EUVD-2007-3214

Malware in sbrugna...

Mandriva Linux Security Advisory : krb5 (MDVSA-2015:069)

Multiple vulnerabilities has been discovered and corrected in krb5 : The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain...

Debian DLA-146-1 : krb5 security update

Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos : CVE-2014-5352 Incorrect memory management in the libgssapikrb5 library might result in denial of service or the execution of arbitrary code. CVE-2014-9421 Incorrect memory management in kadmind's processing of...

Double free

The authgssapiunwrapdata function in lib/rpc/authgssapimisc.c in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service use-after-free and...

CVE-2014-9421

The authgssapiunwrapdata function in lib/rpc/authgssapimisc.c in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service use-after-free and...

krb5: multiple issues

CVE-2014-5352 authenticated remote code execution: In the MIT krb5 libgssapikrb5 library, after gssprocesscontexttoken is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in...

USN-2498-1 krb5 vulnerabilities

It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...

[SECURITY] [DLA 146-1] krb5 security update

Package : krb5 Version : 1.8.3+dfsg-4squeeze9 CVE ID : CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos: CVE-2014-5352 Incorrect memory management in the libgssapikrb5 library might result in denial of...

Debian DSA-3153-1 : krb5 - security update

Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos : - CVE-2014-5352 Incorrect memory management in the libgssapikrb5 library might result in denial of service or the execution of arbitrary code. - CVE-2014-9421 Incorrect memory management in kadmind's processing...

[SECURITY] [DSA 3153-1] krb5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3153-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 03, 2015 http://www.debian.org/security/faq -...

CVE-2014-9421

The authgssapiunwrapdata function in lib/rpc/authgssapimisc.c in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service use-after-free and...

DSA-3153-1 krb5 - security update

Bulletin has no description...

SUSE-SU-2015:0290-1 Security update for krb5

MIT kerberos krb5 was updated to fix several security issues and bugs. Security issues fixed: CVE-2014-5351: The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 sent old keys in a response to a -randkey -keepold request, which allowed remote...

HP LoadRunner XDR Data Handling Heap Buffer Overflow (CVE-2013-4799)

A heap buffer overflow vulnerability exists in HP LoadRunner. The vulnerability is due to an insufficient check on the length value of XDR encoded data within an incoming request. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the...

Code injection

Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service system crash via certain XDR data in NFS requests, probably related to processing of data by the xdrbool and xdrmblkgetint32 functions...

CVE-2007-3223

Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service system crash via certain XDR data in NFS requests, probably related to processing of data by the xdrbool and xdrmblkgetint32 functions...

CVE-2007-2136

Stack-based buffer overflow in bgssdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed...

Stack overflow

Stack-based buffer overflow in bgssdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed...

CVE-2007-2136

Stack-based buffer overflow in bgssdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed...

ZDI-07-019: BMC Patrol PerformAgent bgs_sdservice Memory Corruption Vulnerability

ZDI-07-019: BMC Patrol PerformAgent bgssdservice Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-019.html April 18, 2007 -- CVE ID: CVE-2007-2136 -- Affected Vendor: BMC -- Affected Products: Patrol -- TippingPointTM IPS Customer Protection: TippingPoint IPS...