exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2011-0285

Status Candidate

Overview

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Related Files

Gentoo Linux Security Advisory 201201-13
Posted Jan 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151
SHA-256 | 5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9
Mandriva Linux Security Advisory 2011-077
Posted Apr 22, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-077 - The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request that triggers an error condition. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2011-0285
SHA-256 | 6eaa27fcd397c812b8cfd9007f8bf4e9c77515a1de645ed0b3173c838d889db3
Ubuntu Security Notice USN-1116-1
Posted Apr 19, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1116-1 - Felipe Ortega discovered that kadmind did not correctly handle password changing error conditions. An unauthenticated remote attacker could exploit this to crash kadmind, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-0285
SHA-256 | c504f1c9e5d08ae993d2698e2444496612eecf5d1fb541616146ac4d8d9f8667
MIT krb5 Security Advisory 2011-004
Posted Apr 14, 2011
Site web.mit.edu

MIT krb5 Security Advisory 2011-004 - The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.

tags | advisory, denial of service, arbitrary
advisories | CVE-2011-0285
SHA-256 | 0e3e5240220bc86a2ebbd53af919f5eb300431e7d92522bea43cb28a37d3570e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close