rpm package
opensuse/krb5&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/krb5&distro=openSUSE%20Tumbleweed
Vulnerabilities (87)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-2798 | — | < 1.19.2-2.2 | 1.19.2-2.2 | Jun 26, 2007 | Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. | ||
| CVE-2007-2442 | — | < 1.19.2-2.2 | 1.19.2-2.2 | Jun 26, 2007 | The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. | ||
| CVE-2007-1216 | — | < 1.19.2-2.2 | 1.19.2-2.2 | Apr 6, 2007 | Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to e | ||
| CVE-2007-0957 | — | < 1.19.2-2.2 | 1.19.2-2.2 | Apr 6, 2007 | Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerber | ||
| CVE-2007-0956 | — | < 1.19.2-2.2 | 1.19.2-2.2 | Apr 6, 2007 | The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882. | ||
| CVE-2006-6144 | — | < 1.19.2-2.2 | 1.19.2-2.2 | Dec 31, 2006 | The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that ca | ||
| CVE-2006-6143 | — | < 1.19.2-2.2 | 1.19.2-2.2 | Dec 31, 2006 | The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of servic |
- CVE-2007-2798Jun 26, 2007affected < 1.19.2-2.2fixed 1.19.2-2.2
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
- CVE-2007-2442Jun 26, 2007affected < 1.19.2-2.2fixed 1.19.2-2.2
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
- CVE-2007-1216Apr 6, 2007affected < 1.19.2-2.2fixed 1.19.2-2.2
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to e
- CVE-2007-0957Apr 6, 2007affected < 1.19.2-2.2fixed 1.19.2-2.2
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerber
- CVE-2007-0956Apr 6, 2007affected < 1.19.2-2.2fixed 1.19.2-2.2
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
- CVE-2006-6144Dec 31, 2006affected < 1.19.2-2.2fixed 1.19.2-2.2
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that ca
- CVE-2006-6143Dec 31, 2006affected < 1.19.2-2.2fixed 1.19.2-2.2
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of servic
Page 5 of 5