Critical flaws plague Kerberos

Grok Headline matches for Critical flaws plague Kerberos

Security pros warn of critical flaws in
Kerberos

Security pros warn of critical flaws in
Kerberos 09/01/2004 06:49 PM
ZDNet Sep 1 2004 10:27PM GMT

Security pros warn of critical flaws in
Kerberos (cont.)

Security pros warn of critical flaws in
Kerberos (cont.) 09/01/2004 07:17 PM
Vulnerabilities in technology widely used for network authentication leave computers open to attack.

MIT Warns of Kerberos 5 Flaws

MIT Warns of Kerberos 5 Flaws 09/02/2004 11:48 AM
Internet News Sep 2 2004 4:05PM GMT

Critical Kerberos bugs surface

Critical Kerberos bugs surface 09/02/2004 05:54 AM
Action stations

MIT Warns of Critical Vulnerabilities in
Kerberos 5

MIT Warns of Critical Vulnerabilities in
Kerberos 5 09/04/2004 10:32 AM
Slashdot Sep 4 2004 3:21PM GMT

Kerberos Flaws Allow Access to Protected
Networks

Kerberos Flaws Allow Access to Protected
Networks 09/01/2004 11:30 AM
MIT researchers have uncovered a number of serious security flaws in the Kerberos authentication system, the worst of which could give unauthorized users access to protected corporate networks.

Kerberos critical hole allows system
access

Kerberos critical hole allows system
access 09/01/2004 10:05 AM
The Massachusetts Institute of Technology (MIT) has warned of security vulnerabilities in its implementation of Kerberos that could allow attackers free access to protected systems. Users of MIT Kerberos 5 are urged to apply patches immediately.

Buffer flaws fixed in Ethereal,
Kerberos, Squid and CVS

Buffer flaws fixed in Ethereal,
Kerberos, Squid and CVS 06/09/2004 12:15 PM

US-CERT: Critical Flaws in libpng

US-CERT: Critical Flaws in libpng 08/05/2004 10:21 AM
Multiple vulnerabilities in the popular PNG reference library puts users at risk of malicious hacker attacks.

Microsoft warns of critical flaws

Microsoft warns of critical flaws 07/15/2004 05:17 AM
Windows users are being urged to update their PCs after critical flaws were found in some Microsoft programs.

Critical flaws in IE and Outlook
discovered

Critical flaws in IE and Outlook
discovered 04/01/2005 12:12 PM
Vulnerabilities allow for remote code execution, creating the potential for attackers to install backdoor Trojans.

New Critical Flaws Discovered in Windows

New Critical Flaws Discovered in Windows 12/30/2004 06:28 AM
http://www.wininformant.com/inc/images/WinInfo/security_temperature.gi f

Symantec patches four critical firewall
flaws

Symantec patches four critical firewall
flaws 05/13/2004 09:40 AM

Microsoft patches three critical browser
flaws

Microsoft patches three critical browser
flaws 07/30/2004 03:44 PM
The software giant hopes that the trifecta of fixes will lasso the Download.Ject Trojan horse.

Multiple critical flaws identified in
Oracle

Multiple critical flaws identified in
Oracle 08/05/2004 01:56 AM

Direct and Related Links for 'Multiple critical flaws identified in Oracle'

“Thirty-four vulnerabilities — the majority of them critical — have been identified in multiple versions of Oracle’s database server. “Most of the flaws are critical,” said David Litchfield, a researcher at UK-based NGSSoftware, whose company discovered the flaws. “One allows an attacker to gain control of the database server without a userID or password. Others allow low-privileged users (i.e. those that do have a userID and password) to gain complete control of the database server.”…

Critical Flaws Flagged in Mozilla,
Thunderbird

Critical Flaws Flagged in Mozilla,
Thunderbird 09/15/2004 01:54 PM
The open-source project plugs vulnerabilities in its Web browser and e-mail client.

Patches issued for critical RealPlayer
flaws

Patches issued for critical RealPlayer
flaws 06/24/2005 06:55 PM

RealNetworks has issued patches to four vulnerabiliites in its RealPlayer media software, some of which could allow an attacker to run unauthorized code on the user's computer.

The most serious of the bugs, which affects RealPlayers on the Windows, Macintosh and Linux operating systems, takes advantage of a bug in the RealText file format that is used in SMIL (Synchronized Multimedia Integration Language) files, according to Michael Sutton, director of iDefense's labs. "This is something that somebody could be vulnerable to without really taking much action. They could double click on a file, or go to a URL that somebody sent them in an mail."

Sutton has not yet seen anyone publicly release software that could take advantage of any of the four bugs, but researchers at iDefense labs in Reston, Va., have privately developed code that exploits the RealText vulnerability.

The other RealPlayer flaws could be triggered by malicious code inserted into MP3, AVI, (audio video interleaved) or RM (real media) files, and affect only the Windows version of RealPlayer, according to an advisory issued by RealNetworks.

Version 3 of the Rhapsody player for RealNetworks's online music service is also affected by one of the vulnerabilities, RealNetworks said.

More information on the vulnerabilities can be found here: http://service.real.com/help/faq/security/050623_player/EN/

SEE ALSO:

Security concerns to stunt e-commerce growth

Alleged UK bank scammer still at large

ADVERTISEMENT
Sun Microsystems
See what Sun and AMD do for Wall Street. sun.com/share

Symantec patches critical firewall flaws

Symantec patches critical firewall flaws 05/13/2004 09:35 AM
ZDNet May 13 2004 1:36PM GMT

Critical Flaws Found In Mozilla Products

Critical Flaws Found In Mozilla Products 09/15/2004 03:45 PM
After releasing their much awaited preview release of Firefox 1.0, the Mozilla Foundation has issued a warning about seven critical security issues with three of its flagship products.

Any product versions prior to Mozilla 1.7.3, Firefox 1.0PR and Thunderbird 0.8 are considered vulnerable. Mozilla recommends that all users upgrade their affected software to prevent exploitation of their systems.

All current releases of mentioned software are considered "patched" against these new found vulnerabilities. Users of affected software should download the most recent version of their products as soon as possible to ensure their continued safe functionality.


View: Mozilla Foundation
View: Neowin Forum Discussion
News source: Internetnews.com

Read full story...

Patch available for multiple critical
flaws in Oracle

Patch available for multiple critical
flaws in Oracle 09/05/2004 10:10 PM
NGSSoftware Insight Security Research (Aug 31 2004)

Security Experts to Microsoft: SP2 Has
Critical Flaws

Security Experts to Microsoft: SP2 Has
Critical Flaws 08/20/2004 06:23 AM
German Internet security experts Heise Security have discovered what it calls two "flaws" in Service Pack 2. Microsoft has said its Service Pack 2 offers users the latest security "innovations," but Internet security experts said hackers could exploit cracks in SP2 defences to exploit a user's computer.

According to Heise Security, "Computer hackers could evade SP2's new security features and infect a computer that uses Windows with a virus or a worm." Heise further explains that Windows also does not source information properly if files are overwritten so that it can "be tricked to execute files from the Internet" without sparking a warning, even if users install the new SP2 update.

A Microsoft spokesperson addressed the warning by saying, "Microsoft has investigated these reports and is not aware of any instance in which an attacker could specifically bypass the service in email or a Web browser to allow a malicious attacker access to a user's system. We continue to encourage customers to review and install Windows XP SP2."

View: More Information

Read full story...

Critical Flaws Affront Microsoft's
FrontPage

Critical Flaws Affront Microsoft's
FrontPage 09/26/2002 10:41 AM
The software giant warns that vulnerability in its FrontPage Extension Server could allow an attacker to crash your servers or run any code.

U.S. government, companies warn of
critical Oracle flaws

U.S. government, companies warn of
critical Oracle flaws 09/03/2004 06:30 PM
US-CERT has issued an alert citing several security flaws in Oracle products that could be used to shut down or take control of vulnerable systems or to corrupt or steal data from Oracle databases.

Unscheduled Security Update Fixes
Critical IE Flaws

Unscheduled Security Update Fixes
Critical IE Flaws 07/30/2004 05:42 PM
Microsoft issues a cumulative update that addresses three critical vulnerabilities related to graphics files and cross-domain execution.

US government, companies warn of
critical Oracle flaws

US government, companies warn of
critical Oracle flaws 09/02/2004 03:33 PM
BOSTON - The U.S. government's Computer Emergency Response Team (US-CERT) and software security companies have issued warnings about a number of security vulnerabilities in versions of Oracle Corp.'s software.

Microsoft Airs Critical Identity
Spoofing Flaws

Microsoft Airs Critical Identity
Spoofing Flaws 09/05/2002 10:28 AM
UPDATE: Once again, Microsoft is forced to whip up a slew of patches; this time, flaws that enable perpetrators to spoof Web sites are deemed 'critical.'

Chinese firm finds critical flaws in
Windows

Chinese firm finds critical flaws in
Windows 12/24/2004 12:40 PM
ZDNet Dec 24 2004 12:02AM GMT

Real Patches Critical Media Player Flaws

Real Patches Critical Media Player Flaws 06/11/2004 02:49 PM

Real Patches Critical Media Player Flaws
(PC World)

Real Patches Critical Media Player Flaws
(PC World) 06/11/2004 09:49 AM
PC World - Security holes could allow attackers to run malicious code.

[nisr@nextgenss.com: Patch available for
multiple critical flaws in Oracle]

[nisr@nextgenss.com: Patch available for
multiple critical flaws in Oracle] 09/01/2004 04:58 PM
David Ahmad (Sep 01 2004)

Patch Tuesday Brings Fixes for 2
Critical Security Flaws

Patch Tuesday Brings Fixes for 2
Critical Security Flaws 07/15/2004 12:17 AM
“Microsoft patched two critical flaws in its software in a batch of seven security bulletins released today [Tuesday] as part of the company’s monthly ‘Patch Tuesday.’ Each of the two critical flaws could allow an attacker to take complete control of a Windows computer over the Internet. “

KTH Kerberos 1.2.2

KTH Kerberos 1.2.2 07/02/2004 03:24 AM
A Kerberos 4 implementation.

Critical Path in critical condition

Critical Path in critical condition 12/25/2003 09:17 AM
CNET Dec 25 2003 9:16AM ET

Kerberos, continued

Kerberos, continued 05/28/2004 05:15 PM
My ISP wrote me back (will yours?) but I'm at a loss how to proceed. "No, we don't support Kerberos," he writes. "You can use SSL on smtp-remote.rawbw.com port 465 with authentication, and ignore any self signed certificate warnings." There...

Email Sender ID: It's like Kerberos all
over again

Email Sender ID: It's like Kerberos all
over again 09/02/2004 08:00 AM
We received a lot of interesting feedback in comments and email as a result of the story we ran last week on Email Sender ID: the hype and the reality." Many of those who contacted us are intimately acquainted with the subject matter, having had personal, first-hand involvement in the process to date. One of those was Yakov Shafronovich, who co-chaired the Anti-Spam Research Group during 2003, when the group was considering this very issue, prior to passing it on to the IETF. That led to an exchange of email messages during which I got a much clearer look at how Microsoft is once again embracing, extending, and attempting to encumber open source technology. Doggone it, it looks like Kerberos all over again.

TSL-2004-0036 - kerberos

TSL-2004-0036 - kerberos 06/18/2004 10:25 PM
Trustix Security Advisor (Jun 18 2004)

The Kerberos Authentication Process

The Kerberos Authentication Process 05/21/2004 05:21 PM

Kerberos Module For Apache

Kerberos Module For Apache 04/28/2004 08:41 AM
mod_auth_kerb 5.0-rc5 released

TSLSA-2004-0032 - kerberos

TSLSA-2004-0032 - kerberos 06/02/2004 01:33 PM
Trustix Security Advisor (Jun 02 2004)
Grok Description matches for Critical flaws plague Kerberos
GrokA matches for Critical flaws plague Kerberos

Critical flaws plague Kerberos

The following phrases have been identified by the grok system as matching this entry: