Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : krb5-1.10.3-10.AXS4.3 (AXSA:2013-483:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-483:04 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending...

5CVSS7.5AI score0.1463EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 3 : krb5-1.6.1-70.AXS3.2 (AXSA:2013-533:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-533:01 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending...

5CVSS7.5AI score0.1463EPSS
Exploits2References2
Rosalinux
Rosalinux
added 2024/07/15 9:4 a.m.39 views

Advisory ROSA-SA-2024-2451

Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3 CVE-ID: CVE-2020-25722 BDU-ID: 2022-00004 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Active Directory Domain Controller component of the Samba networking software package is caused by a buffer overflow...

9.8CVSS8.1AI score0.74042EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that triggers a communication loop, as...

5CVSS6.9AI score0.06485EPSS
Exploits0References6
NVD
NVD
added 2022/08/25 6:15 p.m.13 views

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

8.8CVSS0.00965EPSS
Exploits0References2
OSV
OSV
added 2022/08/25 12:0 a.m.29 views

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

8.8CVSS3.8AI score0.00965EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/25 12:0 a.m.5 views

The vulnerability of the KDC kpasswd service in the Samba networking software allows a hacker to elevate their privileges within the system.

The vulnerability of the KDC kpasswd service in the Samba networking software package is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to elevate privileges within the system...

5.5CVSS6.5AI score0.00965EPSS
Exploits0References14Affected Software14
AlpineLinux
AlpineLinux
added 2022/08/25 12:0 a.m.27 views

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

8.8CVSS8.6AI score0.00965EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/07/27 3:54 p.m.44 views

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

8.8CVSS3.8AI score0.00965EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.11 views

PT-2022-4426 · Samba +6 · Samba +6

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A flaw in Samba occurs when the KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. This issue is related to the authentication...

9.8CVSS7AI score0.74265EPSS
Exploits15References193
Veracode
Veracode
added 2019/01/15 8:54 a.m.34 views

Denial Of Service (DoS)

krb5 is vulnerable to denial of service DoS attacks. The vulnerability exists as schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and...

5CVSS5.2AI score0.06485EPSS
Exploits0References14Affected Software1
Amazon
Amazon
added 2013/07/12 12:0 a.m.47 views

Medium: krb5

Issue Overview: It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server,...

5CVSS8.2AI score0.06485EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/06/12 4:46 p.m.5 views

krb5: UDP ping-pong flaw in kpasswd

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that triggers a communication loop, as...

5CVSS7.3AI score0.06485EPSS
Exploits0References4
OSV
OSV
added 2013/06/06 12:24 p.m.13 views

MGASA-2013-0161 Updated krb5 packages fix security vulnerability

The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack CVE-2002-2443...

5CVSS6.1AI score0.06485EPSS
Exploits0References3
Mageia
Mageia
added 2013/06/06 12:24 p.m.36 views

Updated krb5 packages fix security vulnerability

The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack CVE-2002-2443...

5CVSS2AI score0.06485EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/06/04 12:0 a.m.54 views

FreeBSD : krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] (e3f64457-cccd-11e2-af76-206a8a720317)

No advisory has been released yet. schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that...

5CVSS7.3AI score0.06485EPSS
Exploits0References3
NVD
NVD
added 2013/05/29 2:29 p.m.23 views

CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that triggers a communication loop, as...

5CVSS6.3AI score0.06485EPSS
Exploits0References12
OSV
OSV
added 2013/05/29 2:29 p.m.1 views

DEBIAN-CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that triggers a communication loop, as...

5CVSS6.9AI score0.06485EPSS
Exploits0References1
CVE
CVE
added 2013/05/29 10:0 a.m.255 views

CVE-2002-2443

CVE-2002-2443 affects MIT Kerberos 5 (krb5) kadmind, specifically the kpasswd service, where schpw.c does not validate incoming UDP packets. This can allow a remote attacker to cause a denial of service via a forged UDP packet that triggers a packet/communication loop, consuming CPU and bandwidth...

5CVSS5.3AI score0.06485EPSS
Exploits0References12Affected Software1
Debian CVE
Debian CVE
added 2013/05/29 10:0 a.m.49 views

CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that triggers a communication loop, as...

5CVSS6.5AI score0.06485EPSS
Exploits0
Rows per page
Query Builder