View Issue Details

IDProjectCategoryView StatusLast Update
0017730CentOS-8-OTHERpublic2020-09-16 14:38
Reporterchinofairy 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version8.2.2004 
Target VersionFixed in Version 
Summary0017730: Kerberos "svcauth_gss_validate()" Buffer Overflow Vulnerability (kerberos-svc-auth-gss-buffer-overflow)
DescriptionThere is a stack-based buffer overflow vulnerability in the svcauth_gss_validate function in MIT Kerberos 5 (krb5) 1.4 through 1.6.2 used by the Kerberos
Administration Daemon (kadmind) and various third-party programs, such as RPC daemons and libraries which include the vulnerable code (e.g., libtirpc,
librpcsecgss, etc.). This allows remote attackers to cause a denial of service or execute arbitrary code via a long RPC message.
Steps To Reproduceuse scan tool: nexpose 6.6.35 Enterprise
scan the system
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-09-16 14:38 chinofairy New Issue