VYPR

rpm package

opensuse/krb5&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/krb5&distro=openSUSE%20Tumbleweed

Vulnerabilities (87)

  • CVE-2007-2798Jun 26, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

  • CVE-2007-2442Jun 26, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

  • CVE-2007-1216Apr 6, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to e

  • CVE-2007-0957Apr 6, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerber

  • CVE-2007-0956Apr 6, 2007
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

  • CVE-2006-6144Dec 31, 2006
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that ca

  • CVE-2006-6143Dec 31, 2006
    affected < 1.19.2-2.2fixed 1.19.2-2.2

    The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of servic

Page 5 of 5