VYPR

rpm package

opensuse/krb5&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/krb5&distro=openSUSE%20Tumbleweed

Vulnerabilities (87)

  • CVE-2010-1323LowDec 2, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a

  • CVE-2010-1322Oct 7, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or poss

  • CVE-2010-1321May 19, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users

  • CVE-2010-1320Apr 22, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with

  • CVE-2010-0628Mar 25, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an in

  • CVE-2010-0283Feb 22, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

  • CVE-2009-4212Jan 13, 2010
    affected < 1.15-1.1fixed 1.15-1.1

    Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by pro

  • CVE-2009-3295Dec 29, 2009
    affected < 1.15-1.1fixed 1.15-1.1

    The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a

  • CVE-2009-0847Apr 9, 2009
    affected < 1.15-1.1fixed 1.15-1.1

    The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations

  • CVE-2009-0846Apr 9, 2009
    affected < 1.15-1.1fixed 1.15-1.1

    The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an inva

  • CVE-2009-0844Apr 9, 2009
    affected < 1.15-1.1fixed 1.15-1.1

    The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

  • CVE-2009-0845Mar 27, 2009
    affected < 1.15-1.1fixed 1.15-1.1

    The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the

  • CVE-2008-0062CriMar 19, 2008
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

  • CVE-2008-0947Mar 19, 2008
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

  • CVE-2007-5972Dec 6, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must ha

  • CVE-2007-5971Dec 6, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.

  • CVE-2007-5902Dec 6, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.

  • CVE-2007-5894Dec 6, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under

  • CVE-2007-4000Sep 5, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users wi

  • CVE-2007-3999Sep 5, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use k

Page 4 of 5