Lucene search
K

53 matches found

OSV
OSV
added 2017/01/30 9:59 p.m.1 views

UBUNTU-CVE-2016-2517

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service prevent subsequent authentication by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE:...

5.3CVSS6.8AI score0.08823EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/10/18 11:9 a.m.8 views

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

5.5CVSS6.7AI score0.00582EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/10/04 9:8 p.m.6 views

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

5.5CVSS6.7AI score0.00582EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/08/23 4:11 p.m.3 views

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

5.5CVSS6.7AI score0.00582EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/08/02 6:21 p.m.5 views

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

5.5CVSS6.7AI score0.00582EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/08/02 1:52 p.m.4 views

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

5.5CVSS6.7AI score0.00582EPSS
Exploits0References4
CNVD
CNVD
added 2016/04/28 12:0 a.m.4 views

ntpd design flaws

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. A security vulnerability in ntpd version 4.x prior to 4.2.8p7 and version 4.3 prior to 4.3.92 stems from the program failing to...

5.3CVSS7.9AI score0.08823EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/05 12:0 a.m.4 views

Wireshark RSVP Parser Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. In Wireshark version 2.0.x prior to 2.0.1 and version 1.12.x prior to 1.12.9, the function dissectrsvpcommon within epan/dissectors/packet-rsvp.c in the RSVP parser does not correctly retain the request-key data, which can be exploited to cau...

5.5CVSS7.5AI score0.04384EPSS
Exploits1References1
OSV
OSV
added 2016/01/04 5:59 a.m.5 views

UBUNTU-CVE-2015-8727

The dissectrsvpcommon function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service use-after-free and application crash via a crafted...

5.5CVSS6.4AI score0.04384EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2016/01/04 2:0 a.m.23 views

CVE-2015-8727

The dissectrsvpcommon function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service use-after-free and application crash via a crafted...

5.5CVSS5.4AI score0.04384EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.18 views

MDVA-2009:025 : keyutils

This update fixes two minor issues with keyutils. request-key was installed in /usr/sbin while the kernel expect it in /sbin directory. keyctl was installed in /usr/bin instead of /bin. This update also add lines to /etc/request-key.conf for cifs.upcall required for krb5 support for mount.cifs...

6.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2005/10/27 3:9 p.m.8 views

security flaw

Memory leak in the requestkeyauthdestroy function in requestkeyauth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service memory consumption via a large number of authorization token keys...

2.1CVSS5.7AI score0.0039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2005/10/11 12:0 a.m.5 views

PT-2005-3947 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.10 through 2.6.13 Description: The issue is related to a memory leak in the request key auth destroy function within the request key auth component of the Linux kernel. This leak allows local users to cause a denial ...

5CVSS4.1AI score0.03542EPSS
Exploits1References181
Rows per page
Query Builder