21 matches found
MiracleLinux 3 : krb5-1.6.1-17AXS3.1 (AXSA:2008-153:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-153:02 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...
EUVD-2007-5446
Malware in sbrugna...
EUVD-2011-2690
Malware in sbrugna...
RHEL 6 : libgssapi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their...
RHEL 4 : libgssapi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their...
RHEL 5 : libgssapi (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their...
CVE-2007-5471
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service daemon exit via a GSS-TSIG request. NOTE: this issue probably affects other daemons that...
libgssapi / libgssglue privilege escalation
Insecure getenv usage...
DEBIAN-CVE-2011-2709
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...
CVE-2011-2709
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...
Code injection
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...
CVE-2011-2709
CVE-2011-2709 affects libgssapi and libgssglue prior to 0.4, enabling a local user to load untrusted configuration files via the GSSAPI_MECH_CONF environment variable (demonstrated with mount.nfs). Connected advisories confirm vendor-provided patches exist (Ubuntu USN-1612-1; Mandriva MDVSA-2013:...
CVE-2011-2709
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...
CVE-2011-2709
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...
SuSE 10 Security Update : libgssapi (ZYPP Patch Number 7541)
This update fixes insecure getenv usage, which could be used under some circumstances by local attackers do gain root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SuSE 10 Security Update : libgssapi (ZYPP Patch Number 7544)
This update fixes insecure getenv usage, which could be used under some circumstances by local attackers do gain root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Default configuration
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service daemon exit via a GSS-TSIG request. NOTE: this issue probably affects other daemons that...
CVE-2007-5471
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service daemon exit via a GSS-TSIG request. NOTE: this issue probably affects other daemons that...
CVE-2007-5471
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service daemon exit via a GSS-TSIG request. NOTE: this issue probably affects other daemons that...
CVE-2007-5471
CVE-2007-5471 affects libgssapi before 0.6-13.7 used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP1. The library terminates on an initialization error, allowing remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. The issue probably affects othe...