Debian Security Advisory DSA 3000-1 (krb5 - security update)

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI...

DSA-3000-1 krb5 - security update

Bulletin has no description...

Fedora 20 : krb5-1.11.5-10.fc20 (2014-8189)

This update incorporates backported upstream fixes for potential crashes caused by attempts to process malformed GSSAPI messages CVE-2014-4341, CVE-2014-4342. It also incorporates fexes for a possible double-free CVE-2014-4343 and a possible NULL pointer dereference CVE-2014-4344 in GSSAPI client...

Fedora 19 : krb5-1.11.3-24.fc19 (2014-8176)

This update incorporates backported upstream fixes for potential crashes caused by attempts to process malformed GSSAPI messages CVE-2014-4341, CVE-2014-4342. It also incorporates fexes for a possible double-free CVE-2014-4343 and a possible NULL pointer dereference CVE-2014-4344 in GSSAPI client...

CVE-2014-4341

MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session...

DEBIAN-CVE-2014-4342

MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...

CVE-2014-4342

MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...

CVE-2014-4342

MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...

Design/Logic Flaw

MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session...

Null pointer dereference

MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...

CVE-2014-4342

MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...

CVE-2014-4341

MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session...

CVE-2014-4341

MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session...

CVE-2014-4341

MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session...

Novell NetMail <= 3.52d - IMAP AUTHENTICATE Buffer Overflow

No description provided by source. $Id: novellnetmailauth.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

openSUSE Security Update : curl (openSUSE-SU-2012:0199-1)

This update of curl disables GSSAPI to workaround CVE-2011-2192 bnc698796. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update curl-5737. The text description of this plugin is C SUSE LLC...

CVE-2014-0132

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind...

CVE-2014-0132

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind...

389 Directory Server SASL/GSSAPI验证绕过漏洞

Bugtraq ID:66235 CVE ID:CVE-2014-0132 389 Directory Server的前身是Fedora Directory Server，是一个企业级的Linux目录服务器。 当指定"authzid"参数时389 Directory Server不正确处理SASL/GSSAPI验证，允许远程攻击者利用漏洞使用其他用户目录。 0 389 Directory Server formerly known as Fedora Directory Server 1.3.1.20 389 Directory Server formerly known as Fedo...

Oracle Linux 6 : 389-ds-base (ELSA-2014-0292)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0292 advisory. 1.2.11.15-32 - Resolves: bug 1074847 - EMBARGOED CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation rhel-6.5.z Ticket...