Solaris 10 (x86) : 126837-01

SunOS 5.10x86: rpcsecgss patch. Date this patch was last updated by Sun : Jun/25/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 10 (sparc) : 123809-02

SunOS 5.10: rpcsecgss patch. Date this patch was last updated by Sun : Jun/25/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

krb5 security update

CentOS Errata and Security Advisory CESA-2015:0439 Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

Oracle Linux 5 : Important: / krb5 (ELSA-2007-0858)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0858 advisory. 1.5-28 - add preliminary patch to fix buffer overflow in rpcsecgss implementation in libgssrpc 250973, CVE-2007-3999 and write through uninitialized...

Solaris Update for rpcsec_gss 126929-02

Check for the Version of rpcsecgss OpenVAS Vulnerability Test Solaris Update for rpcsecgss 126929-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Solaris Update for rpcsec_gss 126928-02

Check for the Version of rpcsecgss OpenVAS Vulnerability Test Solaris Update for rpcsecgss 126928-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Solaris Update for rpcsec_gss 126929-02

Check for the Version of rpcsecgss OpenVAS Vulnerability Test Solaris Update for rpcsecgss 126929-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Solaris Update for rpcsec_gss 126928-02

Check for the Version of rpcsecgss OpenVAS Vulnerability Test Solaris Update for rpcsecgss 126928-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1

Ubuntu Update for Linux kernel vulnerabilities USN-511-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5111.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Debian Security Advisory DSA 1276-1 (krb5)

The remote host is missing an update to krb5 announced via advisory DSA 1276-1. Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. The Common...

Debian Security Advisory DSA 1387-1 (librpcsecgss)

The remote host is missing an update to librpcsecgss announced via advisory DSA 1387-1. OpenVAS Vulnerability Test $Id: deb13871.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1387-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow

Added: 12/03/2007 CVE: CVE-2007-3999 BID: 25534 OSVDB: 37324 Background Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol. Problem A buffer overflow in the svcauthgssvalidate...

MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow

Added: 12/03/2007 CVE: CVE-2007-3999 BID: 25534 OSVDB: 37324 Background Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol. Problem A buffer overflow in the svcauthgssvalidate...

Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5, librpcsecgss vulnerability (USN-511-1)

It was discovered that the libraries handling RPCSECGSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the...

GLSA-200710-01 : RPCSEC_GSS library: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200710-01 RPCSECGSS library: Buffer overflow A stack based buffer overflow has been discovered in the svcauthgssvalidate function in file lib/rpc/svcauthgss.c when processing an overly long string in a RPC message. Impact : A remo...

RPCSEC_GSS library: Buffer overflow

Background librpcsecgss is an implementation of RPCSECGSS for secure RPC communications. Description A stack based buffer overflow has been discovered in the svcauthgssvalidate function in file lib/rpc/svcauthgss.c when processing an overly long string in a RPC message. Impact A remote attacker...

CVE-2007-4743

The original patch for CVE-2007-3999 in svcauthgss.c in the RPCSECGSS RPC library in MIT Kerberos 5 krb5 1.4 through 1.6.2, as used by the Kerberos administration daemon kadmind and other applications that use krb5, does not correctly check the buffer length in some environments and architectures...

CVE-2007-4743

The CVE-2007-4743 entry concerns MIT Kerberos 5 (krb5) RPCSEC_GSS: in versions 1.4 through 1.6.2, the patch for CVE-2007-3999 does not properly check buffer lengths in svc_auth_gss.c, which may allow a remote attacker to trigger a buffer overflow. Affected components include krb5’s RPC library us...

CVE-2007-3999

CVE-2007-3999 is a stack-based buffer overflow in MIT Kerberos 5 (krb5) lib/rpc/svc_auth_gss.c (svcauth_gss_validate) used by rpcsec_gss in krb5 1.4–1.6.2, including kadmind. A long RPC message string can crash the daemon and may enable remote code execution. Affected products include krb5 deploy...

CVE-2007-3999

Stack-based buffer overflow in the svcauthgssvalidate function in lib/rpc/svcauthgss.c in the RPCSECGSS RPC library librpcsecgss in MIT Kerberos 5 krb5 1.4 through 1.6.2, as used by the Kerberos administration daemon kadmind and some third-party applications that use krb5, allows remote attackers...