Page 6 of 62 results (0.012 seconds)

CVSS: 9.3EPSS: 54%CPEs: 1EXPL: 0

CVE-2008-0948 – krb5: incorrect handling of high-numbered file descriptors in RPC library

https://notcve.org/view.php?id=CVE-2008-0948

Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. Un desbordamiento de búfer en la biblioteca RPC (lib/rpc/rpc_dtablesize.c) utilizada por libgssrpc y kadmind en MIT Kerberos 5 (krb5) versión 1.2.2, y probablemente otras versiones anteriores a 1.3, cuando se ejecuta en sistemas cuyo unistd.h no define la macro FD_SETSIZE, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario mediante la activación de un gran número de descriptores de archivos abiertos. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://marc.info/?l=bugtraq&m=130497213107107&w=2 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29663 http://secunia.com/advisories/30535 http://securityreason.com/securityalert/3752 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 1

CVE-2007-5901 – krb5: use-after-free in gssapi lib

https://notcve.org/view.php?id=CVE-2007-5901

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Vulnerabilidad de uso después de liberación (use-after-free) en la función gss_indicate_mechs de lib/gssapi/mechglue/g_initialize.c en MIT Kerberos 5 (krb5) tiene impacto y vectores de ataque desconocidos. NOTA: esto podría ser resultado de una errata en el código fuente. • http://bugs.gentoo.org/show_bug.cgi?id=199214 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43346 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/29451 http://secunia.com/advisories/29464 http://secunia.com/advisories/29516 http://secunia.com/advisories/39290 http://security.gentoo.org • CWE-399: Resource Management Errors CWE-416: Use After Free •

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2007-5971 – krb5: double free in gssapi lib

https://notcve.org/view.php?id=CVE-2007-5971

Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Una vulnerabilidad de doble liberación en la función gss_krb5int_make_seal_token_v3 en la biblioteca lib/gssapi/krb5/k5sealv3.c en MIT Kerberos 5 (krb5), presenta un impacto desconocido y vectores de ataques. • http://bugs.gentoo.org/show_bug.cgi?id=199212 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43345 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/28636 http://secunia.com/advisories/29420 http://secunia.com/advisories/29450 http://secunia.com/advisories/29451 http://secunia.com/advisories • CWE-399: Resource Management Errors •

CVSS: 9.0EPSS: 94%CPEs: 6EXPL: 0

CVE-2007-2798 – krb5 kadmind buffer overflow

https://notcve.org/view.php?id=CVE-2007-2798

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. Un desbordamiento de búfer en la región Stack de la memoria en la función rename_principal_2_svc en kadmind para MIT Kerberos versiones 1.5.3, 1.6.1, y otras versiones, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de una petición creada para renombrar un principal. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=548 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://osvdb.org/36595 http://secunia.com/advisories/25800 htt • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 96%CPEs: 6EXPL: 0

CVE-2007-2442 – krb5 RPC library unitialized pointer free

https://notcve.org/view.php?id=CVE-2007-2442

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. La función gssrpc__svcauth_gssapi en la librería RPC de MIT Kerberos 5 (krb5) 1.6.1 y anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante credenciales RPC de longitud cero, lo cual provoca que kadmind libere un puntero no inicializado durante la limpieza. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://osvdb.org/36596 http://secunia.com/advisories/25800 http://secunia.com/advisories/25801 http://secunia.com/advisories/258 • CWE-824: Access of Uninitialized Pointer •