Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 : krb5 vulnerabilities (USN-940-1)

It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. Only Ubuntu 6.06 LTS was affected. CVE-2007-5902,...

USN-924-1: Kerberos vulnerabilities

Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. CVE-2010-0629 It was discovered that Kerberos did not correctly free memory ...

SuSE 10 Security Update : Kerberos (ZYPP Patch Number 4852)

This update fixes multiple vulnerabilities in krb5. It's unlikely that those vulnerabilities can actually be exploited. CVE-2007-5894 / CVE-2007-5902 / CVE-2007-5971 / CVE-2007-5972 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

CVE-2007-5902

CVE-2007-5902 is a Krb5 (MIT Kerberos 5) vulnerability: an integer overflow in svcauth_gss_get_principal (lib/rpc/svc_auth_gss.c) can be triggered by a large GSS client name in an RPC request, reported across multiple advisories (e.g., USN-940-1 / SUSE CVE page). Connected sources indicate mitiga...