Searching mit shm software vulnerabilities

Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2

Kerberos | overflow | Buffer | MIT |

Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.


The kadm_ser_in function in (1) the Kerberos v4

kadm_ser_in | function |

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.


Format string vulnerabilities in the logging ro

vulnerabilities | Distribution | routines | Kerberos | logging | Format | Center | string | MIT | Key |

Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.


KDM in KDE 3.1.3 and earlier does not verify wh

KDE | KDM |

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.


Multiple buffer overflows in krb5_aname_to_loca

krb5_aname_to_localname | overflows | Kerberos | Multiple | buffer | MIT |

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.


Double-free vulnerabilities in the error handli

vulnerabilities | Double-free | decoders | handling | error | ASN1 | code |

Double-free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.


Double-free vulnerability in the krb5_rd_cred f

vulnerability | krb5_rd_cred | Double-free | Kerberos | function | MIT |

Double-free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.


The asn1buf_skiptail function in the ASN.1 deco

asn1buf_skiptail | Kerberos | function | library | decoder | ASN1 | MIT |

The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.


Double-free vulnerabilities in error handling c

vulnerabilities | Double-free | Kerberos | handling | krb524d | error | code | MIT |

Double-free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.


The add_to_history function in svr_principal.c

svr_principalc | add_to_history | libkadm5srv | Kerberos | function | MIT |

The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.


MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Dis

Kerberos | MIT |

MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.


Heap-based buffer overflow in the Key Distribut

Distribution | Heap-based | overflow | Center | buffer | Key |

Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.


Double-free vulnerability in the krb5_recvauth

krb5_recvauth | vulnerability | Double-free | Kerberos | function | MIT |

Double-free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.


The (1) krshd and (2) v4rcp applications in (a)


The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.


The (1) ftpd and (2) ksu programs in (a) MIT Ke


The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of Tuesday, August 08, 2006, it is not known whether an exploitable attack scenario exists for these issues.


The kernel in Red Hat Enterprise Linux 3, when

Enterprise | running | systems | service | kernel | denial | allows | users | local | Linux | cause | Red | Hat | SMP |

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.


The telnet daemon (telnetd) in MIT krb5 before

daemon | telnet |

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.


The gssrpc__svcauth_gssapi function in the RPC

gssrpc__svcauth_gssapi | Kerberos | function | library | MIT | RPC |

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.


Integer signedness error in the gssrpc__svcauth

gssrpc__svcauth_unix | svc_auth_unixc | signedness | Kerberos | function | library | Integer | error | MIT | RPC |

Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.


Stack-based buffer overflow in the rename_princ

rename_principal_2_svc | Stack-based | function | Kerberos | overflow | kadmind | buffer | MIT |

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.


Software vulnerabilities results 1 to 20 of 27     
Page: 12