EUVD-2010-0314

Malware in sbrugna...

EUVD-2012-1053

Malware in sbrugna...

EUVD-2012-1052

Malware in sbrugna...

SUSE-SU-2024:3843-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 - Re-enable use of .dsrc basedn for dsidm commands bsc1231462 - Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...

RHEL 9 : 389-ds-base (RHSA-2024:4633)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4633 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...

RHEL 8 : 389-ds (RHSA-2024:4235)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4235 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...

RLSA-2024:3837 Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ...

Oracle Linux 9 : 389-ds-base (ELSA-2024-3837)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3837 advisory. 2.4.5-8 - Bump version to 2.4.5-8 - Fix License tag 2.4.5-7 - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed...

389-ds-base security update

2.4.5-8 - Bump version to 2.4.5-8 - Fix License tag 2.4.5-7 - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at domodify in slapd/modify.c - Resolves: RHEL-34825 - redhat-ds:11/389-ds-base: potential denial of service via speciall...

CVE-2024-3657 389-ds-base: potential denial of service via specially crafted kerberos as-req request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

CVE-2024-3657 389-ds-base: potential denial of service via specially crafted kerberos as-req request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

Windows Kerberos RC4 MD4 Encryption Downgrade Privilege Escalation Vulnerability

Windows: Kerberos RC4 MD4 Encryption Downgrade EoP Platform: Windows 10+ Class: Elevation of Privilege Security Boundary: User Summary: The KDC allows an interposing attacker to downgrade to RC4 MD4 encryption in compromising the user's TGT session key resulting in EoP. NOTE: I tried to look if...

Windows-Kerberos-MS14-068

Microsoft Windows Server contains a flaw related to the checksum in the Kerberos Key Distribution Center KDC component. The issue is triggered when the component fails to properly validate signatures. This may allow an authenticated remote attacker to use a forged Kerberos ticket signature to gai...

Windows Kerberos - Elevation of Privilege (MS14-068) Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python MS14-068 Exploit Author ------ Sylvain Monne Contact : sylvain dot monne at solucom dot fr http://twitter.com/bidord import sys, os from random import getrandbits from time import time, localtime, strftime from kek.ccache...

oclHashcat v1.2 - GPGPU-based Multi-hash Cracker

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack implemented as mask attack, combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite. GPU Driver requirements: NV...

Mandriva Linux Security Advisory : krb5 (MDVSA-2013:042)

Multiple vulnerabilities has been discovered and corrected in krb5 : Fix a kadmind denial of service issue NULL pointer dereference, which could only be triggered by an administrator with the create privilege CVE-2012-1013. The MIT krb5 KDC Key Distribution Center daemon can free an uninitialized...

Mandriva Linux Security Advisory : krb5 (MDVSA-2012:120)

A vulnerability has been discovered and corrected in krb5 : The MIT krb5 KDC Key Distribution Center daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this...

Debian: Security Advisory (DSA-2518-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-1014

The processasreq function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service uninitialized pointer dereference and daemon crash or possibly execute arbitrary...

Design/Logic Flaw

The kdchandleprotectednegotiation function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute...