HP Security Bulletin HPSBOV02682 SSRT100495 - Potential vulnerabilities have been identified with HP OpenVMS running Kerberos. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or execution of arbitrary code, or by a remote unauthorized user to modify data, prompts, or responses. Revision 1 of this advisory.
deba330be58344603284826e84811bfbbfe925a41948fff53b13f556755e818b
VMware Security Advisory 2010-0016 - This patch updates the service console kernel to fix multiple security issues. Updates to the likewisekrb5, likewiseopenldap, likewiseopen, and pamkrb5 packages address several security issues.
07d894e6a7a9e88a8d84a552ceb2b2d8a971a3c2b551994cd04d95e15402b1cc
Mandriva Linux Security Advisory 2010-005 - The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. The updated packages have been patched to correct these issues.
223f0994d0723ca2175893ca70bd32bd5f955a4de328b10243b97f36ad8d9037
Mandriva Linux Security Advisory 2009-098 - Multiple vulnerabilities has been found and corrected in krb5. The updated packages have been patched to correct these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.
2bb2bf931d6ac2e4ccaf6f044d6d84fb55c9289bdf7e1e03c8e0a43d4dd4c549
HP Security Bulletin - Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.
d984b720f3465fb1ba1d035590eb1f5358e3f95c97706772318b2e7bebdc4d2c
VMware Security Advisory - An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
e109e18e41b40196e0d8522ebb8cb0eb6a3c6ead5745495b47f1cb7c4dec62ed
Mandriva Linux Security Advisory 2009-098 - The MIT Kerberos 5 package suffers from denial of service and code execution vulnerabilities.
c3d3e4274812b9c2cce624dd05968c9b06064f2095293045b170f7bb2707e171
Debian Security Advisory 1766-1 - Several vulnerabilities have been found in the MIT reference implementation of Kerberos V5, a system for authenticating users and services on a network.
62744b0660268ab7130a3287b506316b68daa390f0f7c8054bab6ce99001b83a
Gentoo Linux Security Advisory GLSA 200904-09 - Multiple vulnerabilites in MIT Kerberos 5 might allow remote unauthenticated users to execute arbitrary code with root privileges. Versions less than 1.6.3-r6 are affected.
7b528ce4b70a3225550954d57e4772d37c008963e25bab1c29d3738f9ed187b1
SUSE Security Announcement - The Kerberos implementation from MIT is vulnerable to four different security issues that range from a remote crash to to possible, but very unlikely, remote code execution.
0e007593b67fdfd063439448160fe17d35f352dbb71aa7596e28fe45c721762b
Ubuntu Security Notice USN-755-1 - Multiple flaws were discovered in the Kerberos GSS-API and ASN.1 routines that did not correctly handle certain requests. An unauthenticated remote attacker could send specially crafted traffic to crash services using the Kerberos library, leading to a denial of service.
00dff75f4b4986be32bfa2795735d00bb490a4d893892bef38d5ae41d370d195
MIT krb5 Security Advisory 2009-002 - An ASN.1 decoder can free an uninitialized pointer when decoding an invalid encoding. This can cause a Kerberos application to crash, or, under theoretically possible but unlikely circumstances, execute arbitrary malicious code.
d26cdb51c70ac0de19c2b9607694e8b48c583d10e58fa642b3788316fae5852e