Azure Linux 3.0 Security Update: gssntlmssp (CVE-2023-25565)

The version of gssntlmssp installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25565 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to...

UBUNTU-CVE-2023-53320

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...

CVE-2023-53320

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...

kernel: scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...

kernel: scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo The function mpi3mrgetalltgtinfo has four issues: 1 It calculates valid entry length in alltgtinfo assuming the header part of the struct mpi3mrdevicemapinfo would equal to sizeofu3...

gssntlmssp: out-of-bounds read when decoding target information

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. It has an out-of-bounds read when decoding target information. The length of the avpair is not checked properly for two of the elements, which can trigger an out-of-bounds read via the...

Updated gssntlmssp packages fix security vulnerability

Multiple out-of-bounds read when decoding NTLM fields. CVE-2023-25563 Memory corruption when decoding UTF16 strings. CVE-2023-25564 Incorrect free when decoding target information. CVE-2023-25565 Memory leak when parsing usernames. CVE-2023-25566 Out-of-bounds read when decoding target informatio...

OESA-2023-1116 gssntlmssp security update

Implementing the GSSAPI mechanism of NTLMSSP. Security Fixes: GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could caus...

SUSE CVE-2023-25565

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...

AZL-43606 CVE-2023-25565 affecting package gssntlmssp 0.9.0-2

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...

AZL-45279 CVE-2023-25565 affecting package gssntlmssp for versions less than 1.3.1-1

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...

UBUNTU-CVE-2023-25567

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the avpair is not checked properly for two of the elements which can trigger an out-of-bound read. The...

UBUNTU-CVE-2023-25565

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...

GSS-NTLMSSP 安全漏洞

GSS-NTLMSSP is gssapi open source mechglue plugin that implements NTLM authentication GSSAPI library . GSS-NTLMSSP 1.2.0 before the version of a security vulnerability , the vulnerability stems from the decoding of the target information when the wrong release will trigger a denial of service , a...

VulnX - CMS And Vulnerabilites Detector And An Intelligent Auto Shell Injector

Vulnx is a cms and vulnerabilites detection, an intelligent auto shell injector, fast cms detection of target and fast scanner and informations gathering like subdomains, ipaddresses, country, org, timezone, region, ans and more ... Instead of injecting shell and checking it works like all the...

Target Information

Publishes the target information of the starting url as evaluated by the scan. No source data...

Atftpd 0.6 - Remote Root Exploit (atftpdx.c)

No description provided by source. / PoC linux/86 remote exploit against atftpd c gunzip FIXED / include stdio.h include stdlib.h include unistd.h include string.h include netdb.h include sys/types.h include sys/socket.h include netinet/in.h include arpa/inet.h include signal.h define HEAPSTART...

PoPToP PPTP <= 1.1.4-b3 Remote Root Exploit (poptop-sane.c)

No description provided by source. / Fixed Exploit against PoPToP in Linux poptop-sane.c ./r4nc0rwh0r3 of blightninjas [email protected] blightninjas: bringing pain, suffering, and humiliation to the security world Expect more great release like helloworld-annotated.c and cd explained...

snmp-interfaces NSE Script

Attempts to enumerate network interfaces through SNMP. This script can also be run during Nmap's pre-scanning phase and can attempt to add the SNMP server's interface addresses to the target list. The script argument snmp-interfaces.host is required to know what host to probe. To specify a port f...

WIDCOMM Bluetooth Software &lt; 3.0 - Remote Buffer Overflow

--- ussp-push-0.4/obexmain.c 2005-06-01 18:32:59.000000000 -0400 +++ ussp-push-0.4-kf/obexmain.c 2005-12-03 11:49:32.000000000 -0500 @@ -1,4 +1,10 @@ / + http://www.digitalmunition.com + Moded by KF kflistsatdigitalmunitiondotcom to exploit the Widcomm Overflows from PenTest. +...