11 matches found
EUVD-2003-0134
Malware in sbrugna...
MGASA-2023-0098 Updated heimdal packages fix security vulnerability
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to b...
MGASA-2022-0395 Updated heimdal packages fix security vulnerability
Heimdal was not properly handling logical conditions that related to memory management operations. An attacker could possibly use this issue to cause a denial of service. CVE-2022-3116...
MGASA-2021-0543 Updated heimdal packages fix security vulnerability
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ Ticket Granting Server - Request. An authenticated user could use this flaw to crash a samba server using heimdal...
Updated heimdal packages fix security vulnerability
Michael Eder and Thomas Kittel discovered that Heimdal did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service crash of the KDC daemon by sending maliciously crafted packets CVE-2017-17439...
MGASA-2017-0485 Updated heimdal packages fix security vulnerability
Michael Eder and Thomas Kittel discovered that Heimdal did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service crash of the KDC daemon by sending maliciously crafted packets CVE-2017-17439...
MGASA-2017-0308 Updated heimdal packages fix security vulnerability
Transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2 CVE-2017-6594. Note, this may break sites that rely on the bug. With the bug some...
MGASA-2017-0265 Updated heimdal packages fix security vulnerability
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks CVE-2017-11103...
DSA-185 heimdal - buffer overflow
Bulletin has no description...
[SECURITY] [DSA 178-1] New Heimdal packages fix remote command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 178-1 [email protected] http://www.debian.org/security/ Martin Schulze October 17th, 2002 http://www.debian.org/security/faq -...
[SECURITY] [DSA 178-1] New Heimdal packages fix remote command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 178-1 [email protected] http://www.debian.org/security/ Martin Schulze October 17th, 2002 http://www.debian.org/security/faq -...