MIT Kerberos 5 kpasswd UDP Packet DoS Vulnerability

MIT Kerberos is prone to a denial of service DoS vulnerability. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

krb5 security update

1.10.3-10.3 - pull up fix for UDP ping-pong flaw in kpasswd service CVE-2002-2443,...

QNAP VioStor NVR / QNAP NAS Devices RCE Vulnerability (Jun 2013) - Active Check

QNAP VioStor NVR / QNAP NAS devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

Updated krb5 packages fix security vulnerability

The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack CVE-2002-2443...

MGASA-2013-0161 Updated krb5 packages fix security vulnerability

The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack CVE-2002-2443...

FreeBSD : krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] (e3f64457-cccd-11e2-af76-206a8a720317)

No advisory has been released yet. schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that...

Command injection

The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge adb to establish a USB connection, dialing 3845973, modifying the WLAN Test Wi-Fi Ping Test/User Command...

Fedora 19 : krb5-1.11.2-6.fc19 (2013-8113)

This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind CVE-2002-2443, and modifies the client library to treat KRB5CCNAME values which begin with 'DIR::' in a way that's almost the same as the way it treats values which begin with 'DIR:'...

LG Optimus G Command Injection

Device: LG Optimus G E973 Others affected Firmware: Android 4.1.2 JZO54k Others affected Evidence: http://youtu.be/ZfbDIpTY-t4 A vulnerability in LG's "HiddenMenu" allows you to execute shell commands as the system, with a large array of additional permissions Groups. This vulnerability opens up...

Fedora 17 : krb5-1.10.2-12.fc17 (2013-8219)

This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind CVE-2002-2443. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically cle...

Fedora 18 : krb5-1.10.3-17.fc18 (2013-8212)

This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind CVE-2002-2443. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically cle...

Mandriva Linux Security Advisory : krb5 (MDVSA-2013:166)

A vulnerability has been discovered and corrected in krb5 : The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack CVE-2002-2443. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

D-Link DIR-615H - OS Command Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'D-Link DIR615h OS Command Injection',...

D-Link DIR615h OS Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'D-Link DIR615h OS Command Injection',...

D-Link DIR615h OS Command Injection Vulnerability

Some D-Link Routers are vulnerable to an authenticated OS command injection on their web interface, where default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload...

Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root

!/bin/sh + Glibc /tmp/payload.c /dev/null echo "+ Filling the lib file with lib contents." cat /tmp/exploit /lib/sploit.so rm /tmp/payload.c /tmp/exploit echo "+ Executing payload.." LDAUDIT="sploit.so" ping...

Security fix for the ALT Linux 9 package krb5 version 1.11.2-alt2

May 14, 2013 Ivan A. Melnikov 1.11.2-alt2 - add patch 23 from upstream git to fix kpasswd udp ping-pong CVE-2002-2443...

Security fix for the ALT Linux 8 package krb5 version 1.11.2-alt2

May 14, 2013 Ivan A. Melnikov 1.11.2-alt2 - add patch 23 from upstream git to fix kpasswd udp ping-pong CVE-2002-2443...

Security fix for the ALT Linux 7 package krb5 version 1.11.2-alt2

May 14, 2013 Ivan A. Melnikov 1.11.2-alt2 - add patch 23 from upstream git to fix kpasswd udp ping-pong CVE-2002-2443...

D-Link DIR615h OS Command Injection

Some D-Link Routers are vulnerable to an authenticated OS command injection on their web interface, where default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload...