SUSE: Security Advisory for krb5 (SUSE-SU-2015:0257-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)

An information disclosure flaw was found in the way MIT Kerberos RPCSECGSS implementation libgssrpc handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application...

krb5: multiple issues

CVE-2014-5352 authenticated remote code execution: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in...

Updated krb5 packages fix security vulnerabilities

Updated krb5 packages fix security vulnerabilities: Incorrect memory management in the libgssapikrb5 library might result in denial of service or the execution of arbitrary code CVE-2014-5352. Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the...

SuSE 11.3 Security Update : krb5 (SAT Patch Number 10282)

krb5 has been updated to fix four security issues : - gssprocesscontexttoken incorrectly frees context bsc912002. CVE-2014-5352 - kadmind doubly frees partial deserialization results bsc912002. CVE-2014-9421 - kadmind incorrectly validates server principal name bsc912002. CVE-2014-9422 - libgssrp...

MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2015-001 MIT krb5 Security Advisory 2015-001 Original release: 2015-02-03 Last update: 2015-02-03 Topic: Vulnerabilities in kadmind, libgssrpc, gssprocesscontexttoken VU540092 CVE-2014-5352: gssprocesscontexttoken incorrectly frees context...

[SECURITY] [DLA 146-1] krb5 security update

Package : krb5 Version : 1.8.3+dfsg-4squeeze9 CVE ID : CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos: CVE-2014-5352 Incorrect memory management in the libgssapikrb5 library might result in denial of...

MIT krb5 kadmind libgssrpc service application information disclosure vulnerability

Kerberos is a network authentication protocol that provides user authentication using a ticket-based system for client-server systems.MIT Kerberos 5 is an open source Kerberos implementation. MIT krb5 kadmind contains a security vulnerability in the libgssrpc service application that can lead to...

FreeBSD : krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 (24ce5597-acab-11e4-a847-206a8a720317)

SO-AND-SO reports : CVE-2014-5352: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in use-after-free and...

Debian DSA-3153-1 : krb5 - security update

Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos : - CVE-2014-5352 Incorrect memory management in the libgssapikrb5 library might result in denial of service or the execution of arbitrary code. - CVE-2014-9421 Incorrect memory management in kadmind's processing...

krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092

MIT krb5 Security Advisory 2015-001 reports: CVE-2014-5352: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will resu...

Oracle Linux 5 : Important: / krb5 (ELSA-2007-0858)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0858 advisory. 1.5-28 - add preliminary patch to fix buffer overflow in rpcsecgss implementation in libgssrpc 250973, CVE-2007-3999 and write through uninitialized...

CVE-2008-0948

CVE-2008-0948 is described in Red Hat’s RHSA-2008:0181 as a vulnerability in the MIT Kerberos 5 RPC library where a buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) can be triggered on systems where unistd.h does not define FD_SETSIZE. This could allow a remote attacker to crash the ...

MIT Kerberos contains array overrun in RPC library used by kadmind

Overview Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. Description The MIT krb5 Kerberos implementation includes a GSS RPC library used in the Kerberos administration server kadmind. Two flaws exist ...