17 matches found
Oracle Linux 5 : pam_krb5 (ELSA-2010-0258)
The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0258 advisory. - dont vary the password prompt depending on whether or not the user exists or is known to the KDC CVE-2009-1384, 505265 Tenable has extracted the preceding...
Scientific Linux Security Update : pam_krb5 on SL5.x i386/x86_64
A flaw was found in pamkrb5. In some non-default configurations specifically, those where pamkrb5 would be the first module to prompt for a password, the text of the password prompt varied based on whether or not the username provided was a username known to the system. A remote attacker could us...
RHEL 5 : pam_krb5 (RHSA-2010:0258)
Updated pamkrb5 packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Mandriva Update for pam_krb5 MDVSA-2010:054 (pam_krb5)
Check for the Version of pamkrb5 OpenVAS Vulnerability Test Mandriva Update for pamkrb5 MDVSA-2010:054 pamkrb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Mandriva Linux Security Advisory : pam_krb5 (MDVSA-2010:054)
Pamkrb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames CVE-2009-1384. This update provides the version 2.3.5 of pamkrb5, which is not vulnerable to this issue. %NASLMINLEVEL 70300 C...
Mandriva Update for cacti MDVA-2010:054 (cacti)
Check for the Version of cacti OpenVAS Vulnerability Test Mandriva Update for cacti MDVA-2010:054 cacti Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Core 9 FEDORA-2009-6279 (pam_krb5)
The remote host is missing an update to pamkrb5 announced via advisory FEDORA-2009-6279. OpenVAS Vulnerability Test $Id: fcore20096279.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-6279 pamkrb5 Authors: Thomas Reinke Copyright: Copyright c 2009...
Fedora Core 10 FEDORA-2009-6255 (pam_krb5)
The remote host is missing an update to pamkrb5 announced via advisory FEDORA-2009-6255. OpenVAS Vulnerability Test $Id: fcore20096255.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-6255 pamkrb5 Authors: Thomas Reinke Copyright: Copyright c 2009...
Fedora Core 11 FEDORA-2009-5983 (pam_krb5)
The remote host is missing an update to pamkrb5 announced via advisory FEDORA-2009-5983. OpenVAS Vulnerability Test $Id: fcore20095983.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-5983 pamkrb5 Authors: Thomas Reinke Copyright: Copyright c 2009...
Fedora Core 9 FEDORA-2009-6279 (pam_krb5)
The remote host is missing an update to pamkrb5 announced via advisory FEDORA-2009-6279. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...
Fedora Core 11 FEDORA-2009-5983 (pam_krb5)
The remote host is missing an update to pamkrb5 announced via advisory FEDORA-2009-5983. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...
Fedora Core 10 FEDORA-2009-6255 (pam_krb5)
The remote host is missing an update to pamkrb5 announced via advisory FEDORA-2009-6255. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...
Fedora 9 : pam_krb5-2.3.5-1.fc9 (2009-6279)
This updates the pamkrb5 package from version 2.3.2 to 2.3.5, fixing CVE-2009-1384: in certain configurations, the password prompt could vary depending on whether or not the user account was known to the system or the KDC. It also fixes a bug which prevented password change attempts from working ...
Fedora 10 : pam_krb5-2.3.5-1.fc10 (2009-6255)
This updates the pamkrb5 package from version 2.3.2 to 2.3.5, fixing CVE-2009-1384: in certain configurations, the password prompt could vary depending on whether or not the user account was known to the system or the KDC. It also fixes a bug which prevented password change attempts from working ...
Fedora 11 : pam_krb5-2.3.5-1.fc11 (2009-5983)
This updates the pamkrb5 package from version 2.3.4 to 2.3.5, fixing CVE-2009-1384: in certain configurations, the password prompt could vary depending on whether or not the user account was known to the system or the KDC. Note that Tenable Network Security has extracted the preceding description...
CVE-2009-1384
pamkrb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux RHEL 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
CVE-2009-1384
CVE-2009-1384 affects pam_krb5 2.2.14–2.3.4 used in RHEL5; the PAM module prompts differ depending on whether a user exists, enabling remote username enumeration. Connected advisories confirm affected packages (pam_krb5) and reference the same CVE; remediation reported includes updating pam_krb5 ...