Lucene search
K

20 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2017-0420)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.0837EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2018:1425-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.03303EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.35 views

EulerOS Virtualization 2.5.3 : krb5 (EulerOS-SA-2019-1167)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remot...

6.5CVSS7AI score0.03303EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/12/28 12:0 a.m.42 views

EulerOS Virtualization 2.5.2 : krb5 (EulerOS-SA-2018-1408)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client...

6.5CVSS7.1AI score0.03303EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/11/07 12:0 a.m.42 views

EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1361)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an...

6.5CVSS7AI score0.03303EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/09/07 12:0 a.m.41 views

Amazon Linux AMI : krb5 (ALAS-2018-1010)

A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.CVE-2017-11368 An authentication bypass flaw was found in the way krb5's certauth...

6.5CVSS6.8AI score0.03303EPSS
Exploits0References3
Amazon
Amazon
added 2018/09/05 12:0 a.m.521 views

Medium: krb5

Issue Overview: A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.CVE-2017-11368 An authentication bypass flaw was found in the way...

6.5CVSS7.3AI score0.03303EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/21 7:51 p.m.37 views

Security Bulletin: IBM Security Access Manager Appliance is affected by Kerberos vulnerabilities (CVE-2017-11368, CVE-2017-7562)

Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-11368 DESCRIPTION: MIT Kerberos 5 is vulnerable to a denial of service, caused by a KDC assertion failure. By sending a specially-crafted request, a remote authenticate...

6.5CVSS1.7AI score0.03303EPSS
Exploits0Affected Software1
NVD
NVD
added 2018/07/26 3:29 p.m.21 views

CVE-2017-7562

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances...

6.5CVSS6.6AI score0.03303EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2018/07/26 3:29 p.m.28 views

CVE-2017-7562

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances...

6.5CVSS6.8AI score0.03303EPSS
Exploits0References5
CVE
CVE
added 2018/07/26 3:0 p.m.138 views

CVE-2017-7562

CVE-2017-7562 affects MIT krb5 prior to version 1.16.1, where the certauth interface improperly validated client certificates. A remote attacker able to reach the KDC could potentially impersonate arbitrary principals under rare, erroneous circumstances. Root cause: incorrect validation of forged...

6.5CVSS6.7AI score0.03303EPSS
Exploits0References7Affected Software4
Cvelist
Cvelist
added 2018/07/26 3:0 p.m.21 views

CVE-2017-7562

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances...

6.5CVSS6.8AI score0.03303EPSS
Exploits0References7
OSV
OSV
added 2018/05/25 1:5 p.m.10 views

SUSE-SU-2018:1425-1 Security update for krb5

This update for krb5 provides the following fixes: Security issues fixed: - CVE-2017-7562: Improper validation of certificate EKU and SAN could lead to authentication bypass. bsc1055851 Non-security issues fixed: - Set 'rdns' and 'dnscanonicalizehostname' to false in krb5.conf in order to improve...

6.5CVSS6.7AI score0.03303EPSS
Exploits0References5
Amazon
Amazon
added 2018/05/10 12:0 a.m.36 views

Medium: krb5

Issue Overview: Authentication bypass by improper validation of certificate EKU and SAN An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to...

6.5CVSS7.3AI score0.03303EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/05/01 12:0 a.m.29 views

Scientific Linux Security Update : krb5 on SL7.x x86_64 (20180410)

Security Fixes : - krb5: Authentication bypass by improper validation of certificate EKU and SAN CVE-2017-7562 - krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure CVE-2017-11368 Additional Changes : C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

6.5CVSS6.8AI score0.03303EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/04/27 12:0 a.m.71 views

CentOS 7 : krb5 (CESA-2018:0666)

An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

6.5CVSS6.9AI score0.03303EPSS
Exploits0References3
Cent OS
Cent OS
added 2018/04/26 5:43 p.m.116 views

krb5, libkadm5 security update

CentOS Errata and Security Advisory CESA-2018:0666 An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.5CVSS6.7AI score0.03303EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.37 views

Oracle Linux 7 : krb5 (ELSA-2018-0666)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0666 advisory. - Fix CVE-2017-7562 certauth eku bypass - Fix CVE-2017-11368 s4u2 request assertion failures Tenable has extracted the preceding description block...

6.5CVSS7AI score0.03303EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2018/04/16 12:0 a.m.36 views

krb5 security, bug fix, and enhancement update

1.15.1-18 - Expose context errors in pkinitserverplugininit - Resolves: 1460089 1.15.1-17 - Drop certauth test changes that prevented runnig it - Resolves: 1498767 1.15.1-16 - Drop irrelevant DIR trigger logic - Resolves: 1431198 1.15.1-15 - Fix CVE-2017-7562 certauth eku bypass - Resolves: 14987...

6.5CVSS1.4AI score0.03303EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2017/08/25 10:18 p.m.32 views

CVE-2017-7562

An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances...

6.5CVSS4.8AI score0.03303EPSS
Exploits0References1
Rows per page
Query Builder