Download
| Alert*
|
oval:org.secpod.oval:def:25774
krb5: MIT Kerberos Network Authentication Protocol Several security issues were fixed in Kerberos. oval:org.secpod.oval:def:109199 Kerberos V5 is a trusted-third-party network authentication system, which can improve your network"s security by eliminating the insecure practice of sending passwords over the network in unencrypted form. oval:org.secpod.oval:def:1500978 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 ... oval:org.secpod.oval:def:702410 krb5: MIT Kerberos Network Authentication Protocol Several security issues were fixed in Kerberos. oval:org.secpod.oval:def:203604 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 ... oval:org.secpod.oval:def:108509 Kerberos V5 is a trusted-third-party network authentication system, which can improve your network"s security by eliminating the insecure practice of sending passwords over the network in unencrypted form. oval:org.secpod.oval:def:52405 krb5: MIT Kerberos Network Authentication Protocol Several security issues were fixed in Kerberos. oval:org.secpod.oval:def:89045433 krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name . - CVE-2014-5354: NULL pointer dereference when using keyless entries ... oval:org.secpod.oval:def:1200085 A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library could call the gss_process_context_token function and use this flaw to crash that application. If kadmind wer ... oval:org.secpod.oval:def:501553 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 ... oval:org.secpod.oval:def:204196 A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP b ... oval:org.secpod.oval:def:108480 Kerberos V5 is a trusted-third-party network authentication system, which can improve your network"s security by eliminating the insecure practice of sending passwords over the network in unencrypted form. oval:org.secpod.oval:def:501510 A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP b ... oval:org.secpod.oval:def:1500932 The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated use ... |
