3733 matches found
mit-krb5: Heap overflow in libkadm5srv
Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing. Impact Under specific...
CVE-2004-1189
The CVE-2004-1189 issue affects MIT Kerberos 5 (krb5) up to version 1.3.5. The add_to_history function in svr_principal.c during a password change fails to properly track the password policy history count and the maximum number of keys, which can lead to an array index out-of-bounds and a heap-ba...
CVE-2004-1189
The addtohistory function in svrprincipal.c in libkadm5srv for MIT Kerberos 5 krb5 up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow...
CVE-2004-1189
The addtohistory function in svrprincipal.c in libkadm5srv for MIT Kerberos 5 krb5 up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow...
CVE-2004-1189
The addtohistory function in svrprincipal.c in libkadm5srv for MIT Kerberos 5 krb5 up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow...
MITKRB5-SA-2004-004: heap overflow in libkadm5srv
-----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-004 Original release: 2004-12-20 Topic: heap buffer overflow in libkadm5srv Severity: serious SUMMARY ======= The MIT Kerberos 5 administration library libkadm5srv contains a heap buffer overflow in password history handling code...
MIT Kerberos 5 buffer overflow
Buffer overflow on password history check during password change...
krb5 -- heap buffer overflow vulnerability in libkadm5srv
A MIT krb5 Security Advisory reports: The MIT Kerberos 5 administration library libkadm5srv contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center KDC host. The overflow occurs during a password change of a...
Multiple MIT Kerberos bugs
Multiple double free problems, DoS...
Debian DSA-568-1 : cyrus-sasl-mit - unsanitised input
A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASLPATH blindly, which allows a local user to...
MIT krb5: Insecure temporary file use in send-pr.sh
Background MIT krb5 is the free implementation of the Kerberos network authentication protocol written by the Massachusetts Institute of Technology. Description The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could creat...
GLSA-200410-24 : MIT krb5: Insecure temporary file use in send-pr.sh
The remote host is affected by the vulnerability described in GLSA-200410-24 MIT krb5: Insecure temporary file use in send-pr.sh The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the...
CVE-2004-0772
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 krb5 1.2.8 and earlier may allow remote attackers to execute arbitrary code...
CVE-2004-0772
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 krb5 1.2.8 and earlier may allow remote attackers to execute arbitrary code...
CVE-2004-0772
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 krb5 1.2.8 and earlier may allow remote attackers to execute arbitrary code...
Debian DSA-543-1 : krb5 - several vulnerabilities
The MIT Kerberos Development Team has discovered a number of vulnerabilities in the MIT Kerberos Version 5 software. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-0642 VU795632 A double-free error may allow unauthenticated remote attackers ...
CVE-2004-0643
Double free vulnerability in the krb5rdcred function for MIT Kerberos 5 krb5 1.3.1 and earlier may allow local users to execute arbitrary code...
CVE-2004-0642
Double free vulnerabilities in the error handling code for ASN.1 decoders in the 1 Key Distribution Center KDC library and 2 client library for MIT Kerberos 5 krb5 1.3.4 and earlier may allow remote attackers to execute arbitrary code...
CVE-2004-0643
Double free vulnerability in the krb5rdcred function for MIT Kerberos 5 krb5 1.3.1 and earlier may allow local users to execute arbitrary code...
CVE-2004-0644
The asn1bufskiptail function in the ASN.1 decoder library for MIT Kerberos 5 krb5 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service infinite loop via a certain BER encoding...