3 matches found
samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result cou...
Debian DSA-3053-1 : openssl - security update (POODLE)
Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. - CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted...
openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash
A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server...