Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2015-3206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of...

8.1CVSS7.6AI score0.02303EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/14 12:0 a.m.19 views

FreeBSD : py-kerberos -- DoS and MitM vulnerabilities (2acdf364-9f8d-4aaf-8d1b-867fdfd771c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2acdf364-9f8d-4aaf-8d1b-867fdfd771c6 advisory. - The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicat...

8.1CVSS7.7AI score0.02303EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2017/08/25 6:29 p.m.3 views

dbt-hive (>=1.1.5 <=1.11.0), dbt-impala (>=1.1.4 <=1.3.1) +30 more potentially affected by CVE-2015-3206 via kerberos (>=1.1.1 <=1.3.1)

kerberos PYPI version =1.1.1, =1.1.5, =1.1.4, =0.1.0, =1.0.5, =0.1.0, =6.0.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =2017.3.3, =0.1.0, =0.0.1, =1.6.16 and more Source cves: CVE-2015-3206 Source advisory: OSV:PYSEC-2017-49...

8.1CVSS7.4AI score0.02303EPSS
Exploits0
OSV
OSV
added 2017/08/25 6:29 p.m.6 views

CVE-2015-3206

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

8.1CVSS7.8AI score
Exploits0References12
CVE
CVE
added 2017/08/25 6:0 p.m.74 views

CVE-2015-3206

CVE-2015-3206 affects the pykerberos library (checkPassword) where the KDC is not authenticated, enabling potential MITM or DoS via spoofed KDC responses. Connected sources indicate mitigations include enabling KDC verification (e.g., via a krb5.keytab and related verify option) and applying patc...

8.1CVSS7.6AI score0.02303EPSS
Exploits0References5Affected Software1
Debian
Debian
added 2015/08/26 4:38 p.m.30 views

[SECURITY] [DLA 265-2] pykerberos regression update

Package : pykerberos Version : 1.1+svn4895-1+deb6u2 CVE ID : CVE-2015-3206 It was discovered that the original fix did not disable KDC verification support by default and changed checkPassowrds signature. This update corrects this. This was the text of the original advisiory: Martin Prpic has...

8.1CVSS7.1AI score0.02303EPSS
Exploits0
Debian
Debian
added 2015/07/03 9:51 a.m.13 views

[SECURITY] [DLA 265-1] pykerberos security update

Package : pykerberos Version : 1.1+svn4895-1+deb6u1 CVE ID : CVE-2015-3206 Martin Prpic has reported the possibility of a man-in-the-middle attack in the pykerberos code to the Red Hat Bugzilla Fedora bug tracker. The original issue has earlier been reported upstream 1. We are quoting the upstrea...

8.1CVSS7.1AI score0.02303EPSS
Exploits0
Rows per page
Query Builder