DEBIAN-CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

UBUNTU-CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

Authentication flaw

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

CVE-2013-1923 concerns rpc-gssd in nfs-utils before 1.2.8, which performs reverse DNS resolution during GSSAPI authentication. This DNS spoofing could let an attacker read files that should be restricted by spoofing server names. The vulnerability is tied to the nfs-utils RPC GSSD component and i...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

Amazon Linux AMI : openssh (ALAS-2012-99)

A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon sshd use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default...

Oracle Linux 4 : krb5 (ELSA-2008-0180)

From Red Hat Security Advisory 2008:0180 : Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system whi...

Oracle Linux 5 : krb5 (ELSA-2009-0408)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0408 advisory. - update to revised patch for CVE-2009-0844/CVE-2009-0845 - add fix for potential buffer read overrun in the SPNEGO GSSAPI mechanism 490635,...

Oracle Linux 5 / 6 : elinks (ELSA-2013-0250)

The remote Oracle Linux 5 / 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2013-0250 advisory. 0.12-0.21.pre5 - do not delegate GSSAPI credentials CVE-2012-4545 Tenable has extracted the preceding description block directly from the Oracle Linux...

CentOS 4 : openssh (CESA-2007:0703)

Updated openssh packages that fix two security issues and various bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. These packages include the core files...

CentOS 4 : openssh (CESA-2005:527)

Updated openssh packages that fix a security issue, bugs, and add support for recording login user IDs for audit are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure...

MGASA-2013-0178 Updated nfs-utils packages fix security vulnerability

It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication. Because of this, if a user where able to poison DNS to a victim's computer, they would be able to trick rpc.gssd into talking to another server perhaps with le...

CentOS Update for elinks CESA-2013:0250 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : elinks on SL5.x, SL6.x i386/x86_64 (20130211)

It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. CVE-2012-4545 %NASLMINLEVEL...

elinks security update

0.12-0.21.pre5 - do not delegate GSSAPI credentials CVE-2012-4545...

SuSE 11.1 Security Update : openssh (SAT Patch Number 6672)

This collective security update of openssh fixes multiple security issues : - memory exhaustion in gssapi due to integer overflow. bnc756370, CVE-2011-5000 - forced command option information leak bnc744643, CVE-2012-0814 Additionally, the following bug has been fixed : - server-side delay upon...