EUVD-2003-0055

Malware in sbrugna...

Plaintext Modification

libkrb5.so is vulnerable to a Plaintext Modification attack. The vulnerability is due to improper modifications in the plaintext Extra Count field of a confidential GSS krb5 wrap token, allowing an attacker to make an unwrapped token appear truncated to the application...

Buffer Overflow

libkrb5.so is vulnerable to Buffer Overflows. A buffer overflow in the RPC library can be exploited by remote attackers to cause a denial of service or an arbitrary code execution. This vulnerability is only exploitable on systems whose unistd.h header file which does not define the FDSETSIZE mac...

Double Free

libkrb5.so is vulnerable to Double Free. The vulnerability exists due to a failure in authorization data handling in the dotgsreq.c, which allows an attacker to cause the Key Distribution Center KDC to free the same pointer twice when incorrect data is copied from one ticket to another...

Debian DSA-4795-1 : krb5 - security update

Demi Obeneour discovered that unbounded recursion in the ASN1 parser of libkrb5 could result in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4795. The text itself is copyright C Software...

Denial Of Service (DoS)

libkrb5.so is vulnerable to denial of service DoS attacks. The vulnerability exists in the krb5gssprocesscontexttoken function of lib/gssapi/krb5/processcontexttoken.c where a terminated security-context handle could be used by authenticated users to cause a Denial of Service DoS attack...

Denial Of Service (DoS)

libkrb5.so is vulnerable to denial of service DoS attacks. The vulnerability exists in the krb5encodekrbsecretkey function of plugins/kdb/ldap/libkdbldap/ldapprincipal2.c where authenticated users can cause DoS attacks through a series of cpw -keepold commands...

Denial Of Service (DoS)

libkrb5.so is vulnerable to denial of service DoS attacks. The vulnerability exists in the krb5encodekrbsecretkey function of plugins/kdb/ldap/libkdbldap/ldapprincipal2.c where authenticated users can cause DoS attacks through a series of cpw -keepold commands...

Denial Of Service (DoS)

libkrb5.so is vulnerable to denial of service DoS attacks. The vulnerability exists in the krb5gssprocesscontexttoken function of lib/gssapi/krb5/processcontexttoken.c where a terminated security-context handle could be used by authenticated users to cause a Denial of Service DoS attack...

Authentication Bypass

libkrb5.so is vulnerable to authentication bypasses. A malicious user can pass a forged krb cert with the right EKU when no SANs is used as no relationship is established between a user and the certificate...

Container Check Bypass

libkrb5.so is vulnerable to checking bypass. It can be done when an authenticated kadmin user with permissions to add principals to an LDAP Kerberos database provides both a linkdn and containerd database argument, or by providing a DN string which is a left extension of a container DN string but...

Denial Of Service (DoS) Through Null Pointer Dereference

libkrb5.so is vulnerable to denial of service DoS through null pointer dereference attacks. The vulnerability exists as a null pointer dereference issue can be caused in kadm5createprincipal3 of svrprincipal.c, leading up to a denial of service DoS...

Denial Of Service (DoS)

libkrb5.so is vulnerable to denial of service DoS through buffer overflow attacks. The vulnerability exists in the getmatchingdata function of krb5 that includes certauth plugin, and subsequently allowing both the CA certificate and the user's certificate to have long subjects, causing a denial o...

CentOS 5 : krb5 (CESA-2014:1245)

Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

RHEL 5 : krb5 (RHSA-2014:1245)

Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

krb5 security and bug fix update

1.6.1-36.el55.3 - add upstream patch to fix a few use-after-free bugs, including one in kadmind CVE-2010-0629, 578185 1.6.1-36.el55.2 - pull changes to libkrb5 to properly handle and chase off-path referrals back from 1.7 574387...

Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1

Ubuntu Update for Linux kernel vulnerabilities USN-511-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5111.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

RHEL 5 : krb5 (RHSA-2008:0164)

Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and serve...

Critical: Red Hat Security Advisory: krb5 security and bugfix update

Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and serve...

CVE-2003-0059

Unknown vulnerability in the chktrans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys...