CVE-2010-0283

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service assertion failure and daemon crash via an invalid 1 AS-REQ or 2 TGS-REQ request...

CVE-2010-0283

CVE-2010-0283 affects MIT Kerberos 5 (krb5) in versions: 1.7 prior to 1.7.2 and 1.8 alpha. A remote attacker can trigger an assertion failure by sending invalid AS-REQ or TGS-REQ requests, causing a denial of service (daemon crash). Public sources in the OpenVAS/Gentoo/Ubuntu disclosures corrobor...

MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2010-001 MIT krb5 Security Advisory 2010-001 Original release: 2010-02-16 Last update: 2010-02-16 Topic: krb5-1.7 KDC denial of service CVE-2010-0283 krb5-1.7 KDC denial of service CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:O/RC:C...

krb5 -- multiple denial of service vulnerabilities

Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows: An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial ...

Mandriva Linux Security Advisory : squid (MDVSA-2010:033)

A vulnerability have been discovered and corrected in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows remote attackers to cause a denial of service assertion failure via a crafted DNS packet that only contains a header CVE-2010-0308. This update provides a fix to this...

CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service assertion failure via a crafted DNS packet that only contains a header...

DEBIAN-CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service assertion failure via a crafted DNS packet that only contains a header...

CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service assertion failure via a crafted DNS packet that only contains a header...

SuSE9 Security Update : OpenLDAP 2 (YOU Patch Number 12222)

This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams, which triggers an assertion error. CVE-2008-2952 Additionally a bug was fixed in ldapfreeconnection which...

CVE-2009-3242

Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service application crash via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure...

CVE-2008-7011

The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service server exit via multiple file downloads from the server, which triggers an assertion...

RedHat Security Advisory RHSA-2009:1181

The remote host is missing updates announced in advisory RHSA-2009:1181. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools...

RedHat Security Advisory RHSA-2009:1181

The remote host is missing updates announced in advisory RHSA-2009:1181. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named, a resolver library routines for applications to use when interfacing with DNS, and tools...

CVE-2009-2085

The Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans E...

CVE-2009-2085

CVE-2009-2085 affects IBM WebSphere Application Server 6.1 (before 6.1.0.25) and 7.0 (before 7.0.0.5). The vulnerability arises from improper handling of Identity Assertion when CSIv2 Security is used, allowing remote attackers to bypass intended CSIv2 access restrictions via vectors involving En...

CVE-2009-2664

The jswatchset function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service assertion failure and application exit or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE:...

FreeBSD : BIND -- Dynamic update message remote DoS (83725c91-7c7e-11de-9672-00e0815b8da8)

When named8 receives a specially crafted dynamic update message an internal assertion check is triggered which causes named8 to exit. To trigger the problem, the dynamic update message must contains a record of type 'ANY' and at least one resource record set RRset for this fully qualified domain...

bind security update

CentOS Errata and Security Advisory CESA-2009:1180 Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BI...

RHEL 3 : bind (RHSA-2009:1181)

"Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System...

bind security update

CentOS Errata and Security Advisory CESA-2009:1181 Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BI...