7 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-3206
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of...
FreeBSD : py-kerberos -- DoS and MitM vulnerabilities (2acdf364-9f8d-4aaf-8d1b-867fdfd771c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2acdf364-9f8d-4aaf-8d1b-867fdfd771c6 advisory. - The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicat...
dbt-hive (>=1.1.5 <=1.11.0), dbt-impala (>=1.1.4 <=1.3.1) +30 more potentially affected by CVE-2015-3206 via kerberos (>=1.1.1 <=1.3.1)
kerberos PYPI version =1.1.1, =1.1.5, =1.1.4, =0.1.0, =1.0.5, =0.1.0, =6.0.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =2017.3.3, =0.1.0, =0.0.1, =1.6.16 and more Source cves: CVE-2015-3206 Source advisory: OSV:PYSEC-2017-49...
CVE-2015-3206
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...
CVE-2015-3206
CVE-2015-3206 affects the pykerberos library (checkPassword) where the KDC is not authenticated, enabling potential MITM or DoS via spoofed KDC responses. Connected sources indicate mitigations include enabling KDC verification (e.g., via a krb5.keytab and related verify option) and applying patc...
[SECURITY] [DLA 265-2] pykerberos regression update
Package : pykerberos Version : 1.1+svn4895-1+deb6u2 CVE ID : CVE-2015-3206 It was discovered that the original fix did not disable KDC verification support by default and changed checkPassowrds signature. This update corrects this. This was the text of the original advisiory: Martin Prpic has...
[SECURITY] [DLA 265-1] pykerberos security update
Package : pykerberos Version : 1.1+svn4895-1+deb6u1 CVE ID : CVE-2015-3206 Martin Prpic has reported the possibility of a man-in-the-middle attack in the pykerberos code to the Red Hat Bugzilla Fedora bug tracker. The original issue has earlier been reported upstream 1. We are quoting the upstrea...