CVE-2023-25563 GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of...

CVE-2023-25563

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of...

CVE-2023-25566

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the...

CVE-2023-25565

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...

CVE-2023-25564

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

CVE-2023-25563

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of...

CVE-2023-25567

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the avpair is not checked properly for two of the elements which can trigger an out-of-bound read. The...

[SECURITY] [DLA 3316-1] postgresql-11 security update

Debian LTS Advisory DLA-3316-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez February 10, 2023 https://wiki.debian.org/LTS Package : postgresql-11 Version : 11.19-0+deb10u1 CVE ID : CVE-2022-41862 Jacob Champion discovered that libpq can leak memory contents...

EulerOS 2.0 SP10 : samba (EulerOS-SA-2023-1371)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2023-1371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : samba (EulerOS-SA-2023-1399)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and...

CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

USN-5849-1 heimdal vulnerabilities

Helmut Grohne discovered that Heimdal GSSAPI incorrectly handled logical conditions that are related to memory management operations. An attacker could possibly use this issue to cause a denial of service...

Debian dla-3311 : heimdal-clients - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3311 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3311-1 [email protected]...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Heimdal vulnerabilities (USN-5849-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5849-1 advisory. Helmut Grohne discovered that Heimdal GSSAPI incorrectly handled logical conditions that are related to memory management operations. An...

Ubuntu 20.04 LTS / 22.04 LTS : Samba vulnerabilities (USN-5822-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5822-1 advisory. It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad...

MGASA-2023-0010 Updated samba packages fix security vulnerability

There is a limited write heap buffer overflow in the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal included in Samba. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into...

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

DEBIAN-CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

AZL-37016 CVE-2022-3437 affecting package samba for versions less than 4.18.3-1

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...