krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)

It was found that the MIT Kerberos administration server kadmind incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal such as "kad/x" could use this flaw to impersonate any user t...

krb5: multiple issues

CVE-2014-5352 authenticated remote code execution: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in...

[SECURITY] [DLA 146-1] krb5 security update

Package : krb5 Version : 1.8.3+dfsg-4squeeze9 CVE ID : CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos: CVE-2014-5352 Incorrect memory management in the libgssapikrb5 library might result in denial of...