exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

CVE-2022-42898

Status Candidate

Overview

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

Related Files

Gentoo Linux Security Advisory 202405-11
Posted May 6, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-11 - Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution. Versions greater than or equal to 1.21.2 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-36222, CVE-2021-37750, CVE-2022-42898, CVE-2023-36054, CVE-2023-39975
SHA-256 | cbd15bb1c6724a8aa28d838d94be9630722c0b6b8d1f63302b99478ca27bf2e0
Gentoo Linux Security Advisory 202310-06
Posted Oct 9, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2019-14870, CVE-2021-44758, CVE-2022-3437, CVE-2022-3671, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640, CVE-2022-44758, CVE-2022-45142
SHA-256 | 27611271da9764cfeb6bf4345cc8b0a457073005b818ba42fe2a3f1b4b278d83
Red Hat Security Advisory 2023-3624-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2021-46848, CVE-2022-1304, CVE-2022-25147, CVE-2022-2795, CVE-2022-2880, CVE-2022-35737, CVE-2022-36227, CVE-2022-3627, CVE-2022-3970, CVE-2022-41715, CVE-2022-41717, CVE-2022-42898, CVE-2022-4304, CVE-2022-4450
SHA-256 | d2f80d582085aae75b12f07fd85ac399fe95b0c3197d108af14ac014209e5633
Ubuntu Security Notice USN-5936-1
Posted Mar 8, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-3437, CVE-2022-38023, CVE-2022-42898, CVE-2022-45141
SHA-256 | 5e8eabbc49599e8552ae631bd9c0e93e1ff9a293b7d443dd0d70363a66b8f346
Red Hat Security Advisory 2023-0634-01
Posted Feb 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-35065, CVE-2021-46848, CVE-2022-35737, CVE-2022-3821, CVE-2022-40303, CVE-2022-40304, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-42898, CVE-2022-43680, CVE-2022-44617, CVE-2022-46175, CVE-2022-46285
SHA-256 | 46da8df8c00fedcfa94c9d28bd8cfa0801cbda6294e238eab09ed4d5fe39686d
Ubuntu Security Notice USN-5822-2
Posted Jan 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5822-2 - USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. It was discovered that Samba incorrectly handled the bad password count logic. It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. Greg Hudson discovered that Samba incorrectly handled PAC parsing. Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-20251, CVE-2022-3437, CVE-2022-38023, CVE-2022-42898, CVE-2022-45141
SHA-256 | f718e90d7add248ca99e3552b0f274b6f861ca5ceefde619cf3bde7fa83d130a
Ubuntu Security Notice USN-5828-1
Posted Jan 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5828-1 - It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-20217, CVE-2022-42898
SHA-256 | 172f865df6482a98eeb5142645b6b3d004e0fcbb18be188deb32de7ee6994283
Ubuntu Security Notice USN-5822-1
Posted Jan 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-20251, CVE-2022-3437, CVE-2022-38023, CVE-2022-42898, CVE-2022-45141
SHA-256 | 7e28dc77ffbc9a0bdb6d12d1db8027cea88238b892667a9f4f8b17fd154d8b4f
Ubuntu Security Notice USN-5800-1
Posted Jan 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5800-1 - It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-44758, CVE-2022-3437, CVE-2022-42898, CVE-2022-44640
SHA-256 | b0e2703f42318fc7c0a4e60c767ce87190f7c37446b669112673f0af14942855
Red Hat Security Advisory 2022-8893-01
Posted Dec 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-22570, CVE-2022-1158, CVE-2022-24302, CVE-2022-2639, CVE-2022-27191, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-42898
SHA-256 | c38ee4b6306b101938abc04733fc4231063e50a1e2f0c70c966e429666acd243
Red Hat Security Advisory 2022-9029-01
Posted Dec 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-9029-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | bb738be1fbfa23034dcdff57640c8096e223f0c06600d4372d2cbf9fc6cd63ab
Red Hat Security Advisory 2022-8827-01
Posted Dec 7, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-24778, CVE-2022-36056, CVE-2022-42898
SHA-256 | b2990f12fddee6673026ad3d6854e939c3c58799a4b8cdf7662cbeffd7540f1c
Red Hat Security Advisory 2022-8669-01
Posted Nov 30, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8669-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | 651abd4e04c6352dc73f17a724eab23338024825bf52c55e2d72fa513898d97e
Red Hat Security Advisory 2022-8662-01
Posted Nov 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8662-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | 151878df799f1ec396d8dd03ab05e1b1c93e5ae024b70ae8107593763375d3e1
Red Hat Security Advisory 2022-8663-01
Posted Nov 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8663-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | 49426fb0a2a87aa18a364cd63150c13a45bf18844b99093c841a7f5b25d734ab
Red Hat Security Advisory 2022-8639-01
Posted Nov 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8639-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | 820233bc9ebcf18fbaaeaebab7d378be29ae09e96b1df447c6a446f391d202a8
Red Hat Security Advisory 2022-8638-01
Posted Nov 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | 3a13174112b09774a4e0e77c235bf66597c09a8dfe0c797d969fc88f04e9e014
Red Hat Security Advisory 2022-8640-01
Posted Nov 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | 6f1b3fea035c271c47eba5232a961b187eadfeb79a9fcf4f7cb2ae3f50d68845
Red Hat Security Advisory 2022-8648-01
Posted Nov 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8648-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | 383cf0404679d6a66350bceb4c0a53064a1019d54ae0362c95a923a423546319
Red Hat Security Advisory 2022-8641-01
Posted Nov 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | e1c88b5425ec5ed0bfafdfb1bb34c79b493df323417ebe80b94013a6164c8e91
Red Hat Security Advisory 2022-8637-01
Posted Nov 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2022-42898
SHA-256 | 4e44a8266baa587b58e84ee26c227f9b2ad102b7714f8ee75cd7b592b230f030
Debian Security Advisory 5287-1
Posted Nov 23, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2021-3671, CVE-2021-44758, CVE-2022-3437, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640
SHA-256 | 84acf94eecacae5883c23a1272096230f0b336c4708449aaa72442ec79969d0e
Debian Security Advisory 5286-1
Posted Nov 21, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).

tags | advisory, remote, denial of service, overflow, code execution
systems | linux, debian
advisories | CVE-2022-42898
SHA-256 | 4054bf326761b93798ba5e87ed9c11954014650895f0887f6de6e704d4f0b728
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close