rpm package
suse/krb5-plugins&distro=SUSE Linux Enterprise Server 11 SP3
pkg:rpm/suse/krb5-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-2695 | — | < 1.6.3-133.49.97.3 | 1.6.3-133.49.97.3 | Nov 9, 2015 | lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_in | ||
| CVE-2014-5355 | — | < 1.6.3-133.49.68.1 | 1.6.3-133.49.68.1 | Feb 20, 2015 | MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2 | ||
| CVE-2014-5354 | — | < 1.6.3-133.49.68.1 | 1.6.3-133.49.68.1 | Dec 16, 2014 | plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyle | ||
| CVE-2014-5353 | — | < 1.6.3-133.49.68.1 | 1.6.3-133.49.68.1 | Dec 16, 2014 | The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with |
- CVE-2015-2695Nov 9, 2015affected < 1.6.3-133.49.97.3fixed 1.6.3-133.49.97.3
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_in
- CVE-2014-5355Feb 20, 2015affected < 1.6.3-133.49.68.1fixed 1.6.3-133.49.68.1
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2
- CVE-2014-5354Dec 16, 2014affected < 1.6.3-133.49.68.1fixed 1.6.3-133.49.68.1
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyle
- CVE-2014-5353Dec 16, 2014affected < 1.6.3-133.49.68.1fixed 1.6.3-133.49.68.1
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with