27 matches found
K16441: MIT Kerberos 5 vulnerability CVE-2014-9423
Security Advisory Description The svcauthgssacceptseccontext function in lib/rpc/svcauthgss.c in MIT Kerberos 5 aka krb5 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive...
SUSE: Security Advisory (SUSE-SU-2015:0257-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:0290-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory for krb5 (SUSE-SU-2015:0290-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory for krb5 (SUSE-SU-2015:0257-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2015-0439)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple Security vulnerabilities in IBM NAS(kerberos)
IBM SECURITY ADVISORY First Issued : Thu May 21 05:06:05 CDT 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/nasadvisory3.asc https://aix.software.ibm.com/aix/efixes/security/nasadvisory3.asc...
SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2015:0290-2)
MIT kerberos krb5 was updated to fix several security issues and bugs. Security issues fixed: CVE-2014-5351: The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 sent old keys in a response to a -randkey -keepold request, which allowed remote...
SOL16441 - MIT Kerberos 5 vulnerability CVE-2014-9423
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...
Fedora Update for krb5 FEDORA-2015-2347
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : krb5-1.11.5-18.fc20 (2015-2382)
Security fix for CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 Security fix for CVE-2014-5351 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as muc...
Fedora Update for krb5 FEDORA-2015-2382
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RedHat Update for krb5 RHSA-2015:0439-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : krb5 (RHSA-2015:0439)
Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
krb5 1.12 -- New release/fix multiple vulnerabilities
The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.12.3: Fix multiple vulnerabilities in the LDAP KDC back end. CVE-2014-5354 CVE-2014-5353 Fix multiple kadmind vulnerabilities, some of which are based in the gssrpc library. CVE-2014-5352 CVE-2014-5352 CVE-2014-9421...
CVE-2014-9423
CVE-2014-9423 affects MIT Kerberos 5 (krb5) in lib/rpc/svc_auth_gss.c, code paths in krb5 1.11.x (1.11.0–1.11.5), 1.12.x (1.12.0–1.12.2), and 1.13.x prior to 1.13.1. The issue transmits uninitialized interposer data to clients, allowing remote attackers to obtain sensitive information from a proc...
krb5: multiple issues
CVE-2014-5352 authenticated remote code execution: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in...
openSUSE Security Update : krb5 (openSUSE-2015-128)
krb5 was updated to fix five security issues. These security issues were fixed : - CVE-2014-5351: current keys returned when randomizing the keys for a service principal bnc897874 - CVE-2014-5352: An authenticated attacker could cause a vulnerable application including kadmind to crash or to...
SuSE 11.3 Security Update : krb5 (SAT Patch Number 10282)
krb5 has been updated to fix four security issues : - gssprocesscontexttoken incorrectly frees context bsc912002. CVE-2014-5352 - kadmind doubly frees partial deserialization results bsc912002. CVE-2014-9421 - kadmind incorrectly validates server principal name bsc912002. CVE-2014-9422 - libgssrp...
Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2498-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2498-1 advisory. It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this iss...