924 - If a remote attacker is able to inject network traffic this could be used to cause a client...

RHEL 4 : openssh (RHSA-2007:0703)

Updated openssh packages that fix two security issues and various bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. These packages include the core files...