Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.
5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9Mandriva Linux Security Advisory 2011-077 - The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request that triggers an error condition. The updated packages have been patched to correct this issue.
6eaa27fcd397c812b8cfd9007f8bf4e9c77515a1de645ed0b3173c838d889db3Ubuntu Security Notice 1116-1 - Felipe Ortega discovered that kadmind did not correctly handle password changing error conditions. An unauthenticated remote attacker could exploit this to crash kadmind, leading to a denial of service.
c504f1c9e5d08ae993d2698e2444496612eecf5d1fb541616146ac4d8d9f8667MIT krb5 Security Advisory 2011-004 - The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.
0e3e5240220bc86a2ebbd53af919f5eb300431e7d92522bea43cb28a37d3570e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed