16 matches found
EUVD-2010-1353
Malware in sbrugna...
In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
...
FreeBSD Ports: krb5
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD Ports: krb5
The remote host is missing an update to the system as announced in the referenced advisory. VID 9f971cea-03f5-11e0-bf50-001a926c7637 OpenVAS Vulnerability Test $ Description: Auto generated from VID 9f971cea-03f5-11e0-bf50-001a926c7637 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
FreeBSD Ports: krb5
The remote host is missing an update to the system as announced in the referenced advisory. VID 0d57c1d9-03f4-11e0-bf50-001a926c7637 OpenVAS Vulnerability Test $ Description: Auto generated from VID 0d57c1d9-03f4-11e0-bf50-001a926c7637 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
Ubuntu: Security Advisory (USN-1030-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu Update for krb5 vulnerabilities USN-1030-1
Ubuntu Update for Linux kernel vulnerabilities USN-1030-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10301.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for krb5 vulnerabilities USN-1030-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : krb5 vulnerabilities (USN-1030-1)
It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center KDC or forge a KRB-SAFE message. CVE-2010-1323 It was discovered that Kerber...
Mandriva Update for krb5 MDVSA-2010:246 (krb5)
Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDVSA-2010:246 krb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CVE-2010-1324
MIT Kerberos 5 aka krb5 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via 1 an unkeyed checksum, 2 an unkeyed PAC checksum, or 3 a KrbFastArmoredRe...
Code injection
MIT Kerberos 5 aka krb5 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via 1 an unkeyed checksum, 2 an unkeyed PAC checksum, or 3 a KrbFastArmoredRe...
CVE-2010-1324
MIT Kerberos 5 (krb5) 1.7.x and 1.8.x up to 1.8.3 are affected by CVE-2010-1324 due to improper acceptability of checksums when verifying the req-checksum in a KrbFastArmoredReq, including unkeyed checksums and RC4-based checksums. This could allow remote attackers to forge GSS tokens, bypass sec...
CVE-2010-1324
MIT Kerberos 5 aka krb5 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via 1 an unkeyed checksum, 2 an unkeyed PAC checksum, or 3 a KrbFastArmoredRe...
Mandriva Linux Security Advisory : krb5 (MDVSA-2010:246)
Multiple vulnerabilities were discovered and corrected in krb5 : An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some circumstances, this can negate the incremental security benefit of usin...
MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2010-007 MIT krb5 Security Advisory 2010-007 Original release: 2010-11-30 Last update: 2010-11-30 Topic: Multiple checksum handling vulnerabilities CVE-2010-1324 krb5 GSS-API applications may accept unkeyed checksums krb5 application servic...
krb5 -- multiple checksum handling vulnerabilities
The MIT Kerberos team reports: MIT krb incorrectly accepts an unkeyed checksum with DES session keys for version 2 RFC 4121 of the GSS-API krb5 mechanism. An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted...