CVE-2010-0629

Related Files

Gentoo Linux Security Advisory 201201-13

Posted Jan 24, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151

SHA-256 | 5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9

Download | Favorite | View

Mandriva Linux Security Advisory 2010-071

Posted Apr 14, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-071 - Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2010-0629

SHA-256 | 4f2e730b7e9d6e4a1620d4b0afacf275a4fb99dc0d7d71c16271806cd9c5d469

Download | Favorite | View

Debian Linux Security Advisory 2031-1

Posted Apr 12, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2031-1 - Sol Jerome discovered that kadmind service in krb5, a system for authenticating users and services on a network, allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

tags | advisory, remote, denial of service

systems | linux, debian

advisories | CVE-2010-0629

SHA-256 | 6164cb2bd1a01d67abb4ae28c6d3234def51187ed50848a93f4f60ea9c9c0fa7

Download | Favorite | View

Ubuntu Security Notice 924-1

Posted Apr 7, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 924-1 - Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. It was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629, CVE-2007-5971

SHA-256 | bc9bb711c2b8a35f6d930697ac516ed74fe77679f83777bc8331d5e84ba5e977

Download | Favorite | View

kadmind Denial Of Service

Posted Apr 7, 2010

Site web.mit.edu

MIT krb5 Security Advisory 2010-003 - In previous MIT krb5 releases krb5-1.5 through krb5-1.6.3, the Kerberos administration daemon (kadmind) can crash due to referencing freed memory. A legitimate user can trigger this crash by using a newer version of the kadmin protocol than the server supports.

tags | advisory, protocol

advisories | CVE-2010-0629

SHA-256 | 52f15147f99a8b73ce1c76f66321a7b8f7baa3149d7fbbd12a0453ca1dd44b10

Download | Favorite | View