Mandriva Security Advisory MDVSA-2009:098-1 (krb5)

The remote host is missing an update to krb5 announced via advisory MDVSA-2009:098-1. OpenVAS Vulnerability Test $Id: mdksa20090981.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:098-1 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

MIT Kerberos NegTokenInit令牌处理远程拒绝服务漏洞

BUGTRAQ ID: 34257 CVECAN ID: CVE-2009-0845 Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。 Kerberos 5的src/lib/gssapi/spnego/spnegomech.c文件中的spnegogssacceptseccontext 函数存在空指针引用错误，如果远程攻击者在认证过程中发送了带有特制ContextFlags标记的NegTokenInit令牌就可以触发这个漏洞，导致守护程序崩溃。 MIT Kerberos 5 1.6.3 厂商补...

CVE-2009-0845

The spnegogssacceptseccontext function in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via invalid ContextFlags data in the reqFlags field in a...

CVE-2004-0119

CVE-2004-0119 describes a remote code execution and potential denial-of-service vulnerability in the Negotiate Security Support Provider (SSP) interface used by SPNEGO authentication in Windows 2000, Windows XP, and Windows Server 2003. The flaw is a buffer overrun in processing authentication pr...

PT-2004-1310 · Microsoft · Windows 2000 +2

Name of the Vulnerable Software and Affected Versions: Windows 2000 Windows XP Windows Server 2003 Description: The issue allows remote attackers to cause a denial of service or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. This can be...