SUSE CVE-2010-4021

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...

SUSE CVE-2011-1530

The processtgsreq function in dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via a crafted TGS request that triggers an error other than the...

USN-5174-2: Samba regression | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information:...

USN-5174-2: Samba regression

USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/showbug.cgi?id=14922 This update fixes the problem. Original advisory...

USN-5174-2 samba regression

USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/showbug.cgi?id=14922 This update fixes the problem. Original advisory...

Ubuntu: Security Advisory (USN-5142-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2128-1 : openjdk-7 security update

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. For Debian 8 'Jessie', these problems have been fixed in version 7u251-2.6.21-1deb8u1. We recommend...

Debian DSA-4621-1 : openjdk-8 - security update

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

USN-2810-1 Kerberos vulnerability | Cloud Foundry

USN-2810-1 Kerberos vulnerability Medium Vendor Kerberos Versions Affected Ubuntu 14.04 Description It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the...

Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2810-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2810-1 advisory. It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause...

USN-2810-1 krb5 vulnerabilities

It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. CVE-2002-2443 It was discovered that Kerberos...

Oracle Linux 6 : krb5 (ELSA-2011-1790)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-1790 advisory. 1.9-22.1 - add candidate patch to fix a NULL pointer dereference while processing TGS requests MITKRB5-SA-2011-007, 754046 Tenable has extracted the preceding...

krb5 security update

1.10.3-10.2 - incorporate upstream patch to fix a NULL pointer dereference while processing certain TGS requests CVE-2013-1416, 950342...

Fedora 15 : krb5-1.9.2-4.fc15 (2011-16284)

This update rebases Fedora 15 and 16 from version 1.9.1 to version 1.9.2, incorporating a recent security update and some of the fixes we were previously backporting, among others. It also incorporates fixes for NULL pointer dereferences which the KDC could make while processing TGS requests...

krb5 security update

1.9-22.1 - add candidate patch to fix a NULL pointer dereference while processing TGS requests MITKRB5-SA-2011-007, 754046...

Fedora 16 : krb5-1.9.2-4.fc16 (2011-16296)

This update rebases Fedora 15 and 16 from version 1.9.1 to version 1.9.2, incorporating a recent security update, and some of the fixes we were previously backporting, among others. It also incorporates fixes for NULL pointer dereferences which the KDC could make while processing TGS requests...

krb5 -- KDC null pointer dereference in TGS handling

The MIT Kerberos Team reports: In releases krb5-1.9 and later, the KDC can crash due to a NULL pointer dereference in code that handles TGS Ticket Granting Service requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a...

FreeBSD Ports: krb5

The remote host is missing an update to the system as announced in the referenced advisory. VID 4ccbd40d-03f7-11e0-bf50-001a926c7637 OpenVAS Vulnerability Test $ Description: Auto generated from VID 4ccbd40d-03f7-11e0-bf50-001a926c7637 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Ubuntu Update for krb5 vulnerabilities USN-1030-1

Ubuntu Update for Linux kernel vulnerabilities USN-1030-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10301.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for krb5 vulnerabilities USN-1030-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2010-4021

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...