CVE-2014-0132

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind...

389 Directory Server SASL/GSSAPI验证绕过漏洞

Bugtraq ID:66235 CVE ID:CVE-2014-0132 389 Directory Server的前身是Fedora Directory Server，是一个企业级的Linux目录服务器。 当指定"authzid"参数时389 Directory Server不正确处理SASL/GSSAPI验证，允许远程攻击者利用漏洞使用其他用户目录。 0 389 Directory Server formerly known as Fedora Directory Server 1.3.1.20 389 Directory Server formerly known as Fedo...

Oracle Linux 6 : 389-ds-base (ELSA-2014-0292)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0292 advisory. 1.2.11.15-32 - Resolves: bug 1074847 - EMBARGOED CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation rhel-6.5.z Ticket...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

DEBIAN-CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

Authentication flaw

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

UBUNTU-CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

CVE-2013-1923

CVE-2013-1923 concerns rpc-gssd in nfs-utils before 1.2.8, which performs reverse DNS resolution during GSSAPI authentication. This DNS spoofing could let an attacker read files that should be restricted by spoofing server names. The vulnerability is tied to the nfs-utils RPC GSSD component and i...

Amazon Linux AMI : openssh (ALAS-2012-99)

A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon sshd use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default...

Oracle Linux 5 / 6 : elinks (ELSA-2013-0250)

The remote Oracle Linux 5 / 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2013-0250 advisory. 0.12-0.21.pre5 - do not delegate GSSAPI credentials CVE-2012-4545 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 4 : krb5 (ELSA-2008-0180)

From Red Hat Security Advisory 2008:0180 : Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system whi...

Oracle Linux 5 : krb5 (ELSA-2009-0408)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0408 advisory. - update to revised patch for CVE-2009-0844/CVE-2009-0845 - add fix for potential buffer read overrun in the SPNEGO GSSAPI mechanism 490635,...

CentOS 4 : openssh (CESA-2007:0703)

Updated openssh packages that fix two security issues and various bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. These packages include the core files...

CentOS 4 : openssh (CESA-2005:527)

Updated openssh packages that fix a security issue, bugs, and add support for recording login user IDs for audit are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure...

MGASA-2013-0178 Updated nfs-utils packages fix security vulnerability

It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication. Because of this, if a user where able to poison DNS to a victim's computer, they would be able to trick rpc.gssd into talking to another server perhaps with le...

CentOS Update for elinks CESA-2013:0250 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...