39 matches found
EUVD-2009-0365
Malware in sbrugna...
EUVD-2009-0364
Malware in sbrugna...
EUVD-2023-43994
Malicious code in bioql PyPI...
PT-2023-4089 · Pam Krb5 +2 · Pam Krb5 +2
Name of the Vulnerable Software and Affected Versions: pam krb5 affected versions not specified Description: The issue is related to the incorrect implementation of the authentication algorithm in the pam krb5 module. This allows an attacker to gain unauthorized access to the system by controllin...
CVE-2020-10595
A flaw was found during prompting initiated by the Kerberos library, where an attacker who enters a response exactly as long as the length of the buffer provided by the underlying Kerberos library, causes pam-krb5 to write a single null byte past the end of that buffer. This flaw results in heap...
Ubuntu 16.04 LTS / 18.04 LTS : pam-krb5 vulnerability (USN-4314-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4314-1 advisory. Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. Tenable...
[ASA-202004-5] pam-krb5: arbitrary code execution
Arch Linux Security Advisory ASA-202004-5 ========================================= Severity: Medium Date : 2020-04-01 CVE-ID : CVE-2020-10595 Package : pam-krb5 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1119 Summary ======= The package pam-krb5 before...
CVE-2020-10595
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...
CVE-2020-10595
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...
Buffer overflow
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...
CVE-2020-10595
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...
CVE-2020-10595
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...
CVE-2020-10595
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...
UBUNTU-CVE-2020-10595
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...
CVE-2009-0360
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...
CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...
pam-krb5 < 3.13 Local Privilege Escalation Exploit
No description provided by source. / cve-2009-0360.c pam-krb5 3.13 local privilege escalation Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly...
Scientific Linux Security Update : pam_krb5 on SL3.x i386/x86_64
These updated pam-krb5 packages fix a bug which caused user authentication to fail under certain circumstances. When authenticating a user, if the user's password was expired, the module would attempt to obtain password-changing credentials in order to verify the user's password. When the module...
pam_krb5: Password prompt varies for existent and non-existent users
pamkrb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux RHEL 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
pam-krb5 < 3.13 Local Privilege Escalation Exploit
No description provided by source. / cve-2009-0360.c pam-krb5 3.13 local privilege escalation Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly...