Download
| Alert*
oval:org.secpod.oval:def:301104
Multiple vulnerabilities has been found and corrected in krb5: The krb5_ldap_lockout_audit function in the Key Distribution Center in MIT Kerberos 5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service via unspecified vector ... oval:org.secpod.oval:def:500043 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was ... oval:org.secpod.oval:def:1503260 Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:400348 The following issues have been fixed: - CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. - CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. Both bugs could be triggered by unauthenticated remote attackers ... oval:org.secpod.oval:def:600697 It was discovered that the Key Distribution Center in Kerberos 5 crashes when processing certain crafted requests: CVE-2011-1528 When the LDAP backend is used, remote users can trigger a KDC daemon crash and denial of service. CVE-2011-1529 When the LDAP or Berkeley DB backend is used, remote users ... oval:org.secpod.oval:def:103888 Kerberos V5 is a trusted-third-party network authentication system, which can improve your network"s security by eliminating the insecure practice of cleartext passwords. oval:org.secpod.oval:def:103399 Kerberos V5 is a trusted-third-party network authentication system, which can improve your network"s security by eliminating the insecure practice of cleartext passwords. |