View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017730 | CentOS-8 | -OTHER | public | 2020-09-16 14:38 | 2020-09-16 14:38 |
| Reporter | chinofairy | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 8.2.2004 | ||||
| Summary | 0017730: Kerberos "svcauth_gss_validate()" Buffer Overflow Vulnerability (kerberos-svc-auth-gss-buffer-overflow) | ||||
| Description | There is a stack-based buffer overflow vulnerability in the svcauth_gss_validate function in MIT Kerberos 5 (krb5) 1.4 through 1.6.2 used by the Kerberos Administration Daemon (kadmind) and various third-party programs, such as RPC daemons and libraries which include the vulnerable code (e.g., libtirpc, librpcsecgss, etc.). This allows remote attackers to cause a denial of service or execute arbitrary code via a long RPC message. | ||||
| Steps To Reproduce | use scan tool: nexpose 6.6.35 Enterprise scan the system | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-09-16 14:38 | chinofairy | New Issue |
