11 matches found
CVE-2023-25564 affecting package gssntlmssp for versions less than 1.3.1-1
CVE-2023-25564 affecting package gssntlmssp for versions less than 1.3.1-1. An upgraded version of the package is available that resolves this issue...
openSUSE: Security Advisory for gssntlmssp (openSUSE-SU-2023:0048-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
gssntlmssp security update
1.2.0-1 - New release 1.2.0 - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix CVE-2023-25565: incorrect free when decoding target information - Fix CVE-2023-25566: memory leak when parsing username...
Oracle Linux 8 : gssntlmssp (ELSA-2023-3097)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-3097 advisory. - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix...
AlmaLinux 8 : gssntlmssp (ALSA-2023:3097)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3097 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when...
Moderate: Red Hat Security Advisory: gssntlmssp security update
An update for gssntlmssp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Fedora: Security Advisory for gssntlmssp (FEDORA-2023-cb63c0f615)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 37 : gssntlmssp (2023-cb63c0f615)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cb63c0f615 advisory. Patched several CVEs reported by GitHub Security Lab CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 Tenable has extracte...
openSUSE 15 Security Update : gssntlmssp (openSUSE-SU-2023:0048-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0048-1 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds rea...
CVE-2023-25564
The CVE-2023-25564 issue affects GSS-NTLMSSP (NTLM support for GSSAPI). Before version 1.2.0, decoding UTF-16 strings could leave outlen uninitialized, causing a potential out-of-bounds write and memory corruption that may trigger a denial of service via gss_accept_sec_context. The advisory state...
CVE-2023-25564 GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...