New User, Welcome!     Login

Next Page >>

Massachusetts Institute of Technology

MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]

REVISION HISTORY
================

2010-11-30      original release

Copyright (C) 2010 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAkz1SjoACgkQSO8fWy4vZo5CGgCePDfxaWdGcX70V4U83JUbi9uF
VXoAoO0eP1MPEOUZt096Xsgyv1fR1k1u

updated patch: MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer

================

2007-09-05      CVE-2007-3999 patch revised due to 32-byte overflow
2007-09-04      original release

Copyright (C) 2007 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)

iQCVAwUBRt8V06bDgE/zdoE9AQJAPAP/R+OdTSabTDNZVyF0N34KaP9NQMixEAI+
9b1uuUc0zIYrvKr+XQZJ3UkyNZ8j88OAYjQ2bdtgnkOCDibsClOhEWams+S6h+5I

MITKRB5-SA-2007-006: kadmind RPC lib buffer overflow, uninitialized pointer

REVISION HISTORY
================

2007-09-04      original release

Copyright (C) 2007 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)

iQCVAwUBRt2eBabDgE/zdoE9AQKxOQP+PQW4p5KjJjeJf7oGQgNqdWZVxvgR90Pn
eCmgrgiOupGHAr8U3bhoyNSLMMBGl4BcTh1JF7iCm0MUiishD1vEenw+OVne4QR4

MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]

REVISION HISTORY
================

2009-04-07      original release

Copyright (C) 2009 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iQCVAgUBSduVZabDgE/zdoE9AQI9OgP+OymYyzsFHkUcUWjEVtiFPxKCYh6uZvIj
foqgws9Kv4/TZ44SsJJLURCBgBthm/2coWwlaxaFdDgzXxH/KUW5J9UEBy/rraNx

MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]

REVISION HISTORY
================

2010-03-23      original release

Copyright (C) 2010 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAkupAZsACgkQSO8fWy4vZo4ETACgn9xRUl3CTCiRd2vF1PBOaQ8b
EfUAoPz32NUU/mk+H8kej8fWQFo3iwcZ

MITKRB5-SA-2010-003 [CVE-2010-0629] denial of service in kadmind in older krb5 releases

REVISION HISTORY
================

2010-04-06      original release

Copyright (C) 2010 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAku7ebMACgkQSO8fWy4vZo6cZwCg+gPn5RIWuKBbdZi0NktOh+pC
SNMAnj3SeOel4cx5v9SprM1MRZG/ERCQ

MITKRB5-SA-2010-006 [CVE-2010-1322] KDC uninitialized pointer crash in authorization data handling

REVISION HISTORY
================

2010-10-05      original release

Copyright (C) 2010 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAkyrdcEACgkQSO8fWy4vZo5QVQCfbvzBA0Mx+CLktnrWgyphhQaZ
9TkAoJHEC0Nm1kt3MDP4MeFf7kjgM/OS

MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]

REVISION HISTORY
================

2009-04-07      original release

Copyright (C) 2009 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iQCVAgUBSduVcabDgE/zdoE9AQI+OgQApBBzBcQYG2GfuPIvZhwhJlvaWzSAQpb4
lYgScNNihKVs+xQF8vE5omSXSC/uaRkb5pGd0sa+LAmNCCjwNGT13f5TB6fAKTwS

MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC

REVISION HISTORY
================

2010-04-20      original release

Copyright (C) 2010 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAkvN7+QACgkQSO8fWy4vZo5+dQCfV+qgkScspXVbQ9rgZ/L8m1Rp
9mcAn31H+mi9pTcmEyhMzRuXD47VVKv3

MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc

REVISION HISTORY
================

2008-03-18      original release

Copyright (C) 2008 Massachusetts Institute of Technology

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFH4AC6UqOaDMQ+e5gRAt5BAKCkfIKFE6assZ+fhbf8ghT5PsS5RQCfcQAJ

MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption

REVISION HISTORY
================

2010-01-12      original release

Copyright (C) 2009 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAktMqfAACgkQSO8fWy4vZo4cggCgoMQOq/CF68tdzP1n+BwneJG+
vrIAmwX9X8LeO6gOXW9X+2jetti2pYGG

MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref

REVISION HISTORY
================

2010-05-18      original release

Copyright (C) 2010 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAkvy1ooACgkQSO8fWy4vZo4u8gCgz7jbjv/wCB4gvphXuK8x1g1f
+PMAoKOiUzAEan9RPXQ4MN4SJ2Cl1Zl8

MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing

REVISION HISTORY
================

2009-12-28      original release

Copyright (C) 2009 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAks4/nkACgkQSO8fWy4vZo4UXQCg9S3XiGnhe7RQJLVOVzHXMw7P
voUAoOIuyQQOuEBbUIlPbv61cfx7XTtc

MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285]

REVISION HISTORY
================

2011-04-12      original release

Copyright (C) 2011 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAk2l6RMACgkQSO8fWy4vZo5bjgCgqnWVF2nixIkpdUPI1THkTgLn
h6cAn1bBnzjAxGA1fF56e7LNXPMZao+j

MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service

REVISION HISTORY
================

2010-02-16      original release

Copyright (C) 2010 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAkt66lcACgkQSO8fWy4vZo7I0ACfasGx8aeoSggpGZ+pT9rbcKSj
QJIAoNPvn30+XmGb5Q7nXaAy0jiLIftg

MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]

REVISION HISTORY
================

2011-12-26      original release

Copyright (C) 2011 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAk744dsACgkQSO8fWy4vZo6oOACdFW96Ei5AHXbXHBsHaax6tiEE
8AIAoJjMKx/2cbcLiTlHYiN3ypy8XF4S

MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022]

REVISION HISTORY
================

2011-02-08      original release

Copyright (C) 2010 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAk1RlE4ACgkQSO8fWy4vZo6MkACghLz1l0/+aO4hs2iQwlCZBjeR
v7EAoNHYLVApbjrLTEKNsHLXXAjTIfWb

MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]

REVISION HISTORY
================

2011-02-08      original release

Copyright (C) 2011 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAk1RlFMACgkQSO8fWy4vZo5GBQCdHjbGW27n3nskeQCzlCkQY1aA
H40AnAsI0BTieELwAz8rcshwkocFhSTJ

MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject)

REVISION HISTORY
================

2008-03-18      original release

Copyright (C) 2008 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFH3/21UqOaDMQ+e5gRAj38AJ97qJdFUkcnvPwI19DMKTnDsuXYMgCeMmdw
ZbfG/YXurbX8hTe4+cJiZBM=

MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc

REVISION HISTORY
================

2008-03-18      original release

Copyright (C) 2008 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFH3/21UqOaDMQ+e5gRAj38AJ97qJdFUkcnvPwI19DMKTnDsuXYMgCeMmdw
ZbfG/YXurbX8hTe4+cJiZBM=

MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled

REVISION HISTORY
================

2011-03-15      original release

Copyright (C) 2011 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAk1/qSUACgkQSO8fWy4vZo7g3gCfTiJoaxuB3yVIGKOkttvFJg2z
J2wAoPuSZ56AJ1ugZP0YzObbWVq4cWRt

MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]

REVISION HISTORY
================

2011-12-06      original release

Copyright (C) 2011 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iQCVAgUBTt5mYabDgE/zdoE9AQIuKAQA0K1YUeTKjEIVjEIufpTanNoipQiWRNCE
alUjkcxQeD3yFK8LU6yKcs0CdTI60FDst3788tUtoGDdwpnbc90Rv8EID00VtgEc

MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]

REVISION HISTORY
================

2011-07-05      original release

Copyright (C) 2011 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAk4TT7IACgkQSO8fWy4vZo7ttQCglKWLu47znBVfeGXl3LlnZtF2
llIAoNgVuCYIdVWcMEJaZ0oBp9RxhkzJ

MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]

REVISION HISTORY
================

2011-10-18      original release

Copyright (C) 2011 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAk6dvtMACgkQSO8fWy4vZo6GowCePb09TB6ml1fQCPgNh+au5RGN
V6sAmwY8e1uEI/PaualYavqA/fAbpCuq

[ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: MIT Kerberos 5: Multiple vulnerabilities
      Date: April 08, 2009
      Bugs: #262736, #263398
        ID: 200904-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ GLSA 200803-31 ] MIT Kerberos 5: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: MIT Kerberos 5: Multiple vulnerabilities
      Date: March 24, 2008
      Bugs: #199205, #212363
        ID: 200803-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ GLSA 200709-01 ] MIT Kerberos 5: Multiple vulnerabilities

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: MIT Kerberos 5: Multiple vulnerabilities
      Date: September 11, 2007
      Bugs: #191301
        ID: 200709-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability

-- CVE ID:
CVE-2007-3999

-- Affected Vendor:
MIT

-- Affected Products:
MIT Kerberos krb5-1.6.2

-- TippingPoint(TM) IPS Customer Protection:

[ MDVSA-2009:098-1 ] krb5

 Problem Description:

 Multiple vulnerabilities has been found and corrected in krb5:
 
 The get_input_token function in the SPNEGO implementation in MIT
 Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to
 cause a denial of service (daemon crash) and possibly obtain sensitive
 information via a crafted length value that triggers a buffer over-read
 (CVE-2009-0844).

TSLSA-2007-0026 - multi

  kerberos5
  (MIT) Kerberos is a network authentication protocol. It is designed to
  provide strong authentication for client/server applications by using
  secret-key cryptography. A free implementation of this protocol is
  available from the Massachusetts Institute of Technology. Kerberos is
  available in many commercial products as well.

  php
  PHP is an HTML-embedded scripting language. PHP attempts to make it
  easy for developers to write dynamically generated web pages. PHP
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!