56 matches found
ROOT-OS-UBUNTU-2204-CVE-2023-25563 CVE-2023-25563 in rootio-gss-ntlmssp - Patched by Root
Root has patched CVE-2023-25563 in the rootio-gss-ntlmssp package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2023-25565 CVE-2023-25565 in rootio-gss-ntlmssp - Patched by Root
Root has patched CVE-2023-25565 in the rootio-gss-ntlmssp package for Root:Ubuntu:22.04. Multiple fixed versions available...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : GSS NTLMSSP vulnerabilities (USN-7588-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7588-1 advisory. Phil Turnbull discovered that GSS NTLMSSP may perform out-of-bounds reads when decoding NTLM fields and target...
Ubuntu: Security Advisory (USN-7588-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7588-1: GSS NTLMSSP vulnerabilities
Phil Turnbull discovered that GSS NTLMSSP may perform out-of-bounds reads when decoding NTLM fields and target information. An attacker could possibly use this issue to cause GSS NTLMSSP to crash, resulting in a denial of service. CVE-2023-25563, CVE-2023-25567 Phil Turnbull discovered that GSS...
TencentOS Server 3: gssntlmssp (TSSA-2023:0084)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0084 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2023-25567
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of- bounds read when decoding target information prior to...
Linux Distros Unpatched Vulnerability : CVE-2023-25565
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target...
Oracle Linux 8 : gssntlmssp (ELSA-2023-3097)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-3097 advisory. - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix...
AlmaLinux 8 : gssntlmssp (ALSA-2023:3097)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3097 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when...
Denial Of Service (DoS)
gss-ntlmssp is vulnerable to Denial Of Service DoS. The vulnerability exists because of the incorrect free when decoding target information, which leads to an application crash via the main gssacceptseccontext entry point...
Denial Of Service (DoS)
gss-ntlmssp is vulnerable to Denial of Service DoS attacks. Multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service due to a 32-bit integer overflow condition and incorrect checks of consistency of length of internal buffers. This vulnerability can be triggered via...
Denial Of Service (DoS)
gss-ntlmssp is vulnerable to Denial Of Service DoS. The vulnerability exists because of a memory leak when parsing usernames to the domain portion of a username, which overrides the allocated memory area of the size of the domain name via the main gssacceptseccontext entry point, leading to an...
Denial Of Service (DoS)
gss-ntlmssp is vulnerable to Denial of Service DoS attacks. Memory corruption can be triggered when decoding UTF16 strings if the variable 'outlen' is not initialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory spac...
Denial Of Service (DoS)
gss-ntlmssp is vulnerable to Denial of Service DoS attacks. The length of the avpair is not checked properly for two elements, which can trigger an out-of-bounds read and cause a denial-of-service if memory is unmapped...
Fedora 37 : gssntlmssp (2023-cb63c0f615)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cb63c0f615 advisory. Patched several CVEs reported by GitHub Security Lab CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 Tenable has extracte...
CVE-2023-25566
A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. A memory leak can be triggered when parsing usernames, triggering a denial of service. The domain portion of a username may be overridden, causing an allocated memory area the size of th...
CVE-2023-25567
A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. It has an out-of-bounds read when decoding target information. The length of the avpair is not checked properly for two of the elements, which can trigger an out-of-bounds read via the...
CVE-2023-25565
A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. An incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that needs to...
CVE-2023-25563
A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads occur when decoding NTLM fields and can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of the consistency of t...