- Home
- CVEs with nessus.description==The version of the Network Authentication Service (NAS) installed on the remote AIX host is affected by the following vulnerabilities related to Kerberos 5 :
- Denial of service and remote code execution vulnerabilities exist due to security context handles not being properly maintained, allowing an authenticated, remote attacker to crash the service or execute arbitrary code using crafted GSSAPI traffic.
(CVE-2014-5352)
- A denial of service vulnerability exists due to improper handling of zero-byte or unterminated strings.
(CVE-2014-5355)
- Denial of service and remote code execution vulnerabilities exist which allow an authenticated, remote attacker to crash the service or execute arbitrary code using crafted, malformed XDR data.
(CVE-2014-9421)
- A privilege escalation vulnerability exists that allows an authenticated, remote attacker to gain administrative access via a flaw in kadmin authorization checks.
(CVE-2014-9422)
- An information disclosure vulnerability allows an attacker to gain information about process heap memory from NAS packets. (CVE-2014-9423)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top