Denial Of Service (DoS)

Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center KDC. An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial...

Oracle: Security Advisory (ELSA-2012-1131)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : rhev-hypervisor6 (RHSA-2012:1200)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2012:1200 advisory. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization...

openSUSE Security Update : krb5 (openSUSE-SU-2012:0967-1)

Several potential codeexecution flaws were fixed in krb5. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-497. The text description of this plugin is C SUSE LLC...

Oracle Linux 6 : krb5 (ELSA-2012-1131)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1131 advisory. - pull up the patch to correct a possible NULL pointer dereference in kadmind CVE-2012-1013, 827517 Tenable has extracted the preceding description blo...

CentOS 6 : krb5 (CESA-2012:1131)

Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Fedora Update for krb5 FEDORA-2013-3116

Check for the Version of krb5 OpenVAS Vulnerability Test Fedora Update for krb5 FEDORA-2013-3116 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Fedora Update for krb5 FEDORA-2013-3116

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Moderate: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes multiple security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Fedora Update for krb5 FEDORA-2012-11370

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for krb5 FEDORA-2012-11370

Check for the Version of krb5 OpenVAS Vulnerability Test Fedora Update for krb5 FEDORA-2012-11370 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Debian Security Advisory DSA 2518-1 (krb5)

The remote host is missing an update to krb5 announced via advisory DSA 2518-1. OpenVAS Vulnerability Test $Id: deb25181.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2518-1 krb5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2518-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 16 : krb5-1.9.4-3.fc16 (2012-11370)

This update updates the package from version 1.9.3 to version 1.9.4, mainly to pick up a fix for an interoperability problem with Windows Server 2008R2 read-only domain controllers, and incorporates the upstream fix for CVE-2012-1015, in which the KDC could be made to attempt to free an...

Security fix for the ALT Linux 7 package krb5 version 1.10.2-alt2

Aug. 7, 2012 Vitaly Kuznetsov 1.10.2-alt2 - CVE-2012-1015...

Security fix for the ALT Linux 8 package krb5 version 1.10.2-alt2

Aug. 7, 2012 Vitaly Kuznetsov 1.10.2-alt2 - CVE-2012-1015...

CVE-2012-1015

The kdchandleprotectednegotiation function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute...

CVE-2012-1015

CVE-2012-1015 affects MIT Kerberos 5 (krb5) in KDC handling: 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3. The issue arises when kdc_handle_protected_negotiation calculates a checksum before verifying that the key type is appropriate, enabling a remote attacker to cause arbitrary code exec...

MITKRB5-SA-2012-001: KDC heap corruption and crash [CVE-2012-1014 CVE-2012-1015]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2012-001 MIT krb5 Security Advisory 2012-001 Original release: 2012-07-31 Topic: KDC heap corruption and crash vulnerabilities CVE-2012-1015: KDC frees uninitialized pointer CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2...

Fedora 17 : krb5-1.10.2-6.fc17 (2012-11388)

This update incorporates the upstream fixes for CVE-2012-1014 and CVE-2012-1015, in which the KDC could be made to attempt to dereference or free an uninitialized pointer. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...