CentOS 8 : krb5 (CESA-2024:3268)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3268 advisory. - Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 - Kerberos 5 aka krb5 1.21.2 contains a memory leak...

OESA-2024-1441 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

OESA-2024-1443 libgsasl security update

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms. Security Fixes: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API...

SUSE: Security Advisory (SUSE-SU-2024:0539-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gssapi-Abuse - A Tool For Enumerating Potential Hosts That Are Open To GSSAPI Abuse Within Active Directory Networks

gssapi-abuse was released as part of my DEF CON 31 talk. A full write up on the abuse vector can be found here: A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks The tool has two features. The first is the ability to enumerate non Windows hosts that are joined to Active Directory that offer...

Oracle Linux 5 : openssh (ELSA-2007-0540)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0540 advisory. - fixed audit log injection problem CVE-2007-3102 248059 - fix an information leak in Kerberos password authentication CVE-2006-5052 234638 Tenable has...

A broken marriage. Abusing mixed vendor Kerberos stacks

My first DEF CON talk was nerve-racking but something I would definitely put myself through again. In hindsight I should have submitted a 45-minute talk as there were some elements missing from what I presented, based on additional research since submitting the CFP. With that in mind, and for tho...

AlmaLinux 8 : curl (ALSA-2023:4523)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4523 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2523)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.6 : samba (EulerOS-SA-2023-2434)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to...

Ubuntu: Security Advisory (USN-6169-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : samba (EulerOS-SA-2023-2168)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and...

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

EulerOS Virtualization 2.11.0 : samba (EulerOS-SA-2023-2128)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being...

Moderate: Red Hat Security Advisory: gssntlmssp security update

An update for gssntlmssp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: gssntlmssp security update

The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Security Fixes: gssntlmssp: multiple out-of-bounds read when decoding NTLM fields CVE-2023-25563 gssntlmssp: memory corruption when decoding UTF16 strings CVE-2023-25564 gssntlmssp: incorrect...

EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2023-1898)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The...

EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2023-1929)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The...

CBL Mariner 2.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-27536)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27536 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the...

QNAP QTS / QuTS hero Buffer Overflow Vulnerabilities in Samba (QSA-23-02)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-02 advisory. - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES...