6 matches found
EUVD-2001-1424
Malware in sbrugna...
Critical: Red Hat Security Advisory: krb5-appl security update
Updated krb5-appl packages that fix one security issue are now available for Red Hat Enterprise Linux 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which give...
krb5: telnet client and server encrypt_keyid heap-based buffer overflow
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications aka krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as...
Unauthorized access via krb5-telnet daemon
The telnet daemon telnetd in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882...
Kerberos Telnet protocol does not adequately protect authentication and encryption options
Overview A vulnerability exists in the Telnet Authentication Option and Telnet Data Encryption Option specifications. An ordered list of authentication and encryption options sent from the server to client during negotiation is not cryptographically protected. As a result, an attacker may be able...
CVE-2001-1444
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V Heimdal, does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack...