23 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-3120
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.13.6 and 1.4.x before 1.14.3, when...
SUSE: Security Advisory (SUSE-SU-2016:2136-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2016-1076)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 1.0: Krb5 PHSA-2017-0021
An update of the krb5 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0021. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121701;...
Security Bulletin: Vulnerabilities in krb5 affect PowerKVM (CVE-2016-3119, CVE-2016-3120)
Summary PowerKVM is affected by vulnerabilities in MIT Kerberos krb5. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-3120 DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference in the validateasrequest function. By...
[SECURITY] [DLA 1265-1] krb5 security update
Package : krb5 Version : 1.10.1+dfsg-5+deb7u9 CVE ID : CVE-2013-1418 CVE-2014-5351 CVE-2014-5353 CVE-2014-5355 CVE-2016-3119 CVE-2016-3120 Debian Bug : 728845 762479 773226 778647 819468 832572 Kerberos, a system for authenticating users and services on a network, was affected by several...
Security fix for the ALT Linux 7 package krb5 version 1.13.7-alt0.M70P.1
1.13.7-alt0.M70P.1 built April 13, 2017 Evgeny Sinelnikov in task 180726 March 24, 2017 Evgeny Sinelnikov - Update to supported security release Fixes: CVE-2014-5355, CVE-2015-2694, CVE-2015-2695, CVE-2015-2696, CVE-2015-2698, CVE-2015-2697, CVE-2015-8629, CVE-2015-8630, CVE-2015-8631,...
Security fix for the ALT Linux 9 package krb5 version 1.14.4-alt1.S1
Feb. 15, 2017 Evgeny Sinelnikov 1.14.4-alt1.S1 - 1.14.4 - fixed CVE-2016-3120...
Amazon Linux AMI : krb5 (ALAS-2017-793)
A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modifyprincipal command, if kadmin...
Low: krb5
Issue Overview: A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modifyprincipal...
Scientific Linux Security Update : krb5 on SL7.x x86_64 (20161103)
The following packages have been upgraded to a newer upstream version: krb5 1.14.1. Security Fixes : - A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereferen...
CentOS 7 : krb5 (CESA-2016:2591)
An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...
Oracle Linux 7 : krb5 (ELSA-2016-2591)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2591 advisory. - Fix CVE-2016-3120 - Fix CVE-2016-3119 LDAP NULL dereference Tenable has extracted the preceding description block directly from the Oracle Linux...
krb5 security, bug fix, and enhancement update
1.14.1-26 - Use responder in non-preauth AS reqs - Resolves: 1363690 1.14.1-25 - Fix bad debuglog call in selinux handling - Resolves: 1292153 1.14.1-24 - Fix KKDCPP with TLS SNI by always presenting 'Host:' header - Resolves: 1364993 1.14.1-23 - Add dependency on libkadm5 to krb5-devel - Resolve...
MGASA-2016-0306 Updated krb5 packages fix security vulnerability
The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service NULL pointer dereference a...
openSUSE Security Update : krb5 (openSUSE-2016-1065)
This update for krb5 fixes the following issues : - CVE-2016-3120: KDC NULL pointer Dereference Denial Of Service Vulnerability bsc991088 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...
Fedora Update for krb5 FEDORA-2016-f405b25923
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 23 : krb5 (2016-f405b25923)
Bump version to 1.14.3 for the convenience of those needing the SNI fix. ---- Require krb5 to set the 'Host:' header when speaking KKDCPP. This fixes use of TLS with SNI. ---- Fix low-impact CVE-2016-3120 where S4U2Self may cause KDC crash when anon is restricted Note that Tenable Network Securit...
SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2016:2136-1)
This update for krb5 fixes the following issues : - CVE-2016-3120: KDC NULL pointer Dereference Denial Of Service Vulnerability bsc991088 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatical...
Fedora 23 : krb5 (2016-4a36663643)
Misc samba and sssd-related bugfixes. ---- Bump version to 1.14.3 for the convenience of those needing the SNI fix. ---- Require krb5 to set the 'Host:' header when speaking KKDCPP. This fixes use of TLS with SNI. ---- Fix low-impact CVE-2016-3120 where S4U2Self may cause KDC crash when anon is...