7 matches found
Ubuntu 16.04 ESM / 18.04 ESM : Kerberos vulnerability (USN-6467-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6467-1 advisory. Robert Morris discovered that Kerberos did not properly handle memory access when processing RPC data through kadmind, which could lead to the freeing...
OESA-2023-1526 krb5 security update
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. ...
CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...
CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...
Design/Logic Flaw
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...
CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...
CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...