6 matches found
CVE-2023-25564
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...
CVE-2023-25567 GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information
GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the avpair is not checked properly for two of the elements which can trigger an out-of-bound read. The...
CVE-2023-25565 GSS-NTLMSSP vulnerable to incorrect free when decoding target information
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...
PT-2023-20161 · Unknown +6 · Gss-Ntlmssp +6
Name of the Vulnerable Software and Affected Versions: GSS-NTLMSSP versions prior to 1.2.0 Description: GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit...
CVE-2001-0016
NTLM Security Support Provider NTLMSSP service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access...
Security Bulletin MS01-008
--------------------------------------------------------------------- Title: NTLMSSP Privilege Elevation Vulnerability Date: 07 February 2001 Software: Windows NT 4.0 Impact: Privilege Elevation Bulletin: MS01-008 Microsoft encourages customers to review the Security Bulletin at:...