31 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-2696
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of...
SUSE CVE-2015-2696
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service incorrect pointer read and process crash via a crafted IAKERB packet that is mishandled during a gssinquirecontext call...
USN-2810-1 Kerberos vulnerability | Cloud Foundry
USN-2810-1 Kerberos vulnerability Medium Vendor Kerberos Versions Affected Ubuntu 14.04 Description It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the...
openSUSE Security Update : krb5 (openSUSE-2015-740)
krb5 was updated to fix three security issues. These security issues were fixed : - CVE-2015-2695: Applications which call gssinquirecontext on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process...
Mageia: Security Advisory (MGASA-2015-0446)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MIT Kerberos 5 Buffer Overflow Vulnerability
MIT Kerberos 5 also known as krb5 is the United States Massachusetts Institute of Technology MIT developed a set of network authentication protocols, which uses a client/server structure, and the client and server side can be authenticated to each other i.e., double authentication to prevent...
Updated krb5 packages fix CVE-2015-2698
Updated krb5 packages fix security vulnerabilities: In any MIT krb5 release with the patches for CVE-2015-2696 applied, an application which calls gssexportseccontext may experience memory corruption if the context was established using the IAKERB mechanism. Historically, some vulnerabilities of...
MGASA-2015-0446 Updated krb5 packages fix CVE-2015-2698
Updated krb5 packages fix security vulnerabilities: In any MIT krb5 release with the patches for CVE-2015-2696 applied, an application which calls gssexportseccontext may experience memory corruption if the context was established using the IAKERB mechanism. Historically, some vulnerabilities of...
Security update for krb5 (important)
krb5 was updated to fix three security issues. These security issues were fixed: - CVE-2015-2695: Applications which call gssinquirecontext on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process cras...
MIT krb5 lib/gssapi/krb5/iakerb.c拒绝服务漏洞
No description provided by source...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds. The iakerbgssexportseccontext function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of...
DEBIAN-CVE-2015-2698
The iakerbgssexportseccontext function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service memory corruption or possibly have unspecified other impact by...
Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2810-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2810-1 advisory. It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause...
MIT krb5 lib/gssapi/krb5/iakerb.c denial of service vulnerability
Kerberos is a widely used, super-strong encryption to authenticate client-side and server-side network protocols. A denial of service vulnerability exists in MIT krb5 lib/gssapi/krb5/iakerb.c. A remote attacker can exploit this vulnerability via a constructed IAKERB message to cause a pointer rea...
DSA-3395-2 krb5 - security update
Bulletin has no description...
DEBIAN-CVE-2015-2696
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service incorrect pointer read and process crash via a crafted IAKERB packet that is mishandled during a gssinquirecontext call...
CVE-2015-2696
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service incorrect pointer read and process crash via a crafted IAKERB packet that is mishandled during a gssinquirecontext call...
CVE-2015-2696
MIT Kerberos 5 (krb5) vulnerability CVE-2015-2696 arises from an inappropriate context handle in iakerb.c, enabling remote denial of service via crafted IAKERB packets during gss_inquire_context. IBM CP4S remediation in the connected materials shows affected Cloud Pak for Security versions 1.8.0....
CVE-2015-2696
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service incorrect pointer read and process crash via a crafted IAKERB packet that is mishandled during a gssinquirecontext call...
openSUSE Security Update : krb5 (openSUSE-2015-709)
krb5 was updated to fix three security issues. These security issues were fixed : - CVE-2015-2695: Applications which call gssinquirecontext on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process...