CVE-2025-3576

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...

PT-2025-16295

Name of the Vulnerable Software and Affected Versions: MIT Kerberos affected versions not specified Description: The issue concerns a weakness in the MD5 checksum design, allowing GSSAPI-protected messages that use RC4-HMAC-MD5 to be spoofed. If RC4 is preferred over more robust encryption types,...

Security update for openssh

This update for openssh fixes the following issues: CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server bsc1237041. Other bugfixes: Fix ssh client segfault with GSSAPIKeyExchange=yes i...

SUSE-SU-2025:20160-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server bsc1237041. Other bugfixes: - Fix ssh client segfault with...

Linux Distros Unpatched Vulnerability : CVE-2023-25563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding...

Linux Distros Unpatched Vulnerability : CVE-2011-5000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to...

OPENSUSE-SU-2024:0351-1 Security update for python-mysql-connector-python

This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 boo1231740, CVE-2024-21272 - WL16452: Bundle all installable authentication plugins when building the C-extension - WL16444: Drop build support for DEB packages - WL16442: Upgrade gssapi version to 1.8.3 -...

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2024-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow...

SUSE CVE-2024-37371

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

Oracle Linux 8 : krb5 (ELSA-2024-3268)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3268 advisory. 1.18.2-27.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-27 - Fix memory leak in GSSAPI interface Resolves: RHEL-27250 - Fix...

krb5 security update

1.18.2-27.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-27 - Fix memory leak in GSSAPI interface Resolves: RHEL-27250 - Fix memory leak in PMAP RPC interface Resolves: RHEL-27244 - Make TCP waiting time configurable Resolves: RHEL-17131...

CentOS 8 : krb5 (CESA-2024:3268)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3268 advisory. - Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 - Kerberos 5 aka krb5 1.21.2 contains a memory leak...

OESA-2024-1443 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

OESA-2024-1441 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

SUSE: Security Advisory (SUSE-SU-2024:0539-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gssapi-Abuse - A Tool For Enumerating Potential Hosts That Are Open To GSSAPI Abuse Within Active Directory Networks

gssapi-abuse was released as part of my DEF CON 31 talk. A full write up on the abuse vector can be found here: A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks The tool has two features. The first is the ability to enumerate non Windows hosts that are joined to Active Directory that offer...

Oracle Linux 5 : openssh (ELSA-2007-0540)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0540 advisory. - fixed audit log injection problem CVE-2007-3102 248059 - fix an information leak in Kerberos password authentication CVE-2006-5052 234638 Tenable has...

A broken marriage. Abusing mixed vendor Kerberos stacks

My first DEF CON talk was nerve-racking but something I would definitely put myself through again. In hindsight I should have submitted a 45-minute talk as there were some elements missing from what I presented, based on additional research since submitting the CFP. With that in mind, and for tho...

AlmaLinux 8 : curl (ALSA-2023:4523)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4523 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2523)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...