The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the rsyslog7-gssapi-7.4.10 package for the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely...

Mandriva Linux Security Advisory : krb5 (MDVSA-2015:069)

Multiple vulnerabilities has been discovered and corrected in krb5 : The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain...

Debian DLA-37-1 : krb5 security update

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI...

Oracle Linux 7 : krb5 (ELSA-2015-0439)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0439 advisory. - fix for CVE-2014-5352 1179856 'gssprocesscontexttoken incorrectly frees context MITKRB5-SA-2015-001' - fix for CVE-2014-9421 1179857 'kadmind doubly...

openssh security, bug fix and enhancement update

6.6.1p1-11 + 0.9.3-9 - fix direction in CRYPTOSESSION audit message 1171248 6.6.1p1-10 + 0.9.3-9 - add new option GSSAPIEnablek5users and disable using /.k5users by default CVE-2014-9278 1169843 6.6.1p1-9 + 0.9.3-9 - log via monitor in chroots without /dev/log 1083482 6.6.1p1-8 + 0.9.3-9 - increa...

krb5: denial of service flaws when handling padding length longer than the plaintext

A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application...

krb5: denial of service flaws when handling RFC 1964 tokens

A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application...

krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens

A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application...

Moderate: Red Hat Security Advisory: krb5 security, bug fix and enhancement update

Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Double free

The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to...

CVE-2014-5352

The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to...

DEBIAN-CVE-2014-5352

The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to...

CVE-2014-5352

The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to...

CVE-2014-5352

The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to...

CVE-2014-5352

The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to...

Oracle Solaris Third-Party Patch Update : kerberos (multiple_buffer_errors_vulnerabilities_in4)

The remote Solaris system is missing necessary patches to address security updates : - MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session. CVE-2014-4341 - M...

GLSA-201412-02 : nfs-utils: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201412-02 nfs-utils: Information disclosure rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication, allowing for data to be submitted to a malicious server without the...

nfs-utils: Information disclosure

Background nfs-utils contains the client and daemon implementations for the NFS protocol. Description rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication, allowing for data to be submitted to a malicious server without the knowledge ...

OracleVM 2.1 : krb5 (OVMSA-2009-0003)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-0844 The getinputtoken function in the SPNEGO implementation in MIT Kerberos 5 aka krb5 1.5 through 1.6.3 allows remote attackers to cause a denial of service daemon crash and possibly obtain...

OracleVM 3.3 : rsyslog (OVMSA-2014-0030)

The remote OracleVM system is missing necessary patches to address critical security updates : - use setsid to get a controlling session and process group Orabug: 17346261 Todd Vierling - fix CVE-2014-3634 resolves: 1149148 - drop patch 5 which introduced a regression resolves: 927405 reverts:...