30 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-2695
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial...
RHEL 4 : krb5 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - krb5, krb5-appl: ftpd incorrect group privilege dropping MITKRB5-SA-2011-005 CVE-2011-1526 - krb5: SPNEGO...
Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Kerberos
Summary IBM has provided explicit mitigation for the following Kerberos CVEs. DataPower did not previously provide the conditions necessary to exploit these CVEs. The explicit mitigations provided here protect against possible future changes that might have made them exploitable. Vulnerability...
SUSE: Security Advisory (SUSE-SU-2015:1898-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 7 package krb5 version 1.13.7-alt0.M70P.1
1.13.7-alt0.M70P.1 built April 13, 2017 Evgeny Sinelnikov in task 180726 March 24, 2017 Evgeny Sinelnikov - Update to supported security release Fixes: CVE-2014-5355, CVE-2015-2694, CVE-2015-2695, CVE-2015-2696, CVE-2015-2698, CVE-2015-2697, CVE-2015-8629, CVE-2015-8630, CVE-2015-8631,...
Security fix for the ALT Linux 8 package krb5 version 1.14.2-alt1
1.14.2-alt1 built April 26, 2016 Andrey Cherepanov in task 163855 April 25, 2016 Alexey Shabalin - 1.14.2 - fixed CVE-2015-2695,CVE-2015-2696,CVE-2015-2697,CVE-2015-2698,CVE-2015-8629,CVE-2015-8630,CVE-2015-8631,CVE-2016-3119 - allow verification of attributes on krb5.conf...
Security fix for the ALT Linux 9 package krb5 version 1.14.2-alt1
April 25, 2016 Alexey Shabalin 1.14.2-alt1 - 1.14.2 - fixed CVE-2015-2695,CVE-2015-2696,CVE-2015-2697,CVE-2015-2698,CVE-2015-8629,CVE-2015-8630,CVE-2015-8631,CVE-2016-3119 - allow verification of attributes on krb5.conf...
Fedora 21 : krb5-1.12.2-19.fc21 (2015-200d2dfd9f)
krb5-1.13.2-13.fc23 - Patch CVE-2015-2698 krb5-1.12.2-19.fc21 - Patch CVE-2015-2698 krb5-1.13.2-10.fc22 - Patch CVE-2015-2698 ---- krb5-1.12.2-18.fc21 - Fix CVE-2015-2695, CVE-2015-2696, CVE-2015-2697 krb5-1.13.2-9.fc22 - Fix CVE-2015-2695, CVE-2015-2696, CVE-2015-2697 krb5-1.13.2-12.fc23 - Fix...
Fedora 22 : krb5-1.13.2-10.fc22 (2015-1b9c33d713)
krb5-1.13.2-13.fc23 - Patch CVE-2015-2698 krb5-1.12.2-19.fc21 - Patch CVE-2015-2698 krb5-1.13.2-10.fc22 - Patch CVE-2015-2698 ---- krb5-1.12.2-18.fc21 - Fix CVE-2015-2695, CVE-2015-2696, CVE-2015-2697 krb5-1.13.2-9.fc22 - Fix CVE-2015-2695, CVE-2015-2696, CVE-2015-2697 krb5-1.13.2-12.fc23 - Fix...
openSUSE: Security Advisory for krb5 (openSUSE-SU-2015:1997-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2015:2294-1)
The krb5 package was updated to fix the following security and non security issues : - CVE-2015-2695: Fixed missing functions that were still vulnerable bsc954270. - Fixed a memory leak in the handling of error messages bsc954470. Note that Tenable Network Security has extracted the preceding...
SUSE-SU-2015:2294-1 Security update for krb5
The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable bsc954270. - Fixed a memory leak in the handling of error messages bsc954470...
openSUSE Security Update : krb5 (openSUSE-2015-740)
krb5 was updated to fix three security issues. These security issues were fixed : - CVE-2015-2695: Applications which call gssinquirecontext on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process...
Ubuntu: Security Advisory (USN-2810-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2810-1: Kerberos vulnerabilities
It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. CVE-2002-2443 It was discovered that Kerberos...
CVE-2015-2695
lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service incorrect pointer read and process crash via a crafted SPNEGO packet that is mishandled during a gssinquirecontext call...
CVE-2015-2695
CVE-2015-2695 affects MIT Kerberos 5 (krb5) where the krb5 GSS-API SPNEGO mechanism mishandles a context, relying on an inappropriate context handle. This can enable a remote attacker to cause a denial of service via a crafted gss_inquire_context call on a partially-established SPNEGO context, le...
Debian DSA-3395-1 : krb5 - security update
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-2695 It was discovered that applications which call gssinquirecontext on a partially-established SPNEGO context can...
Debian DLA-340-1 : krb5 security update
CVE-2015-2695 It was discovered that applications which call gssinquirecontext on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2697 It was discovered that the buildprincipalva function...
openSUSE Security Update : krb5 (openSUSE-2015-709)
krb5 was updated to fix three security issues. These security issues were fixed : - CVE-2015-2695: Applications which call gssinquirecontext on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process...