Debian Linux Security Advisory 5287-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.
84acf94eecacae5883c23a1272096230f0b336c4708449aaa72442ec79969d0eUbuntu Security Notice 5675-1 - Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was not properly performing checksum algorithm verifications in the S4U2Self extension module. An attacker could possibly use this issue to perform a machine-in-the-middle attack and request S4U2Self tickets for any user known by the application. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. It was discovered that Heimdal was not properly handling the verification of key exchanges when an anonymous PKINIT was being used. An attacker could possibly use this issue to perform a machine-in-the-middle attack and expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
cccb3115b4cd49cebb9eb16ec6095a0201e4fb722052b6fc3da60864aee574a5OctoBot WebInterface version 0.4.3 suffers from a remote code execution vulnerability.
e44b74ee9184e1f4fa497f4876744c69864ed4d789de8a18313422be9a4ad1c5Sashimi Evil OctoBot Tentacle is a python script that exploits a vulnerability that lies in the Tentacles upload functionality of the cryptocurrency trading bot OctoBot which is designed to be easy to use and customizable. Versions 0.4.0beta3 through 0.4.3 are affected.
67657fcc4e1e91fdf6687effb98e5e02419480dc043b1f499700a2140f08b47bUbuntu Security Notice 5174-2 - USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. This update fixes the problem.
94cb64ff0292b0a999aaa0506f608776fc641f072e85a0d0123da728e800bdffUbuntu Security Notice 5142-3 - USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/show_bug.cgi?id=14922 This update fixes the problem. Various other issues were also addressed.
c2c8fcea9831797fd889f4570b8becd0d331cdb36d976a471a6dba4dad44aa41Ubuntu Security Notice 5142-2 - USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced regressions in name mapping and backups.
60ab885b043b1a4da1c403e7daee521f43b6fd29bf4dfb92a58090f1096a405dUbuntu Security Notice 5174-1 - Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. Andrew Bartlett discovered that Samba did not properly check sensitive attributes. An authenticated attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
25c5c900f4302b24fc3b0236ad0320fa6c9153a96b6a27157cc077591a889f60Ubuntu Security Notice 5142-1 - Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. Andrew Bartlett discovered that Samba did not correctly sandbox Kerberos tickets issues by an RODC. An RODC could print administrator tickets, contrary to expectations. Various other issues were also addressed.
61f1542773f3e13406c8cb0829dff2a3c2436272d81dd4de2c0b0a2767455f98
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed