Download
| Alert*
|
oval:org.secpod.oval:def:500411
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled TGS request messages. A ... oval:org.secpod.oval:def:700152 Mike Roszkowski discovered that the Kerberos KDC did not correctly validate the contents of certain messages. If an authenticated remote attacker sent specially crafted TGS requests, the KDC service would crash, leading to a denial of service. oval:org.secpod.oval:def:300271 A vulnerability was discovered and corrected in krb5: The merge_authdata function in kdc_authdata.c in the Key Distribution Center in MIT Kerberos 5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or ... oval:org.secpod.oval:def:101002 Kerberos V5 is a trusted-third-party network authentication system, which can improve your network"s security by eliminating the insecure practice of cleartext passwords. oval:org.secpod.oval:def:1503335 Updated krb5 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... |
