12 matches found
EUVD-2010-3998
Malware in sbrugna...
openSUSE Security Update : krb5 (openSUSE-SU-2011:0111-1)
Multiple KDC DoS vulnerabilities if used with LDAP backends have been fixed in krb5. CVE-2011-0281 and CVE-2011-0282 have been assigned. Additionally a DoS vulnerability in kpropd has been fixed. CVE-2010-4022 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...
Oracle Linux 6 : krb5 (ELSA-2011-0200)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0200 advisory. - add upstream patches to fix standalone kpropd exiting if the per-client child process exits with an error, and hang or crash in the KDC when using th...
openSUSE Security Update : krb5 (openSUSE-SU-2011:0111-1)
Multiple KDC DoS vulnerabilities if used with LDAP backends have been fixed in krb5. CVE-2011-0281 and CVE-2011-0282 have been assigned. Additionally a DoS vulnerability in kpropd has been fixed. CVE-2010-4022 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...
FreeBSD : krb5 -- MITKRB5-SA-2011-001, kpropd denial of service (64f24a1e-66cf-11e0-9deb-f345f3aa24f0)
An advisory published by the MIT Kerberos team says : The MIT krb5 KDC database propagation daemon kpropd is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause...
MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-001 MIT krb5 Security Advisory 2011-001 Original release: 2011-02-08 Last update: 2011-02-08 Topic: kpropd denial of service CVE-2010-4022 CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C CVSSv2 Base Score: 5 Access Vector:...
MIT Kerberos 5 security vulnerabilities
kpropd and KDC DoS...
DEBIAN-CVE-2010-4022
The dostandalone function in the MIT krb5 KDC database propagation daemon kpropd in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service listening process...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation. The dostandalone function in the MIT krb5 KDC database propagation daemon kpropd in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits...
CVE-2010-4022
CVE-2010-4022 affects MIT Kerberos 5 KDC (kpropd) in standalone mode; a worker child that exits abnormally is not handled correctly, enabling remote DoS (termination of the listening process, no new connections, and stale slave updates). The linked MiracleLinux AXSA-2011-37 advisory notes CVE-201...
krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
The dostandalone function in the MIT krb5 KDC database propagation daemon kpropd in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service listening process...
krb5 -- MITKRB5-SA-2011-001, kpropd denial of service
An advisory published by the MIT Kerberos team says: The MIT krb5 KDC database propagation daemon kpropd is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause t...