SUSE CVE-2007-3999

Stack-based buffer overflow in the svcauthgssvalidate function in lib/rpc/svcauthgss.c in the RPCSECGSS RPC library librpcsecgss in MIT Kerberos 5 krb5 1.4 through 1.6.2, as used by the Kerberos administration daemon kadmind and some third-party applications that use krb5, allows remote attackers...

SLES10: Security update for librpcsecgss

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: librpcsecgss More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at http://download.novell.com/patch/finder/...

SLES10: Security update for librpcsecgss

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: librpcsecgss More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText:...

Mandriva Update for librpcsecgss MDKSA-2007:181 (librpcsecgss)

Check for the Version of librpcsecgss OpenVAS Vulnerability Test Mandriva Update for librpcsecgss MDKSA-2007:181 librpcsecgss Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Mandriva Update for librpcsecgss MDKSA-2007:181 (librpcsecgss)

Check for the Version of librpcsecgss OpenVAS Vulnerability Test Mandriva Update for librpcsecgss MDKSA-2007:181 librpcsecgss Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Ubuntu: Security Advisory (USN-511-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-2

Ubuntu Update for Linux kernel vulnerabilities USN-511-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN5112.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-511-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1

Ubuntu Update for Linux kernel vulnerabilities USN-511-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5111.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Gentoo Security Advisory GLSA 200710-01 (librcpsecgss)

The remote host is missing updates announced in advisory GLSA 200710-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200710-01 (librcpsecgss)

The remote host is missing updates announced in advisory GLSA 200710-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1387-1 (librpcsecgss)

The remote host is missing an update to librpcsecgss announced via advisory DSA 1387-1. OpenVAS Vulnerability Test $Id: deb13871.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1387-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-1387-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 10 Security Update : librpcsecgss (ZYPP Patch Number 4601)

This update fixes a security problem in the librpcsecgss library used by NFSv4 also found in krb5. A invalid packet could underflow and potentially cause memory corruption and code execution. CVE-2007-3999 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is...

openSUSE 10 Security Update : librpcsecgss (librpcsecgss-4600)

This update fixes a security problem in the librpcsecgss library used by NFSv4 also found in krb5. A invalid packet could underflow and potentially cause memory corruption and code execution. CVE-2007-3999 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5, librpcsecgss vulnerability (USN-511-1)

It was discovered that the libraries handling RPCSECGSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the...

Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5, librpcsecgss vulnerability (USN-511-2)

USN-511-1 fixed vulnerabilities in krb5 and librpcsecgss. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. It was discovered that the libraries handling RPCSECGSS did not correctly validate the size of certain...

Debian DSA-1387-1 : librpcsecgss - buffer overflow

It has been discovered that the original patch for a buffer overflow in svcauthgss.c in the RPCSECGSS RPC library in MIT Kerberos 5 CVE-2007-3999, DSA-1368-1 was insufficient to protect from arbitrary code execution in some environments. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 1387-1] New librpcsecgss packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1387 [email protected] http://www.debian.org/security/ Florian Weimer October 15th, 2007 http://www.debian.org/security/faq -...

RPCSEC_GSS library: Buffer overflow

Background librpcsecgss is an implementation of RPCSECGSS for secure RPC communications. Description A stack based buffer overflow has been discovered in the svcauthgssvalidate function in file lib/rpc/svcauthgss.c when processing an overly long string in a RPC message. Impact A remote attacker...