MiracleLinux 4 : sssd-1.12.4-47.AXS4.4 (AXSA:2015-557:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-557:03 advisory. Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a...

MiracleLinux 7 : sssd-1.13.0-40.el7 (AXSA:2015-829:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-829:03 advisory. Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a...

MGASA-2022-0468 Updated heimdal packages fix security vulnerability

Isaac Boukris reported that the Heimdal KDC before 7.7.1 does not apply delegationnotallowed aka not-delegated user attributes for S4U2Self. Instead the forwardable flag is set even if the impersonated client has the not-delegated flag set. CVE-2019-14870 Joseph Sutton discovered that the Heimdal...

CLSA-2022-1670874026 krb5: Fix of CVE-2022-42898

CVE-2022-42898: Fix integer overflows in PAC parsing - A test-suite was enabled...

ALPINE-CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result cou...

samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result cou...

samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result cou...

samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result cou...

CentOS 7 : sssd (CESA-2017:3379)

An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Virtuozzo 7 : ctdb / ctdb-tests / libsmbclient / etc (VZLSA-2017-1265)

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

samba: Flaws in Kerberos PAC validation can trigger privilege elevation

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

ALPINE-CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

DEBIAN-CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...

libsmbclient, samba security update

CentOS Errata and Security Advisory CESA-2017:0662 An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 samba security, bug fixes and enhancement update

An update for samba is now available for Red Hat Gluster Storage 3.2 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

samba: Flaws in Kerberos PAC validation can trigger privilege elevation

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

samba: Flaws in Kerberos PAC validation can trigger privilege elevation

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

samba: Flaws in Kerberos PAC validation can trigger privilege elevation

A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...

Samba 4.3.x < 4.3.13 / 4.4.x < 4.4.8 / 4.5.x < 4.5.3 Multiple Vulnerabilities

Binary data 9857.prm...

UBUNTU-CVE-2016-2126

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the...