20 matches found
SUSE: Security Advisory (SUSE-SU-2015:1282-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2015-0439)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2015:1282-1)
krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed : - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name bsc910457. - CVE-2014-5354: NULL pointer dereference when using...
SUSE SLES12 Security Update : krb5 (SUSE-SU-2015:1276-1)
krb5 was updated to fix four security issues. These security issues were fixed : - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name bsc910457. - CVE-2014-5354: NULL pointer dereference when using keyless entries bsc910458. - CVE-2014-5355: Denial of service...
SUSE-SU-2015:1282-1 Security update for krb5
krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name bsc910457. - CVE-2014-5354: NULL pointer dereference when using...
openSUSE Security Update : krb5 (openSUSE-2015-246)
krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. On openSUSE 13.1 and 13.2 krb5 was updated to fix the following vulnerabilities : - bnc910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name -...
Fedora Update for krb5 FEDORA-2015-2347
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : krb5 1.11 -- New release/fix multiple vulnerabilities (dbf9e66c-bd50-11e4-a7ba-206a8a720317)
The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6 : Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...
krb5 1.11 -- New release/fix multiple vulnerabilities
The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6: Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...
krb5 1.12 -- New release/fix multiple vulnerabilities
The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.12.3: Fix multiple vulnerabilities in the LDAP KDC back end. CVE-2014-5354 CVE-2014-5353 Fix multiple kadmind vulnerabilities, some of which are based in the gssrpc library. CVE-2014-5352 CVE-2014-5352 CVE-2014-9421...
krb5: multiple issues
CVE-2014-5352 authenticated remote code execution: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in...
Ubuntu: Security Advisory (USN-2498-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2498-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2498-1 advisory. It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this iss...
Security fix for the ALT Linux 8 package krb5 version 1.13-alt2
Dec. 23, 2014 Alexey Shabalin 1.13-alt2 - fixed CVE-2014-5353, CVE-2014-5354...
Security fix for the ALT Linux 7 package krb5 version 1.13-alt2
Dec. 23, 2014 Alexey Shabalin 1.13-alt2 - fixed CVE-2014-5353, CVE-2014-5354...
Security fix for the ALT Linux 9 package krb5 version 1.13-alt2
Dec. 23, 2014 Alexey Shabalin 1.13-alt2 - fixed CVE-2014-5353, CVE-2014-5354...
CVE-2014-5354
plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash by creating a database entry for a keyless principal, as...
CVE-2014-5354
plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash by creating a database entry for a keyless principal, as...
CVE-2014-5354
MIT Kerberos 5 (krb5) 1.12.x and 1.13.x before 1.13.1 is vulnerable when the KDC uses LDAP: ldap_principal2.c can NULL-deref if a keyless principal is added (e.g., kadmin -nokey), leading to a denial of service via daemon crash. The vulnerability requires authentication and arises from specific L...
CVE-2014-5354
plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash by creating a database entry for a keyless principal, as...