Lucene search
K

6 matches found

NVD
NVD
added 2023/02/14 6:15 p.m.12 views

CVE-2023-25564

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

8.2CVSS7.3AI score0.01942EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/14 5:35 p.m.5 views

CVE-2023-25567 GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the avpair is not checked properly for two of the elements which can trigger an out-of-bound read. The...

7.5CVSS7.6AI score0.01103EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/14 5:35 p.m.3 views

CVE-2023-25565 GSS-NTLMSSP vulnerable to incorrect free when decoding target information

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...

7.5CVSS7.6AI score0.01103EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.3 views

PT-2023-20161 · Unknown +6 · Gss-Ntlmssp +6

Name of the Vulnerable Software and Affected Versions: GSS-NTLMSSP versions prior to 1.2.0 Description: GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit...

8.2CVSS7.5AI score0.01942EPSS
Exploits0References52
Cvelist
Cvelist
added 2001/05/07 4:0 a.m.20 views

CVE-2001-0016

NTLM Security Support Provider NTLMSSP service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access...

6.5AI score0.02074EPSS
Exploits0References4
securityvulns
securityvulns
added 2001/02/08 12:0 a.m.47 views

Security Bulletin MS01-008

--------------------------------------------------------------------- Title: NTLMSSP Privilege Elevation Vulnerability Date: 07 February 2001 Software: Windows NT 4.0 Impact: Privilege Elevation Bulletin: MS01-008 Microsoft encourages customers to review the Security Bulletin at:...

1.5AI score
Exploits0
Rows per page
Query Builder