22 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-5351
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13 sends old keys in a response to a -randkey...
RHEL 5 : krb5 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - krb5: kadmind doubly frees partial deserialization results MITKRB5-SA-2015-001 CVE-2014-9421 - krb5:...
Mageia: Security Advisory (MGASA-2014-0477)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:0290-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1265-1] krb5 security update
Package : krb5 Version : 1.10.1+dfsg-5+deb7u9 CVE ID : CVE-2013-1418 CVE-2014-5351 CVE-2014-5353 CVE-2014-5355 CVE-2016-3119 CVE-2016-3120 Debian Bug : 728845 762479 773226 778647 819468 832572 Kerberos, a system for authenticating users and services on a network, was affected by several...
SUSE: Security Advisory for krb5 (SUSE-SU-2015:0290-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2015:0290-2)
MIT kerberos krb5 was updated to fix several security issues and bugs. Security issues fixed: CVE-2014-5351: The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 sent old keys in a response to a -randkey -keepold request, which allowed remote...
Fedora 20 : krb5-1.11.5-18.fc20 (2015-2382)
Security fix for CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 Security fix for CVE-2014-5351 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as muc...
Fedora Update for krb5 FEDORA-2015-2382
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : krb5 (openSUSE-2015-128)
krb5 was updated to fix five security issues. These security issues were fixed : - CVE-2014-5351: current keys returned when randomizing the keys for a service principal bnc897874 - CVE-2014-5352: An authenticated attacker could cause a vulnerable application including kadmind to crash or to...
Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2498-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2498-1 advisory. It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this iss...
Ubuntu: Security Advisory (USN-2498-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AIX NAS Advisory : nas_advisory2.asc
The version of the Network Authentication Service NAS installed on the remote AIX host is affected by a vulnerability related to Kerberos 5 which allows authenticated users to retrieve current keys, which can be used to forge tickets. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text ...
AIX NAS vulnerability
IBM SECURITY ADVISORY First Issued:Tue Jan 20 04:42:45 CST 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/nasadvisory2.asc https://aix.software.ibm.com/aix/efixes/security/nasadvisory2.asc...
Mandriva Linux Security Advisory : krb5 (MDVSA-2014:224)
Updated krb5 packages fix security vulnerability : The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by...
SuSE 11.3 Security Update : krb5 (SAT Patch Number 9827)
This update for krb5 fixes the following issues : - When randomizing the keys for a service principal, current keys could be returned. CVE-2014-5351 - klist -s crashes when handling multiple referral entries. bnc890623 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Security fix for the ALT Linux 8 package krb5 version 1.13-alt1
Oct. 31, 2014 Alexey Shabalin 1.13-alt1 - 1.13 - fixed CVE-2014-5351 - move header from /usr/include/krb5 to /usr/include - drop kdcrotate service - update krb5.conf: + add logging example + add realms example + add domainrealm example + define defaultccachename as KEYRING:persistent:%uid...
Security fix for the ALT Linux 7 package krb5 version 1.13-alt1
Oct. 31, 2014 Alexey Shabalin 1.13-alt1 - 1.13 - fixed CVE-2014-5351 - move header from /usr/include/krb5 to /usr/include - drop kdcrotate service - update krb5.conf: + add logging example + add realms example + add domainrealm example + define defaultccachename as KEYRING:persistent:%uid...
Security fix for the ALT Linux 9 package krb5 version 1.13-alt1
Oct. 31, 2014 Alexey Shabalin 1.13-alt1 - 1.13 - fixed CVE-2014-5351 - move header from /usr/include/krb5 to /usr/include - drop kdcrotate service - update krb5.conf: + add logging example + add realms example + add domainrealm example + define defaultccachename as KEYRING:persistent:%uid...
CVE-2014-5351
The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access...