CVSS: 9.0EPSS: 15%CPEs: 6EXPL: 0CVE-2007-1216 – krb5 double free flaw
https://notcve.org/view.php?id=CVE-2007-1216
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding". Una vulnerabilidad de Doble Liberación en la biblioteca GSS-API (lib/gssapi/krb5/k5unseal.c), como la utiliza el demonio de administración de Kerberos (kadmind) en MIT krb5 anterior a versión 1.6.1, cuando es usado con el método de autenticación proporcionado por la biblioteca RPC de RPCSEC_GSS, permite a los usuarios autenticados remotamente ejecutar código arbitrario y modificar la base de datos de claves de Kerberos mediante un mensaje con una "an invalid direction encoding". • ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc http://docs.info.apple.com/article.html?artnum=305391 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056923 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html http://secunia.com/advisories/24706 http://secunia.com/advisories/24735 http://secunia.com/advisories/24736 http://secu • CWE-415: Double Free •
CVSS: 9.0EPSS: 96%CPEs: 6EXPL: 0CVE-2007-0957 – krb5_klog_syslog() stack buffer overflow
https://notcve.org/view.php?id=CVE-2007-0957
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers. Desbordamiento de búfer en la función krb5_klog_syslog en la biblioteca kadm5, tal y como se usa en el demonio de administración de Kerberos (kadmind) y Key Distribution Center (KDC), en MIT krb5 versiones anteriores a 1permite a usuarios remotos autenticados ejecutar código de su elección y modificar la base de datos de contraseñas Kerberos mediante argumentos manipulados, posiblemente involucrando especificadores de formato de cadena concretos. • ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html http://secunia.com/advisories/24706 http://secunia.com/advisories/24735 http://secunia.com/advisories/24736 http://secunia.com/advisories/24740 http://secunia.com/advisories/24750 http://secunia.com/advisories/ • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2007-0956 – Unauthorized access via krb5-telnet daemon
https://notcve.org/view.php?id=CVE-2007-0956
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882. El demonio telnet (telnetd) en MIT krb5 anterior a 1.6.1 permite a atacantes remotos evitar la validación y ganar accesos al sistema a través de un nombre de usuario comenzando con el carácter '-', un asunto similar a CVE-2007-0882. • ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html http://secunia.com/advisories/24706 http://secunia.com/advisories/24735 http://secunia.com/advisories/24736 http://secunia.com/advisories/24740 http://secunia.com/advisories/24750 http://secunia.com/advisories/24755 http://secunia.com/advisories/24757 http://secunia.com/advisories/24785 http://secunia.com/advisories/24786 http:/&#x • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 0CVE-2006-6144
https://notcve.org/view.php?id=CVE-2006-6144
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. La abstracción de interfaz "mechglue" de la biblioteca GSS-API para Kerberos 5 1.5 hasta 1.5.1, tal y como se usan en el demonio de administración Kerberos (kadmind) y otros productos que utilizan esta biblioteca, permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores desconocidos que provoca que mechglue libere punteros sin inicializar. • http://fedoranews.org/cms/node/2375 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html http://osvdb.org/31280 http://secunia.com/advisories/23690 http://secunia.com/advisories/23701 http://secunia.com/advisories/23706 http://secunia.com/advisories/23903 http://secunia.com/advisories/35151 http://security.gentoo.org/glsa/glsa-200701-21.xml http://securitytracker.com/id?1017494 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1 http: •
CVSS: 9.3EPSS: 60%CPEs: 9EXPL: 0CVE-2006-6143
https://notcve.org/view.php?id=CVE-2006-6143
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. La librería RPC del Kerberos 5 1.4 hasta la 1.4.4 y de la 1.5 hasta la 1.5.1, como la usada en el demonio de administración del Kerberos (kadmind) y otros productos que utilizan esta librería, llama a un puntero de función sin inicializar en una memoria liberada, lo que permite a atacantes remotos provocar una denegación de servicio (caída) y la posibilidad de ejecutar código de su elección mediante vectores sin especificar. • http://docs.info.apple.com/article.html?artnum=305391 http://fedoranews.org/cms/node/2375 http://fedoranews.org/cms/node/2376 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html http://osvdb.org/31281 http://secunia.com/advisories/23667 http://secunia.com/advisories/23696 http://secunia.com/advisories/23701 http://secunia.com/advisories/23706 http://secunia.com/advisories/23707&# • CWE-824: Access of Uninitialized Pointer •