{"bulletinFamily": "unix", "affectedPackage": [{"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.s390x.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.i386.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.i386.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.s390x.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.i386.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-1.2.7-47.src.rpm", "packageName": "krb5", "operator": "lt", "arch": "any", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-1.2.7-47.src.rpm", "packageName": "krb5", "operator": "lt", "arch": "any", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.s390.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.s390.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.s390x.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.s390.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.s390x.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.i386.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.i386.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.s390.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.x86_64.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}], "viewCount": 0, "reporter": "CentOS Project", "references": ["http://iki.fi/upi/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2005-562.html"], "description": "**CentOS Errata and Security Advisory** CESA-2005:562\n\n\nKerberos is a networked authentication system which uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Although no exploit is\r\ncurrently known to exist, this issue could potentially be exploited to\r\nallow arbitrary code execution on a Key Distribution Center (KDC). The\r\nCommon Vulnerabilities and Exposures project assigned the name\r\nCAN-2005-1689 to this issue. \r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175). \r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175). \r\n\r\nAll users of krb5 should update to these erratum packages which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011925.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011926.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011931.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-562.html", "hashmap": [{"key": "affectedPackage", "hash": "71e32676b3139a838bf5a8c936237d2d"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "5e864b156dec1777b590afb94e18567a"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "21d7edbb10560c127ce8fa83bd402706"}, {"key": "href", "hash": "d5de2d77f6968d454f2718653b6dd1a4"}, {"key": "modified", "hash": "87f00bff557ff6afabef4d2d635e74b6"}, {"key": "published", "hash": "1c80a71d937986971d14dff923e76672"}, {"key": "references", "hash": "9fd95da57b33a6b0ff0b8a6605d8a5ad"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "title", "hash": "55fd4b4bbc063e05ace3cacbb97b434e"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}], "href": "http://lists.centos.org/pipermail/centos-announce/2005-July/011925.html", "modified": "2005-07-14T18:12:54", "objectVersion": "1.3", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "id": "CESA-2005:562", "title": "krb5 security update", "hash": "a3c18288ab1fa647430dfbfabc03ae5531e2c147d81f914dbfc713a4b3707687", "edition": 2, "published": "2005-07-12T23:06:13", "type": "centos", "history": [{"lastseen": "2017-10-03T18:26:31", "bulletin": {"published": "2005-07-12T23:06:13", "enchantments": {}, "id": "CESA-2005:562", "bulletinFamily": "unix", "title": "krb5 security update", "affectedPackage": [{"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "x86_64", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.s390x.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "s390x", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-1.2.7-47.src.rpm", "packageName": "krb5", "operator": "lt", "arch": "any", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-1.2.7-47.src.rpm", "packageName": "krb5", "operator": "lt", "arch": "any", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.s390x.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "s390x", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.x86_64.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "x86_64", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "x86_64", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.i386.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "i386", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.i386.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "i386", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.i386.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "i386", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.i386.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "i386", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.i386.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "i386", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.s390x.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "s390x", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-workstation-1.2.7-47.s390.rpm", "packageName": "krb5-workstation", "operator": "lt", "arch": "s390", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.s390.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "s390", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "x86_64", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-devel-1.2.7-47.s390.rpm", "packageName": "krb5-devel", "operator": "lt", "arch": "s390", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-libs-1.2.7-47.s390.rpm", "packageName": "krb5-libs", "operator": "lt", "arch": "s390", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.7-47", "packageFilename": "krb5-server-1.2.7-47.s390x.rpm", "packageName": "krb5-server", "operator": "lt", "arch": "s390x", "OSVersion": "any"}], "hash": "9313219591ec4031bb67dfffa552e627d4a33b0bd0a5e3af41e084db3d19433b", "viewCount": 0, "edition": 1, "cvelist": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "references": ["http://iki.fi/upi/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2005-562.html"], "objectVersion": "1.3", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "**CentOS Errata and Security Advisory** CESA-2005:562\n\n\nKerberos is a networked authentication system which uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Although no exploit is\r\ncurrently known to exist, this issue could potentially be exploited to\r\nallow arbitrary code execution on a Key Distribution Center (KDC). The\r\nCommon Vulnerabilities and Exposures project assigned the name\r\nCAN-2005-1689 to this issue. \r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175). \r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175). \r\n\r\nAll users of krb5 should update to these erratum packages which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011925.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011926.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011931.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-562.html", "hashmap": [{"key": "modified", "hash": "87f00bff557ff6afabef4d2d635e74b6"}, {"key": "affectedPackage", "hash": "02c20823fd778071635d2019c8c9fcb7"}, {"key": "description", "hash": "21d7edbb10560c127ce8fa83bd402706"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "references", "hash": "9fd95da57b33a6b0ff0b8a6605d8a5ad"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "published", "hash": "1c80a71d937986971d14dff923e76672"}, {"key": "title", "hash": "55fd4b4bbc063e05ace3cacbb97b434e"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}, {"key": "href", "hash": "d5de2d77f6968d454f2718653b6dd1a4"}, {"key": "cvelist", "hash": "5e864b156dec1777b590afb94e18567a"}], "href": "http://lists.centos.org/pipermail/centos-announce/2005-July/011925.html", "modified": "2005-07-14T18:12:54", "lastseen": "2017-10-03T18:26:31", "reporter": "CentOS Project", "type": "centos"}, "differentElements": ["affectedPackage"], "edition": 1}], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "lastseen": "2017-10-12T14:45:17"}

{"cve": [{"lastseen": "2017-10-11T11:06:15", "references": ["http://www.redhat.com/support/errata/RHSA-2005-567.html", "http://www.novell.com/linux/security/advisories/2005_17_sr.html", "http://www.trustix.org/errata/2005/0036", "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/21055", "http://securitytracker.com/id?1014461", "http://www.kb.cert.org/vuls/id/623332", "http://www.securityfocus.com/bid/14239", "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000993", "http://www.vupen.com/english/advisories/2006/3776", "http://www.vupen.com/english/advisories/2005/1066", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1", "http://www.gentoo.org/security/en/glsa/glsa-200507-11.xml", "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc", "http://marc.info/?l=bugtraq&m=112119974704542&w=2", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt", "http://www.securityfocus.com/archive/1/archive/1/446940/100/0/threaded", "http://www.ubuntulinux.org/support/documentation/usn/usn-224-1", "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt", "http://www.debian.org/security/2005/dsa-757", "http://www.redhat.com/support/errata/RHSA-2005-562.html", "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"], "description": "Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.", "edition": 4, "reporter": "NVD", "published": "2005-07-18T00:00:00", "title": "CVE-2005-1689", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:15", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9819", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9819"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-1689"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9819", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9819"}], "modified": "2017-10-10T21:30:09", "cpe": ["cpe:/a:mit:kerberos:5-1.4", "cpe:/a:mit:kerberos:5-1.3.3", "cpe:/a:mit:kerberos:5-1.3.2", "cpe:/a:mit:kerberos:5-1.3.6", "cpe:/a:mit:kerberos:5-1.3.4", "cpe:/a:mit:kerberos:5-1.3.1", "cpe:/a:mit:kerberos:5-1.3.5", "cpe:/a:mit:kerberos:5-1.4.1", "cpe:/a:mit:kerberos:5-1.3"], "id": "CVE-2005-1689", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1689", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-11T11:06:13", "references": ["http://www.redhat.com/support/errata/RHSA-2005-567.html", "http://www.vupen.com/english/advisories/2006/2074", "http://www.novell.com/linux/security/advisories/2005_17_sr.html", "http://www.trustix.org/errata/2005/0036", "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt", "http://securitytracker.com/id?1014460", "http://www.vupen.com/english/advisories/2005/1066", "http://www.kb.cert.org/vuls/id/885830", "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc", "http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474", "http://www.ubuntulinux.org/support/documentation/usn/usn-224-1", "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt", "http://marc.info/?l=bugtraq&m=112122123211974&w=2", "http://www.securityfocus.com/bid/14236", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1", "http://www.debian.org/security/2005/dsa-757", "http://www.redhat.com/support/errata/RHSA-2005-562.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/21328", "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"], "description": "Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.", "edition": 5, "reporter": "NVD", "published": "2005-07-18T00:00:00", "title": "CVE-2005-1175", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:13", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:736", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A736"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-1175"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9902", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9902"}], "modified": "2017-10-10T21:30:04", "cpe": ["cpe:/a:mit:kerberos:5-1.4", "cpe:/a:mit:kerberos:5-1.3.3", "cpe:/a:mit:kerberos:5-1.3.2", "cpe:/a:mit:kerberos:5-1.3.6", "cpe:/a:mit:kerberos:5-1.3.4", "cpe:/a:mit:kerberos:5-1.3.1", "cpe:/a:mit:kerberos:5-1.3.5", "cpe:/a:mit:kerberos:5-1.4.1", "cpe:/a:mit:kerberos:5-1.3"], "id": "CVE-2005-1175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1175", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-11T11:05:54", "references": ["http://www.redhat.com/support/errata/RHSA-2005-567.html", "http://www.securityfocus.com/bid/9986", "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831", "http://www.mandriva.com/security/advisories?name=MDVSA-2008:191", "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147", "http://www.redhat.com/support/errata/RHSA-2005-495.html", "http://www.juniper.net/support/security/alerts/adv59739.txt", "http://www.redhat.com/support/errata/RHSA-2005-481.html", "http://www.ciac.org/ciac/bulletins/o-212.shtml", "http://www.redhat.com/support/errata/RHSA-2005-074.html", "http://www.novell.com/linux/security/advisories/2004_09_kernel.html", "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt", "https://exchange.xforce.ibmcloud.com/vulnerabilities/16323", "http://www.redhat.com/support/errata/RHSA-2005-106.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:100", "http://www.redhat.com/support/errata/RHSA-2005-562.html", "http://www.redhat.com/support/errata/RHSA-2005-165.html"], "description": "Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.", "edition": 3, "reporter": "NVD", "published": "2004-08-18T00:00:00", "title": "CVE-2004-0175", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:05:54", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10184", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-0175"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10184", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10184"}], "modified": "2017-10-10T21:29:22", "cpe": ["cpe:/a:openbsd:openssh:3.1", "cpe:/a:openbsd:openssh:3.0p1", "cpe:/a:openbsd:openssh:3.0.1p1", "cpe:/a:openbsd:openssh:3.0.2p1", "cpe:/a:openbsd:openssh:3.1p1", "cpe:/a:openbsd:openssh:3.3", "cpe:/a:openbsd:openssh:3.2", "cpe:/a:openbsd:openssh:3.3p1", "cpe:/a:openbsd:openssh:3.4", "cpe:/a:openbsd:openssh:3.2.2p1", "cpe:/a:openbsd:openssh:3.4p1", "cpe:/a:openbsd:openssh:3.0.2", "cpe:/a:openbsd:openssh:3.2.3p1", "cpe:/a:openbsd:openssh:3.0", "cpe:/a:openbsd:openssh:3.0.1"], "id": "CVE-2004-0175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0175", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-11T11:06:10", "references": ["http://www.vupen.com/english/advisories/2006/3101", "http://idefense.com/application/poi/display?id=260&type=vulnerabilities", "http://www.novell.com/linux/security/advisories/2005_16_sr.html", "http://www.securityfocus.com/bid/19289", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1", "http://www.us-cert.gov/cas/techalerts/TA06-214A.html", "http://www.kb.cert.org/vuls/id/800829", "http://www.redhat.com/support/errata/RHSA-2005-504.html", "http://securitytracker.com/id?1014203", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1", "http://www.securityfocus.com/bid/13940", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1", "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html", "http://www.redhat.com/support/errata/RHSA-2005-562.html"], "description": "Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.", "edition": 2, "reporter": "NVD", "published": "2005-06-14T00:00:00", "title": "CVE-2005-0488", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:10", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11373", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11373"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-0488"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11373", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11373"}], "modified": "2017-10-10T21:29:56", "cpe": ["cpe:/a:mit:kerberos:5-1.3.4", "cpe:/o:sun:solaris:5.9", "cpe:/a:microsoft:telnet_client:5.1.2600.2180"], "id": "CVE-2005-0488", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0488", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2018-05-11T21:14:17", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "i386", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.7-47.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "ppc", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.7-47.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "s390", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.7-47.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "i386", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.7-47.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "s390x", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.7-47.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "ppc", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.7-47.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.2-37", "arch": "ia64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.2-37.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "x86_64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.7-47.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "ppc", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.7-47.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.2-37", "arch": "ia64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.2-37.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.2-37", "arch": "i386", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.2-37.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "i386", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.7-47.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "s390x", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.7-47.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "x86_64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.7-47.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "x86_64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.7-47.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "ppc64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.7-47.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "ia64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.7-47.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.2-37", "arch": "i386", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.2-37.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.2-37", "arch": "ia64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.2-37.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "s390", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.7-47.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.2-37", "arch": "i386", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.2-37.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "s390x", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.7-47.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "ia64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.7-47.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.2-37", "arch": "ia64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.2-37.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "ppc", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.7-47.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "s390", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.7-47.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "i386", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.7-47.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "ia64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.7-47.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "x86_64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.7-47.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "s390x", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.7-47.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "s390", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.7-47.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.7-47", "arch": "ia64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.7-47.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.2.2-37", "arch": "i386", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.2-37.i386.rpm", "operator": "lt"}], "description": "Kerberos is a networked authentication system which uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Although no exploit is\r\ncurrently known to exist, this issue could potentially be exploited to\r\nallow arbitrary code execution on a Key Distribution Center (KDC). The\r\nCommon Vulnerabilities and Exposures project assigned the name\r\nCAN-2005-1689 to this issue. \r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175). \r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175). \r\n\r\nAll users of krb5 should update to these erratum packages which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.", "reporter": "RedHat", "published": "2005-07-12T04:00:00", "type": "redhat", "title": "(RHSA-2005:562) krb5 security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175", "CVE-2005-0488", "CVE-2005-1175", "CVE-2005-1689"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-11T23:27:26", "id": "RHSA-2005:562", "href": "https://access.redhat.com/errata/RHSA-2005:562", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-09T07:20:30", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "i386", "packageFilename": "krb5-libs-1.3.4-17.i386.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "x86_64", "packageFilename": "krb5-devel-1.3.4-17.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "x86_64", "packageFilename": "krb5-libs-1.3.4-17.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "x86_64", "packageFilename": "krb5-server-1.3.4-17.x86_64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "x86_64", "packageFilename": "krb5-workstation-1.3.4-17.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "src", "packageFilename": "krb5-1.3.4-17.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "i386", "packageFilename": "krb5-devel-1.3.4-17.i386.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "i386", "packageFilename": "krb5-server-1.3.4-17.i386.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "i386", "packageFilename": "krb5-workstation-1.3.4-17.i386.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "ia64", "packageFilename": "krb5-devel-1.3.4-17.ia64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "ia64", "packageFilename": "krb5-libs-1.3.4-17.ia64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "ia64", "packageFilename": "krb5-server-1.3.4-17.ia64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "ia64", "packageFilename": "krb5-workstation-1.3.4-17.ia64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "ppc", "packageFilename": "krb5-devel-1.3.4-17.ppc.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "ppc", "packageFilename": "krb5-libs-1.3.4-17.ppc.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "ppc64", "packageFilename": "krb5-libs-1.3.4-17.ppc64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "ppc", "packageFilename": "krb5-server-1.3.4-17.ppc.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "ppc", "packageFilename": "krb5-workstation-1.3.4-17.ppc.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "s390", "packageFilename": "krb5-devel-1.3.4-17.s390.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "s390", "packageFilename": "krb5-libs-1.3.4-17.s390.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "s390", "packageFilename": "krb5-server-1.3.4-17.s390.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "s390", "packageFilename": "krb5-workstation-1.3.4-17.s390.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "s390x", "packageFilename": "krb5-devel-1.3.4-17.s390x.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "s390x", "packageFilename": "krb5-libs-1.3.4-17.s390x.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "s390x", "packageFilename": "krb5-server-1.3.4-17.s390x.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.4-17", "arch": "s390x", "packageFilename": "krb5-workstation-1.3.4-17.s390x.rpm", "packageName": "krb5-workstation", "operator": "lt"}], "description": "Kerberos is a networked authentication system that uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Red Hat Enterprise Linux 4\r\ncontains checks within glibc that detect double-free flaws. Therefore, on\r\nRed Hat Enterprise Linux 4 successful exploitation of this issue can only\r\nlead to a denial of service (KDC crash). The Common Vulnerabilities and\r\nExposures project assigned the name CAN-2005-1689 to this issue.\r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175).\r\n\r\nDaniel Wachdorf also discovered that in error conditions that may occur in\r\nresponse to correctly-formatted client requests, the Kerberos 5 KDC may\r\nattempt to free uninitialized memory. This could allow a remote attacker\r\nto cause a denial of service (KDC crash) (CAN-2005-1174).\r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175).\r\n\r\nAll users of krb5 should update to these erratum packages, which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.", "reporter": "RedHat", "published": "2005-07-12T04:00:00", "type": "redhat", "title": "(RHSA-2005:567) krb5 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175", "CVE-2005-0488", "CVE-2005-1174", "CVE-2005-1175", "CVE-2005-1689"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:51:21", "id": "RHSA-2005:567", "href": "https://access.redhat.com/errata/RHSA-2005:567", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-02T22:57:48", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh-askpass", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-gnome-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh-askpass-gnome", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-clients-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh-clients", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-server-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh-server", "arch": "ia64", "operator": "lt"}], "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH\nreplaces rlogin and rsh, and provides secure encrypted communications\nbetween two untrusted hosts over an insecure network. X11 connections and\narbitrary TCP/IP ports can also be forwarded over a secure channel. Public\nkey authentication can be used for \"passwordless\" access to servers.\n\nThe scp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses scp to copy files from a malicious server.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also correct the following bugs:\n\nOn systems where direct ssh access for the root user was disabled by\nconfiguration (setting \"PermitRootLogin no\"), attempts to guess the root\npassword could be judged as sucessful or unsucessful by observing a delay.\n\nOn systems where the privilege separation feature was turned on, the user\nresource limits were not correctly set if the configuration specified to\nraise them above the defaults. It was also not possible to change an\nexpired password.\n\nUsers of openssh should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "reporter": "RedHat", "published": "2005-05-18T04:00:00", "type": "redhat", "title": "(RHSA-2005:106) openssh security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-29T20:30:22", "id": "RHSA-2005:106", "href": "https://access.redhat.com/errata/RHSA-2005:106", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-09T07:19:50", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-25.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-25.3.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-25.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-25.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-25.3.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-25.3", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-25.3.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "The rsh package contains a set of programs that allow users to run\ncommands on remote machines, login to other machines, and copy files\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\nthese commands use rhosts-style authentication.\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses rcp to copy files from a malicious server.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also address the following bugs:\n\nThe rlogind server reported \"SIGCHLD set to SIG_IGN but calls wait()\"\nmessage to the system log because the original BSD code was ported\nincorrectly to linux.\n\nThe rexecd server did not function on systems where client hostnames were\nnot in the DNS service, because server code called gethostbyaddr() for each\nnew connection.\n\nThe rcp command incorrectly used the \"errno\" variable and produced\nerroneous error messages.\n\nThe rexecd command ignored settings in the /etc/security/limits file,\nbecause the PAM session was incorrectly initialized.\n\nAll users of rsh should upgrade to these updated packages, which resolve\nthese issues.", "reporter": "RedHat", "published": "2005-06-08T04:00:00", "type": "redhat", "title": "(RHSA-2005:165) rsh security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:09:34", "id": "RHSA-2005:165", "href": "https://access.redhat.com/errata/RHSA-2005:165", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-08-02T22:57:29", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-17.6", "packageFilename": "rsh-0.17-17.6.ia64.rpm", "packageName": "rsh", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-17.6", "packageFilename": "rsh-server-0.17-17.6.ia64.rpm", "packageName": "rsh-server", "arch": "ia64", "operator": "lt"}], "description": "The rsh package contains a set of programs that allow users to run\ncommands on remote machines, login to other machines, and copy files\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\nthese commands use rhosts-style authentication.\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses rcp to copy files from a malicious server. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also address the following bugs:\n\nThe rexec command failed with \"Invalid Argument\", because the code\nused sigaction() as an unsupported signal.\n\nThe rlogind server reported \"SIGCHLD set to SIG_IGN but calls wait()\"\nmessage to the system log because the original BSD code was ported\nincorrectly to linux.\n\nThe rexecd server did not function on systems where client hostnames were\nnot in the DNS service, because server code called gethostbyaddr() for each\nnew connection.\n\nThe rcp command incorrectly used the \"errno\" variable and produced\nerroneous error messages.\n\nThe rexecd command ignored settings in the /etc/security/limits file,\nbecause the PAM session was incorrectly initialized.\n\nThe rexec command prompted for username and password regardless of the\n~/.netrc configuration file contents. This updated package contains a patch\nthat no longer skips the ~/.netrc file. \n\nAll users of rsh should upgrade to these updated packages, which resolve\nthese issues.", "reporter": "RedHat", "published": "2005-05-18T04:00:00", "type": "redhat", "title": "(RHSA-2005:074) rsh security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-29T20:31:51", "id": "RHSA-2005:074", "href": "https://access.redhat.com/errata/RHSA-2005:074", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-15T06:37:24", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-18.AS21.4", "arch": "i386", "packageFilename": "rsh-server-0.17-18.AS21.4.i386.rpm", "packageName": "rsh-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-18.AS21.4", "arch": "i386", "packageFilename": "rsh-0.17-18.AS21.4.i386.rpm", "packageName": "rsh", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-18.AS21.4", "arch": "ia64", "packageFilename": "rsh-0.17-18.AS21.4.ia64.rpm", "packageName": "rsh", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-18.AS21.4", "arch": "ia64", "packageFilename": "rsh-server-0.17-18.AS21.4.ia64.rpm", "packageName": "rsh-server", "operator": "lt"}], "description": "The rsh package contains a set of programs that allow users to run\r\ncommands on remote machines, login to other machines, and copy files\r\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\r\nthese commands use rhosts-style authentication.\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses rcp to copy files from a malicious server. \r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2004-0175 to this issue.\r\n\r\nAll users of rsh should upgrade to these updated packages, which resolve\r\nthese issues.", "reporter": "RedHat", "published": "2005-06-13T04:00:00", "type": "redhat", "title": "(RHSA-2005:495) rsh security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:27:45", "id": "RHSA-2005:495", "href": "https://access.redhat.com/errata/RHSA-2005:495", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-28T01:00:59", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "ia64", "packageFilename": "openssh-clients-3.1p1-18.ia64.rpm", "packageName": "openssh-clients", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "ia64", "packageFilename": "openssh-askpass-3.1p1-18.ia64.rpm", "packageName": "openssh-askpass", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "ia64", "packageFilename": "openssh-server-3.1p1-18.ia64.rpm", "packageName": "openssh-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "i386", "packageFilename": "openssh-3.1p1-18.i386.rpm", "packageName": "openssh", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "i386", "packageFilename": "openssh-clients-3.1p1-18.i386.rpm", "packageName": "openssh-clients", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "ia64", "packageFilename": "openssh-3.1p1-18.ia64.rpm", "packageName": "openssh", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "i386", "packageFilename": "openssh-askpass-3.1p1-18.i386.rpm", "packageName": "openssh-askpass", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "i386", "packageFilename": "openssh-server-3.1p1-18.i386.rpm", "packageName": "openssh-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "i386", "packageFilename": "openssh-askpass-gnome-3.1p1-18.i386.rpm", "packageName": "openssh-askpass-gnome", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.1p1-18", "arch": "ia64", "packageFilename": "openssh-askpass-gnome-3.1p1-18.ia64.rpm", "packageName": "openssh-askpass-gnome", "operator": "lt"}], "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH\r\nreplaces rlogin and rsh, and provides secure encrypted communications\r\nbetween two untrusted hosts over an insecure network. X11 connections and\r\narbitrary TCP/IP ports can also be forwarded over a secure channel. Public\r\nkey authentication can be used for \"passwordless\" access to servers.\r\n\r\nThe scp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses scp to copy files from a malicious server.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2004-0175 to this issue.\r\n\r\nThese updated packages also correct the following bug:\r\n\r\nOn systems in which direct ssh access for the root user was disabled by\r\nconfiguration (setting \"PermitRootLogin no\"), attempts to guess the root\r\npassword could be judged as sucessful or unsucessful by observing a delay.\r\n\r\nUsers of openssh should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.", "reporter": "RedHat", "published": "2005-06-02T04:00:00", "type": "redhat", "title": "(RHSA-2005:481) openssh security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:27:16", "id": "RHSA-2005:481", "href": "https://access.redhat.com/errata/RHSA-2005:481", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-14T15:43:51", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-31.EL4.3.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-26.EL3.3.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet", "packageFilename": "telnet-0.17-26.EL3.3.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet", "packageFilename": "telnet-0.17-31.EL4.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet", "packageFilename": "telnet-0.17-26.EL3.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-20.EL2.4", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-20.EL2.4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-31.EL4.3.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-31.EL4.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-20.EL2.4", "packageName": "telnet", "packageFilename": "telnet-0.17-20.EL2.4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet", "packageFilename": "telnet-0.17-26.EL3.3.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-26.EL3.3.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet", "packageFilename": "telnet-0.17-31.EL4.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-31.EL4.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet", "packageFilename": "telnet-0.17-31.EL4.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet", "packageFilename": "telnet-0.17-26.EL3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-20.EL2.4", "packageName": "telnet", "packageFilename": "telnet-0.17-20.EL2.4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet", "packageFilename": "telnet-0.17-31.EL4.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-20.EL2.4", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-20.EL2.4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-26.EL3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet", "packageFilename": "telnet-0.17-31.EL4.3.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet", "packageFilename": "telnet-0.17-26.EL3.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-31.EL4.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-26.EL3.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet", "packageFilename": "telnet-0.17-26.EL3.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet", "packageFilename": "telnet-0.17-31.EL4.3.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-26.EL3.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-31.EL4.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-31.EL4.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageName": "telnet-server", "packageFilename": "telnet-server-0.17-26.EL3.3.ia64.rpm", "arch": "ia64", "operator": "lt"}], "description": "The telnet package provides a command line telnet client. \r\n\r\nGael Delalleau discovered an information disclosure issue in the way the\r\ntelnet client handles messages from a server. An attacker could construct\r\na malicious telnet server that collects information from the environment of\r\nany victim who connects to it. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-0488 to this issue.\r\n\r\nUsers of telnet should upgrade to this updated package, which contains a\r\nbackported patch to correct this issue.", "reporter": "RedHat", "published": "2005-06-14T04:00:00", "type": "redhat", "title": "(RHSA-2005:504) telnet security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-0488"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:25:50", "id": "RHSA-2005:504", "href": "https://access.redhat.com/errata/RHSA-2005:504", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "centos": [{"lastseen": "2017-10-12T14:46:11", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.2.2-37", "arch": "i386", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.2-37.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.2.2-37", "arch": "i386", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.2-37.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.2.2-37", "arch": "i386", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.2-37.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.2.2-37", "arch": "i386", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.2-37.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:562-01\n\n\nKerberos is a networked authentication system which uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Although no exploit is\r\ncurrently known to exist, this issue could potentially be exploited to\r\nallow arbitrary code execution on a Key Distribution Center (KDC). The\r\nCommon Vulnerabilities and Exposures project assigned the name\r\nCAN-2005-1689 to this issue. \r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175). \r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175). \r\n\r\nAll users of krb5 should update to these erratum packages which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011936.html\n\n**Affected packages:**\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-07-18T23:04:00", "title": "krb5 security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2005-07-18T23:04:00", "href": "http://lists.centos.org/pipermail/centos-announce/2005-July/011936.html", "id": "CESA-2005:562-01", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:45:54", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-567.html", "https://rhn.redhat.com/errata/RHSA-2005-562.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-47", "arch": "ia64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.2.7-47.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-47", "arch": "ia64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.2.7-47.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "any", "packageName": "krb5", "packageFilename": "krb5-1.3.4-17.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "any", "packageName": "krb5", "packageFilename": "krb5-1.3.4-17.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "i386", "packageName": "krb5-server", "packageFilename": "krb5-server-1.3.4-17.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "x86_64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.3.4-17.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-47", "arch": "ia64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.2.7-47.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "ia64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.3.4-17.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "i386", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.3.4-17.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "x86_64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-17.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "x86_64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.3.4-17.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "ia64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.3.4-17.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "i386", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-17.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "i386", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-17.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "i386", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.3.4-17.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "ia64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.3.4-17.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.2.7-47", "arch": "ia64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.2.7-47.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "x86_64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.3.4-17.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.3.4-17", "arch": "ia64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.3.4-17.ia64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:567\n\n\nKerberos is a networked authentication system that uses a trusted third\r\nparty (a KDC) to authenticate clients and servers to each other.\r\n\r\nA double-free flaw was found in the krb5_recvauth() routine which may be\r\ntriggered by a remote unauthenticated attacker. Red Hat Enterprise Linux 4\r\ncontains checks within glibc that detect double-free flaws. Therefore, on\r\nRed Hat Enterprise Linux 4 successful exploitation of this issue can only\r\nlead to a denial of service (KDC crash). The Common Vulnerabilities and\r\nExposures project assigned the name CAN-2005-1689 to this issue.\r\n\r\nDaniel Wachdorf discovered a single byte heap overflow in the\r\nkrb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of\r\nthis flaw would lead to a denial of service (crash). To trigger this flaw\r\nan attacker would need to have control of a kerberos realm that shares a\r\ncross-realm key with the target, making exploitation of this flaw unlikely.\r\n(CAN-2005-1175).\r\n\r\nDaniel Wachdorf also discovered that in error conditions that may occur in\r\nresponse to correctly-formatted client requests, the Kerberos 5 KDC may\r\nattempt to free uninitialized memory. This could allow a remote attacker\r\nto cause a denial of service (KDC crash) (CAN-2005-1174).\r\n\r\nGa\u00ebl Delalleau discovered an information disclosure issue in the way\r\nsome telnet clients handle messages from a server. An attacker could\r\nconstruct a malicious telnet server that collects information from the\r\nenvironment of any victim who connects to it using the Kerberos-aware\r\ntelnet client (CAN-2005-0488).\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses the Kerberos-aware rcp to copy files from a\r\nmalicious server (CAN-2004-0175).\r\n\r\nAll users of krb5 should update to these erratum packages, which contain\r\nbackported patches to correct these issues. Red Hat would like to thank\r\nthe MIT Kerberos Development Team for their responsible disclosure of these\r\nissues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011927.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011928.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011929.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-July/011930.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-562.html\nhttps://rhn.redhat.com/errata/RHSA-2005-567.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-07-13T00:28:39", "title": "krb5 security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2005-07-14T18:12:17", "href": "http://lists.centos.org/pipermail/centos-announce/2005-July/011927.html", "id": "CESA-2005:567", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-25T13:03:16", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "3.1p1-18", "packageFilename": "openssh-server-3.1p1-18.i386.rpm", "packageName": "openssh-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "3.1p1-18", "packageFilename": "openssh-askpass-3.1p1-18.i386.rpm", "packageName": "openssh-askpass", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "3.1p1-18", "packageFilename": "openssh-3.1p1-18.i386.rpm", "packageName": "openssh", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "3.1p1-18", "packageFilename": "openssh-clients-3.1p1-18.i386.rpm", "packageName": "openssh-clients", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "3.1p1-18", "packageFilename": "openssh-askpass-gnome-3.1p1-18.i386.rpm", "packageName": "openssh-askpass-gnome", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:481-01\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH\r\nreplaces rlogin and rsh, and provides secure encrypted communications\r\nbetween two untrusted hosts over an insecure network. X11 connections and\r\narbitrary TCP/IP ports can also be forwarded over a secure channel. Public\r\nkey authentication can be used for \"passwordless\" access to servers.\r\n\r\nThe scp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses scp to copy files from a malicious server.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2004-0175 to this issue.\r\n\r\nThese updated packages also correct the following bug:\r\n\r\nOn systems in which direct ssh access for the root user was disabled by\r\nconfiguration (setting \"PermitRootLogin no\"), attempts to guess the root\r\npassword could be judged as sucessful or unsucessful by observing a delay.\r\n\r\nUsers of openssh should upgrade to these updated packages, which contain\r\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011796.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 3, "reporter": "CentOS Project", "published": "2005-06-05T22:53:04", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "openssh security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "modified": "2005-06-05T22:53:04", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/011796.html", "id": "CESA-2005:481-01", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-25T07:01:00", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.17-18.AS21.4", "arch": "i386", "packageName": "rsh", "packageFilename": "rsh-0.17-18.AS21.4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.17-18.AS21.4", "arch": "i386", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-18.AS21.4.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:495-01\n\n\nThe rsh package contains a set of programs that allow users to run\r\ncommands on remote machines, login to other machines, and copy files\r\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\r\nthese commands use rhosts-style authentication.\r\n\r\nThe rcp protocol allows a server to instruct a client to write to arbitrary\r\nfiles outside of the current directory. This could potentially cause a\r\nsecurity issue if a user uses rcp to copy files from a malicious server. \r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2004-0175 to this issue.\r\n\r\nAll users of rsh should upgrade to these updated packages, which resolve\r\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011853.html\n\n**Affected packages:**\nrsh\nrsh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 3, "reporter": "CentOS Project", "published": "2005-06-13T22:49:37", "title": "rsh security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "modified": "2005-06-13T22:49:37", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/011853.html", "id": "CESA-2005:495-01", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-12T14:46:01", "references": ["http://iki.fi/upi/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2005-106.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-server-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.src.rpm", "packageName": "openssh", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.src.rpm", "packageName": "openssh", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-gnome-3.6.1p2-33.30.4.s390.rpm", "packageName": "openssh-askpass-gnome", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-server-3.6.1p2-33.30.4.s390.rpm", "packageName": "openssh-server", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-clients-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh-clients", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-clients-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh-clients", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh-askpass", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-gnome-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh-askpass-gnome", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-clients-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh-clients", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-clients-3.6.1p2-33.30.4.s390x.rpm", "packageName": "openssh-clients", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-server-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh-server", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-3.6.1p2-33.30.4.s390.rpm", "packageName": "openssh-askpass", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.s390x.rpm", "packageName": "openssh", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-clients-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh-clients", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh-askpass", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-server-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-gnome-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh-askpass-gnome", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-server-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.s390.rpm", "packageName": "openssh", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-3.6.1p2-33.30.4.s390x.rpm", "packageName": "openssh-askpass", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.src.rpm", "packageName": "openssh", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.src.rpm", "packageName": "openssh", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-gnome-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh-askpass-gnome", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-gnome-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh-askpass-gnome", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-server-3.6.1p2-33.30.4.s390x.rpm", "packageName": "openssh-server", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-server-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh-askpass", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-gnome-3.6.1p2-33.30.4.s390x.rpm", "packageName": "openssh-askpass-gnome", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-clients-3.6.1p2-33.30.4.s390.rpm", "packageName": "openssh-clients", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-3.6.1p2-33.30.4.x86_64.rpm", "packageName": "openssh-askpass", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-clients-3.6.1p2-33.30.4.ia64.rpm", "packageName": "openssh-clients", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh-askpass", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.6.1p2-33.30.4", "packageFilename": "openssh-askpass-gnome-3.6.1p2-33.30.4.i386.rpm", "packageName": "openssh-askpass-gnome", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:106\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH\nreplaces rlogin and rsh, and provides secure encrypted communications\nbetween two untrusted hosts over an insecure network. X11 connections and\narbitrary TCP/IP ports can also be forwarded over a secure channel. Public\nkey authentication can be used for \"passwordless\" access to servers.\n\nThe scp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses scp to copy files from a malicious server.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also correct the following bugs:\n\nOn systems where direct ssh access for the root user was disabled by\nconfiguration (setting \"PermitRootLogin no\"), attempts to guess the root\npassword could be judged as sucessful or unsucessful by observing a delay.\n\nOn systems where the privilege separation feature was turned on, the user\nresource limits were not correctly set if the configuration specified to\nraise them above the defaults. It was also not possible to change an\nexpired password.\n\nUsers of openssh should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011674.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011680.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011722.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011723.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011731.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011732.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-106.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-05-18T18:00:09", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "openssh security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "modified": "2005-05-20T15:31:30", "href": "http://lists.centos.org/pipermail/centos-announce/2005-May/011674.html", "id": "CESA-2005:106", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-12T14:46:08", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-165.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-25.3", "arch": "i386", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-25.3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-25.3", "arch": "any", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-25.3", "arch": "any", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-25.3", "arch": "i386", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-25.3", "arch": "ia64", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-25.3.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-25.3", "arch": "x86_64", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-25.3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-25.3", "arch": "x86_64", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-25.3", "arch": "ia64", "packageName": "rsh", "packageFilename": "rsh-0.17-25.3.ia64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:165\n\n\nThe rsh package contains a set of programs that allow users to run\ncommands on remote machines, login to other machines, and copy files\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\nthese commands use rhosts-style authentication.\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses rcp to copy files from a malicious server.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also address the following bugs:\n\nThe rlogind server reported \"SIGCHLD set to SIG_IGN but calls wait()\"\nmessage to the system log because the original BSD code was ported\nincorrectly to linux.\n\nThe rexecd server did not function on systems where client hostnames were\nnot in the DNS service, because server code called gethostbyaddr() for each\nnew connection.\n\nThe rcp command incorrectly used the \"errno\" variable and produced\nerroneous error messages.\n\nThe rexecd command ignored settings in the /etc/security/limits file,\nbecause the PAM session was incorrectly initialized.\n\nAll users of rsh should upgrade to these updated packages, which resolve\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011799.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011801.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011802.html\n\n**Affected packages:**\nrsh\nrsh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-165.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-06-08T17:59:42", "title": "rsh security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "modified": "2005-06-08T23:28:58", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/011799.html", "id": "CESA-2005:165", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-12T14:45:54", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-074.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-17.6", "arch": "x86_64", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-17.6", "arch": "x86_64", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-17.6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "s390", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-17.6.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "any", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "any", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "x86_64", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-17.6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "i386", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-17.6.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "s390x", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "ia64", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-17.6.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-17.6", "arch": "any", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-17.6", "arch": "any", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-17.6", "arch": "i386", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-17.6.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "x86_64", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "ia64", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "s390", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-17.6", "arch": "i386", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "s390x", "packageName": "rsh-server", "packageFilename": "rsh-server-0.17-17.6.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-17.6", "arch": "i386", "packageName": "rsh", "packageFilename": "rsh-0.17-17.6.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:074\n\n\nThe rsh package contains a set of programs that allow users to run\ncommands on remote machines, login to other machines, and copy files\nbetween machines, using the rsh, rlogin, and rcp commands. All three of\nthese commands use rhosts-style authentication.\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary\nfiles outside of the current directory. This could potentially cause a\nsecurity issue if a user uses rcp to copy files from a malicious server. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0175 to this issue.\n\nThese updated packages also address the following bugs:\n\nThe rexec command failed with \"Invalid Argument\", because the code\nused sigaction() as an unsupported signal.\n\nThe rlogind server reported \"SIGCHLD set to SIG_IGN but calls wait()\"\nmessage to the system log because the original BSD code was ported\nincorrectly to linux.\n\nThe rexecd server did not function on systems where client hostnames were\nnot in the DNS service, because server code called gethostbyaddr() for each\nnew connection.\n\nThe rcp command incorrectly used the \"errno\" variable and produced\nerroneous error messages.\n\nThe rexecd command ignored settings in the /etc/security/limits file,\nbecause the PAM session was incorrectly initialized.\n\nThe rexec command prompted for username and password regardless of the\n~/.netrc configuration file contents. This updated package contains a patch\nthat no longer skips the ~/.netrc file. \n\nAll users of rsh should upgrade to these updated packages, which resolve\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011673.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011679.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011724.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011725.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011733.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011734.html\n\n**Affected packages:**\nrsh\nrsh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-074.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-05-18T17:58:16", "title": "rsh security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0175"], "modified": "2005-05-20T15:33:52", "href": "http://lists.centos.org/pipermail/centos-announce/2005-May/011673.html", "id": "CESA-2005:074", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-12T14:46:28", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.17-20.EL2.4", "packageFilename": "telnet-server-0.17-20.EL2.4.i386.rpm", "packageName": "telnet-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.17-20.EL2.4", "packageFilename": "telnet-0.17-20.EL2.4.i386.rpm", "packageName": "telnet", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:504-00\n\n\nThe telnet package provides a command line telnet client. \r\n\r\nGael Delalleau discovered an information disclosure issue in the way the\r\ntelnet client handles messages from a server. An attacker could construct\r\na malicious telnet server that collects information from the environment of\r\nany victim who connects to it. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-0488 to this issue.\r\n\r\nUsers of telnet should upgrade to this updated package, which contains a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011871.html\n\n**Affected packages:**\ntelnet\ntelnet-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-06-14T23:05:19", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "telnet security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0488"], "modified": "2005-06-14T23:05:19", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/011871.html", "id": "CESA-2005:504-00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-10-12T14:45:04", "references": ["http://iki.fi/upi/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2005-504.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-31.EL4.3", "packageFilename": "telnet-0.17-31.EL4.3.ia64.rpm", "packageName": "telnet", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-0.17-26.EL3.3.x86_64.rpm", "packageName": "telnet", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-server-0.17-26.EL3.3.s390.rpm", "packageName": "telnet-server", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-0.17-26.EL3.3.s390x.rpm", "packageName": "telnet", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-server-0.17-26.EL3.3.ia64.rpm", "packageName": "telnet-server", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-server-0.17-26.EL3.3.i386.rpm", "packageName": "telnet-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-0.17-26.EL3.3.ia64.rpm", "packageName": "telnet", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-31.EL4.3", "packageFilename": "telnet-0.17-31.EL4.3.i386.rpm", "packageName": "telnet", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-server-0.17-26.EL3.3.s390x.rpm", "packageName": "telnet-server", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-server-0.17-26.EL3.3.x86_64.rpm", "packageName": "telnet-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-0.17-26.EL3.3.s390.rpm", "packageName": "telnet", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-31.EL4.3", "packageFilename": "telnet-server-0.17-31.EL4.3.ia64.rpm", "packageName": "telnet-server", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-31.EL4.3", "packageFilename": "telnet-0.17-31.EL4.3.x86_64.rpm", "packageName": "telnet", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-0.17-26.EL3.3.src.rpm", "packageName": "telnet", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-0.17-26.EL3.3.src.rpm", "packageName": "telnet", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-31.EL4.3", "packageFilename": "telnet-0.17-31.EL4.3.src.rpm", "packageName": "telnet", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-31.EL4.3", "packageFilename": "telnet-0.17-31.EL4.3.src.rpm", "packageName": "telnet", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-31.EL4.3", "packageFilename": "telnet-server-0.17-31.EL4.3.x86_64.rpm", "packageName": "telnet-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "0.17-31.EL4.3", "packageFilename": "telnet-server-0.17-31.EL4.3.i386.rpm", "packageName": "telnet-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "any", "packageVersion": "0.17-26.EL3.3", "packageFilename": "telnet-0.17-26.EL3.3.i386.rpm", "packageName": "telnet", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:504\n\n\nThe telnet package provides a command line telnet client. \r\n\r\nGael Delalleau discovered an information disclosure issue in the way the\r\ntelnet client handles messages from a server. An attacker could construct\r\na malicious telnet server that collects information from the environment of\r\nany victim who connects to it. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-0488 to this issue.\r\n\r\nUsers of telnet should upgrade to this updated package, which contains a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011858.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011860.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011861.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011864.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011865.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011867.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-June/011869.html\n\n**Affected packages:**\ntelnet\ntelnet-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-504.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-06-14T20:30:21", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "telnet security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0488"], "modified": "2005-06-14T22:59:19", "href": "http://lists.centos.org/pipermail/centos-announce/2005-June/011858.html", "id": "CESA-2005:504", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:39:34", "references": ["http://www.nessus.org/u?20d6a900", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt"], "pluginID": "19201", "description": "A number of vulnerabilities have been corrected in this Kerberos update :\n\nThe rcp protocol would allow a server to instruct a client to write to arbitrary files outside of the current directory. The Kerberos-aware rcp could be abused to copy files from a malicious server (CVE-2004-0175).\n\nGael Delalleau discovered an information disclosure vulnerability in the way some telnet clients handled messages from a server. This could be abused by a malicious telnet server to collect information from the environment of any victim connecting to the server using the Kerberos- aware telnet client (CVE-2005-0488).\n\nDaniel Wachdorf disovered that in error conditions that could occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory, which could cause the KDC to crash resulting in a Denial of Service (CVE-2005-1174).\n\nDaniel Wachdorf also discovered a single-byte heap overflow in the krb5_unparse_name() function that could, if successfully exploited, lead to a crash, resulting in a DoS. To trigger this flaw, an attacker would need to have control of a Kerberos realm that shares a cross- realm key with the target (CVE-2005-1175).\n\nFinally, a double-free flaw was discovered in the krb5_recvauth() routine which could be triggered by a remote unauthenticated attacker.\nThis issue could potentially be exploited to allow for the execution of arbitrary code on a KDC. No exploit is currently known to exist (CVE-2005-1689).\n\nThe updated packages have been patched to address this issue and Mandriva urges all users to upgrade to these packages as quickly as possible.", "edition": 6, "reporter": "Tenable", "published": "2005-07-14T00:00:00", "title": "Mandrake Linux Security Advisory : krb5 (MDKSA-2005:119)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:libkrb53", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "p-cpe:/a:mandriva:linux:krb5-server", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:libkrb51-devel", "p-cpe:/a:mandriva:linux:ftp-server-krb5", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:lib64krb53", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:ftp-client-krb5", "p-cpe:/a:mandriva:linux:lib64krb51", "p-cpe:/a:mandriva:linux:libkrb53-devel", "p-cpe:/a:mandriva:linux:telnet-client-krb5", "p-cpe:/a:mandriva:linux:telnet-server-krb5", "p-cpe:/a:mandriva:linux:libkrb51", "p-cpe:/a:mandriva:linux:lib64krb51-devel"], "id": "MANDRAKE_MDKSA-2005-119.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19201", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:119. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19201);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-0488\", \"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"CERT\", value:\"259798\");\n script_xref(name:\"CERT\", value:\"623332\");\n script_xref(name:\"CERT\", value:\"885830\");\n script_xref(name:\"MDKSA\", value:\"2005:119\");\n\n script_name(english:\"Mandrake Linux Security Advisory : krb5 (MDKSA-2005:119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities have been corrected in this Kerberos\nupdate :\n\nThe rcp protocol would allow a server to instruct a client to write to\narbitrary files outside of the current directory. The Kerberos-aware\nrcp could be abused to copy files from a malicious server\n(CVE-2004-0175).\n\nGael Delalleau discovered an information disclosure vulnerability in\nthe way some telnet clients handled messages from a server. This could\nbe abused by a malicious telnet server to collect information from the\nenvironment of any victim connecting to the server using the Kerberos-\naware telnet client (CVE-2005-0488).\n\nDaniel Wachdorf disovered that in error conditions that could occur in\nresponse to correctly-formatted client requests, the Kerberos 5 KDC\nmay attempt to free uninitialized memory, which could cause the KDC to\ncrash resulting in a Denial of Service (CVE-2005-1174).\n\nDaniel Wachdorf also discovered a single-byte heap overflow in the\nkrb5_unparse_name() function that could, if successfully exploited,\nlead to a crash, resulting in a DoS. To trigger this flaw, an attacker\nwould need to have control of a Kerberos realm that shares a cross-\nrealm key with the target (CVE-2005-1175).\n\nFinally, a double-free flaw was discovered in the krb5_recvauth()\nroutine which could be triggered by a remote unauthenticated attacker.\nThis issue could potentially be exploited to allow for the execution\nof arbitrary code on a KDC. No exploit is currently known to exist\n(CVE-2005-1689).\n\nThe updated packages have been patched to address this issue and\nMandriva urges all users to upgrade to these packages as quickly as\npossible.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt\"\n );\n # http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20d6a900\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb51-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb51-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"ftp-client-krb5-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"ftp-server-krb5-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"krb5-server-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"krb5-workstation-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64krb51-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64krb51-devel-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkrb51-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libkrb51-devel-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"telnet-client-krb5-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"telnet-server-krb5-1.3-6.6.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"ftp-client-krb5-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ftp-server-krb5-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"krb5-server-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"krb5-workstation-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64krb53-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkrb53-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libkrb53-devel-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"telnet-client-krb5-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"telnet-server-krb5-1.3.4-2.3.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"ftp-client-krb5-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ftp-server-krb5-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"krb5-server-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"krb5-workstation-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64krb53-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libkrb53-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libkrb53-devel-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"telnet-client-krb5-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"telnet-server-krb5-1.3.6-6.1.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:29", "references": ["http://www.nessus.org/u?856ba129", "http://www.nessus.org/u?4588a66b", "http://www.nessus.org/u?406ed05c"], "pluginID": "21840", "description": "Updated krb5 packages which fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\n[Updated 26 Sep 2005] krb5-server packages have been added to this advisory for Red Hat Enterprise Linux 3 WS and Red Hat Enterprise Linux 3 Desktop.\n\nKerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Although no exploit is currently known to exist, this issue could potentially be exploited to allow arbitrary code execution on a Key Distribution Center (KDC).\nThe Common Vulnerabilities and Exposures project assigned the name CVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CVE-2005-1175).\n\nGael Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages which contain backported patches to correct these issues. Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of these issues.", "edition": 5, "reporter": "Tenable", "published": "2006-07-03T00:00:00", "title": "CentOS 3 : krb5 (CESA-2005:562)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2016-11-17T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-workstation", "p-cpe:/a:centos:centos:krb5-devel", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-libs", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-562.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21840", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:562 and \n# CentOS Errata and Security Advisory 2005:562 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21840);\n script_version(\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2016/11/17 20:59:08 $\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-0488\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"RHSA\", value:\"2005:562\");\n\n script_name(english:\"CentOS 3 : krb5 (CESA-2005:562)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages which fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 26 Sep 2005] krb5-server packages have been added to this\nadvisory for Red Hat Enterprise Linux 3 WS and Red Hat Enterprise\nLinux 3 Desktop.\n\nKerberos is a networked authentication system which uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Although no exploit\nis currently known to exist, this issue could potentially be exploited\nto allow arbitrary code execution on a Key Distribution Center (KDC).\nThe Common Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-July/011925.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?856ba129\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-July/011926.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4588a66b\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-July/011930.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?406ed05c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-devel-1.2.7-47\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-libs-1.2.7-47\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-server-1.2.7-47\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-workstation-1.2.7-47\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:37:05", "references": ["http://rhn.redhat.com/errata/RHSA-2005-562.html", "https://www.redhat.com/security/data/cve/CVE-2005-0488.html", "http://www.nessus.org/u?20d6a900", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt", "https://www.redhat.com/security/data/cve/CVE-2004-0175.html", "https://www.redhat.com/security/data/cve/CVE-2005-1175.html", "https://www.redhat.com/security/data/cve/CVE-2005-1689.html"], "pluginID": "18687", "description": "Updated krb5 packages which fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\n[Updated 26 Sep 2005] krb5-server packages have been added to this advisory for Red Hat Enterprise Linux 3 WS and Red Hat Enterprise Linux 3 Desktop.\n\nKerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Although no exploit is currently known to exist, this issue could potentially be exploited to allow arbitrary code execution on a Key Distribution Center (KDC).\nThe Common Vulnerabilities and Exposures project assigned the name CVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CVE-2005-1175).\n\nGael Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages which contain backported patches to correct these issues. Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of these issues.", "edition": 5, "reporter": "Tenable", "published": "2005-07-13T00:00:00", "title": "RHEL 2.1 / 3 : krb5 (RHSA-2005:562)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-0488", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2016-12-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "p-cpe:/a:redhat:enterprise_linux:krb5-server"], "id": "REDHAT-RHSA-2005-562.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:562. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18687);\n script_version (\"$Revision: 1.22 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:55:19 $\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-0488\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"RHSA\", value:\"2005:562\");\n\n script_name(english:\"RHEL 2.1 / 3 : krb5 (RHSA-2005:562)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages which fix multiple security issues are now\navailable for Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\n[Updated 26 Sep 2005] krb5-server packages have been added to this\nadvisory for Red Hat Enterprise Linux 3 WS and Red Hat Enterprise\nLinux 3 Desktop.\n\nKerberos is a networked authentication system which uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Although no exploit\nis currently known to exist, this issue could potentially be exploited\nto allow arbitrary code execution on a Key Distribution Center (KDC).\nThe Common Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-0488.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-1175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-1689.html\"\n );\n # http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20d6a900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-562.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:562\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-devel-1.2.2-37\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-libs-1.2.2-37\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-server-1.2.2-37\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-workstation-1.2.2-37\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-devel-1.2.7-47\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-libs-1.2.7-47\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-server-1.2.7-47\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-workstation-1.2.7-47\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:44:06", "references": ["http://www.nessus.org/u?dc626fd2", "http://www.nessus.org/u?e9a824d1", "http://www.nessus.org/u?dae20462"], "pluginID": "21946", "description": "Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nKerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Red Hat Enterprise Linux 4 contains checks within glibc that detect double-free flaws.\nTherefore, on Red Hat Enterprise Linux 4 successful exploitation of this issue can only lead to a denial of service (KDC crash). The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory. This could allow a remote attacker to cause a denial of service (KDC crash) (CVE-2005-1174).\n\nGael Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages, which contain backported patches to correct these issues. Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of these issues.", "edition": 6, "reporter": "Tenable", "published": "2006-07-05T00:00:00", "title": "CentOS 4 : krb5 (CESA-2005:567)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2018-08-09T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-workstation", "p-cpe:/a:centos:centos:krb5-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-libs"], "id": "CENTOS_RHSA-2005-567.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:567 and \n# CentOS Errata and Security Advisory 2005:567 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21946);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/09 17:06:35\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"RHSA\", value:\"2005:567\");\n\n script_name(english:\"CentOS 4 : krb5 (CESA-2005:567)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKerberos is a networked authentication system that uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Red Hat Enterprise\nLinux 4 contains checks within glibc that detect double-free flaws.\nTherefore, on Red Hat Enterprise Linux 4 successful exploitation of\nthis issue can only lead to a denial of service (KDC crash). The\nCommon Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages, which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-July/011927.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dae20462\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-July/011928.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc626fd2\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-July/011929.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9a824d1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-devel-1.3.4-17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-libs-1.3.4-17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-server-1.3.4-17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-workstation-1.3.4-17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:58", "references": ["https://www.redhat.com/security/data/cve/CVE-2005-1174.html", "https://www.redhat.com/security/data/cve/CVE-2004-0175.html", "http://rhn.redhat.com/errata/RHSA-2005-567.html", "https://www.redhat.com/security/data/cve/CVE-2005-1175.html", "https://www.redhat.com/security/data/cve/CVE-2005-1689.html"], "pluginID": "18688", "description": "Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nKerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Red Hat Enterprise Linux 4 contains checks within glibc that detect double-free flaws.\nTherefore, on Red Hat Enterprise Linux 4 successful exploitation of this issue can only lead to a denial of service (KDC crash). The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory. This could allow a remote attacker to cause a denial of service (KDC crash) (CVE-2005-1174).\n\nGael Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages, which contain backported patches to correct these issues. Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of these issues.", "edition": 6, "reporter": "Tenable", "published": "2005-07-13T00:00:00", "title": "RHEL 4 : krb5 (RHSA-2005:567)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175", "CVE-2004-0175"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "p-cpe:/a:redhat:enterprise_linux:krb5-server"], "id": "REDHAT-RHSA-2005-567.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:567. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18688);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"RHSA\", value:\"2005:567\");\n\n script_name(english:\"RHEL 4 : krb5 (RHSA-2005:567)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKerberos is a networked authentication system that uses a trusted\nthird party (a KDC) to authenticate clients and servers to each other.\n\nA double-free flaw was found in the krb5_recvauth() routine which may\nbe triggered by a remote unauthenticated attacker. Red Hat Enterprise\nLinux 4 contains checks within glibc that detect double-free flaws.\nTherefore, on Red Hat Enterprise Linux 4 successful exploitation of\nthis issue can only lead to a denial of service (KDC crash). The\nCommon Vulnerabilities and Exposures project assigned the name\nCVE-2005-1689 to this issue.\n\nDaniel Wachdorf discovered a single byte heap overflow in the\nkrb5_unparse_name() function, part of krb5-libs. Sucessful\nexploitation of this flaw would lead to a denial of service (crash).\nTo trigger this flaw an attacker would need to have control of a\nkerberos realm that shares a cross-realm key with the target, making\nexploitation of this flaw unlikely. (CVE-2005-1175).\n\nDaniel Wachdorf also discovered that in error conditions that may\noccur in response to correctly-formatted client requests, the Kerberos\n5 KDC may attempt to free uninitialized memory. This could allow a\nremote attacker to cause a denial of service (KDC crash)\n(CVE-2005-1174).\n\nGael Delalleau discovered an information disclosure issue in the way\nsome telnet clients handle messages from a server. An attacker could\nconstruct a malicious telnet server that collects information from the\nenvironment of any victim who connects to it using the Kerberos-aware\ntelnet client (CVE-2005-0488).\n\nThe rcp protocol allows a server to instruct a client to write to\narbitrary files outside of the current directory. This could\npotentially cause a security issue if a user uses the Kerberos-aware\nrcp to copy files from a malicious server (CVE-2004-0175).\n\nAll users of krb5 should update to these erratum packages, which\ncontain backported patches to correct these issues. Red Hat would like\nto thank the MIT Kerberos Development Team for their responsible\ndisclosure of these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-1174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-1175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-1689.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-567.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(22, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:567\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-devel-1.3.4-17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-libs-1.3.4-17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-server-1.3.4-17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-workstation-1.3.4-17\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:35", "references": ["http://www.debian.org/security/2005/dsa-757"], "pluginID": "19219", "description": "Daniel Wachdorf reported two problems in the MIT krb5 distribution used for network authentication. First, the KDC program from the krb5-kdc package can corrupt the heap by trying to free memory which has already been freed on receipt of a certain TCP connection. This vulnerability can cause the KDC to crash, leading to a denial of service. [ CAN-2005-1174] Second, under certain rare circumstances this type of request can lead to a buffer overflow and remote code execution. [ CAN-2005-1175] \n\nAdditionally, Magnus Hagander reported another problem in which the krb5_recvauth function can in certain circumstances free previously freed memory, potentially leading to the execution of remote code. [ CAN-2005-1689] \n\nAll of these vulnerabilities are believed difficult to exploit, and no exploits have yet been discovered.", "edition": 6, "reporter": "Tenable", "published": "2005-07-18T00:00:00", "title": "Debian DSA-757-1 : krb5 - buffer overflow, double-free memory", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:krb5"], "id": "DEBIAN_DSA-757.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19219", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-757. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19219);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"CERT\", value:\"259798\");\n script_xref(name:\"CERT\", value:\"623332\");\n script_xref(name:\"CERT\", value:\"885830\");\n script_xref(name:\"DSA\", value:\"757\");\n\n script_name(english:\"Debian DSA-757-1 : krb5 - buffer overflow, double-free memory\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Daniel Wachdorf reported two problems in the MIT krb5 distribution\nused for network authentication. First, the KDC program from the\nkrb5-kdc package can corrupt the heap by trying to free memory which\nhas already been freed on receipt of a certain TCP connection. This\nvulnerability can cause the KDC to crash, leading to a denial of\nservice. [ CAN-2005-1174] Second, under certain rare circumstances\nthis type of request can lead to a buffer overflow and remote code\nexecution. [ CAN-2005-1175] \n\nAdditionally, Magnus Hagander reported another problem in which the\nkrb5_recvauth function can in certain circumstances free previously\nfreed memory, potentially leading to the execution of remote code. [\nCAN-2005-1689] \n\nAll of these vulnerabilities are believed difficult to exploit, and no\nexploits have yet been discovered.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-757\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the krb5 package.\n\nFor the old stable distribution (woody), these problems have been\nfixed in version 1.2.4-5woody10. Note that woody's KDC does not have\nTCP support and is not vulnerable to CAN-2005-1174.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.3.6-2sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"krb5-admin-server\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-clients\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-doc\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-ftpd\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-kdc\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-rsh-server\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-telnetd\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"krb5-user\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkadm55\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkrb5-dev\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkrb53\", reference:\"1.2.4-5woody10\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-admin-server\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-clients\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-doc\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-ftpd\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-kdc\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-rsh-server\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-telnetd\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-user\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkadm55\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkrb5-dev\", reference:\"1.3.6-2sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkrb53\", reference:\"1.3.6-2sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:43:36", "references": ["http://www.nessus.org/u?20d6a900", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt", "https://security.gentoo.org/glsa/200507-11"], "pluginID": "18686", "description": "The remote host is affected by the vulnerability described in GLSA-200507-11 (MIT Kerberos 5: Multiple vulnerabilities)\n\n Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request (CAN-2005-1174). He also discovered that the same request could lead to a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered that krb5_recvauth() function of MIT Kerberos 5 might try to double-free memory (CAN-2005-1689).\n Impact :\n\n Although exploitation is considered difficult, a remote attacker could exploit the single-byte heap overflow and the double-free vulnerability to execute arbitrary code, which could lead to the compromise of the whole Kerberos realm. A remote attacker could also use the heap corruption to cause a Denial of Service.\n Workaround :\n\n There are no known workarounds at this time.", "edition": 5, "reporter": "Tenable", "published": "2005-07-13T00:00:00", "title": "GLSA-200507-11 : MIT Kerberos 5: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mit-krb5"], "id": "GENTOO_GLSA-200507-11.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18686", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200507-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18686);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"GLSA\", value:\"200507-11\");\n\n script_name(english:\"GLSA-200507-11 : MIT Kerberos 5: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200507-11\n(MIT Kerberos 5: Multiple vulnerabilities)\n\n Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the\n heap by freeing unallocated memory when receiving a special TCP request\n (CAN-2005-1174). He also discovered that the same request could lead to\n a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered\n that krb5_recvauth() function of MIT Kerberos 5 might try to\n double-free memory (CAN-2005-1689).\n \nImpact :\n\n Although exploitation is considered difficult, a remote attacker\n could exploit the single-byte heap overflow and the double-free\n vulnerability to execute arbitrary code, which could lead to the\n compromise of the whole Kerberos realm. A remote attacker could also\n use the heap corruption to cause a Denial of Service.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt\"\n );\n # http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20d6a900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200507-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MIT Kerberos 5 users should upgrade to the latest available\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.4.1-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mit-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/mit-krb5\", unaffected:make_list(\"ge 1.4.1-r1\"), vulnerable:make_list(\"lt 1.4.1-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MIT Kerberos 5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:29", "references": [], "pluginID": "20767", "description": "Gael Delalleau discovered a buffer overflow in the env_opt_add() function of the Kerberos 4 and 5 telnet clients. By sending specially crafted replies, a malicious telnet server could exploit this to execute arbitrary code with the privileges of the user running the telnet client. (CVE-2005-0468)\n\nGael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By sending a specially constructed reply containing a large number of SLC (Set Local Character) commands, a remote attacker (i. e. a malicious telnet server) could execute arbitrary commands with the privileges of the user running the telnet client. (CVE-2005-0469)\n\nDaniel Wachdorf discovered two remote vulnerabilities in the Key Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP connection requests, a remote attacker could trigger a double-freeing of memory, which led to memory corruption and a crash of the KDC server. (CVE-2005-1174). Under rare circumstances the same type of TCP connection requests could also trigger a buffer overflow that could be exploited to run arbitrary code with the privileges of the KDC server.\n(CVE-2005-1175)\n\nMagnus Hagander discovered that the krb5_recvauth() function attempted to free previously freed memory in some situations. A remote attacker could possibly exploit this to run arbitrary code with the privileges of the program that called this function. Most imporantly, this affects the following daemons: kpropd (from the krb5-kdc package), klogind, and kshd (both from the krb5-rsh-server package).\n(CVE-2005-1689)\n\nPlease note that these packages are not officially supported by Ubuntu (they are in the 'universe' component of the archive).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2006-01-21T00:00:00", "title": "Ubuntu 4.10 / 5.04 : krb4, krb5 vulnerabilities (USN-224-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0469", "CVE-2005-0468", "CVE-2005-1175"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libkthacl1-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:libkrb-1-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-user", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-dev", "p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-doc", "p-cpe:/a:canonical:ubuntu_linux:libroken16-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:libkdb-1-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:libotp0-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server", "p-cpe:/a:canonical:ubuntu_linux:libsl0-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:krb5-clients", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd", "p-cpe:/a:canonical:ubuntu_linux:libkadm55", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-services", "p-cpe:/a:canonical:ubuntu_linux:libkafs0-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-x11", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers-x", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth1", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-docs", "p-cpe:/a:canonical:ubuntu_linux:libkrb53", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kip", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients-x", "p-cpe:/a:canonical:ubuntu_linux:libss0-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kdc", "p-cpe:/a:canonical:ubuntu_linux:libkadm1-kerberos4kth", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev"], "id": "UBUNTU_USN-224-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20767", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-224-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20767);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/19 23:44:03\");\n\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_xref(name:\"USN\", value:\"224-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : krb4, krb5 vulnerabilities (USN-224-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gael Delalleau discovered a buffer overflow in the env_opt_add()\nfunction of the Kerberos 4 and 5 telnet clients. By sending specially\ncrafted replies, a malicious telnet server could exploit this to\nexecute arbitrary code with the privileges of the user running the\ntelnet client. (CVE-2005-0468)\n\nGael Delalleau discovered a buffer overflow in the handling of the\nLINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By\nsending a specially constructed reply containing a large number of SLC\n(Set Local Character) commands, a remote attacker (i. e. a malicious\ntelnet server) could execute arbitrary commands with the privileges of\nthe user running the telnet client. (CVE-2005-0469)\n\nDaniel Wachdorf discovered two remote vulnerabilities in the Key\nDistribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP\nconnection requests, a remote attacker could trigger a double-freeing\nof memory, which led to memory corruption and a crash of the KDC\nserver. (CVE-2005-1174). Under rare circumstances the same type of TCP\nconnection requests could also trigger a buffer overflow that could be\nexploited to run arbitrary code with the privileges of the KDC server.\n(CVE-2005-1175)\n\nMagnus Hagander discovered that the krb5_recvauth() function attempted\nto free previously freed memory in some situations. A remote attacker\ncould possibly exploit this to run arbitrary code with the privileges\nof the program that called this function. Most imporantly, this\naffects the following daemons: kpropd (from the krb5-kdc package),\nklogind, and kshd (both from the krb5-rsh-server package).\n(CVE-2005-1689)\n\nPlease note that these packages are not officially supported by Ubuntu\n(they are in the 'universe' component of the archive).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-clients-x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-kip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-servers-x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-services\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kerberos4kth1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm1-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkafs0-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdb-1-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb-1-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkthacl1-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libotp0-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libroken16-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsl0-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libss0-kerberos4kth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-clients\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-clients-x\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-dev\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-docs\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-kdc\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-kip\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-servers\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-servers-x\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-services\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-user\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth-x11\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"kerberos4kth1\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-clients\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-doc\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-kdc\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"krb5-user\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkadm1-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkadm55\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkafs0-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkdb-1-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkrb-1-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkrb53\", pkgver:\"1.3.4-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libkthacl1-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libotp0-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libroken16-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libsl0-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libss0-kerberos4kth\", pkgver:\"1.2.2-10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-clients\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-clients-x\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-dev\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-docs\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-kdc\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-kip\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-servers\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-servers-x\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-services\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-user\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth-x11\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kerberos4kth1\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-clients\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-doc\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-kdc\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-user\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkadm1-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkadm55\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkafs0-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkdb-1-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkrb-1-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkrb53\", pkgver:\"1.3.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkthacl1-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libotp0-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libroken16-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libsl0-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libss0-kerberos4kth\", pkgver:\"1.2.2-11.1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kerberos4kth-clients / kerberos4kth-clients-x / kerberos4kth-dev / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:44", "references": ["http://www.nessus.org/u?e1eaa8b1"], "pluginID": "22462", "description": "s700_800 11.23 KRB5-Client Version 1.0 Cumulative patch : \n\nA potential security vulnerability has been identified with HP-UX running Kerberos. The vulnerability may be exploited by a remote unauthenticated user to execute arbitrary code.", "edition": 5, "reporter": "Tenable", "published": "2006-09-27T00:00:00", "title": "HP-UX PHSS_33389 : HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code (HPSBUX02152 SSRT5973 rev.1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_33389.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22462", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_33389. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22462);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2005-1689\");\n script_xref(name:\"HP\", value:\"emr_na-c00768776\");\n script_xref(name:\"HP\", value:\"HPSBUX02152\");\n script_xref(name:\"HP\", value:\"SSRT5973\");\n\n script_name(english:\"HP-UX PHSS_33389 : HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code (HPSBUX02152 SSRT5973 rev.1)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 KRB5-Client Version 1.0 Cumulative patch : \n\nA potential security vulnerability has been identified with HP-UX\nrunning Kerberos. The vulnerability may be exploited by a remote\nunauthenticated user to execute arbitrary code.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00768776\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1eaa8b1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_33389 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHSS_33389 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_33389\", \"PHSS_34991\", \"PHSS_39765\", \"PHSS_41167\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-64SLIB\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-IA32SLIB\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-IA64SLIB\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-PRG\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-RUN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-SHLIB\", version:\"B.11.23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:06:35", "references": ["https://getupdates.oracle.com/readme/112237-16"], "pluginID": "13387", "description": "SunOS 5.8: mech_krb5.so.1 and pam_krb5.so..\nDate this patch was last updated by Sun : Mar/24/09", "edition": 4, "reporter": "Tenable", "published": "2004-07-12T00:00:00", "title": "Solaris 8 (sparc) : 112237-16", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689"], "modified": "2014-08-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_112237.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13387", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(13387);\n script_version(\"$Revision: 1.36 $\");\n script_cvs_date(\"$Date: 2014/08/30 00:33:49 $\");\n\n script_cve_id(\"CVE-2005-1689\");\n\n script_name(english:\"Solaris 8 (sparc) : 112237-16\");\n script_summary(english:\"Check for patch 112237-16\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 112237-16\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8: mech_krb5.so.1 and pam_krb5.so..\nDate this patch was last updated by Sun : Mar/24/09\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/112237-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"112237-16\", obsoleted_by:\"\", package:\"SUNWgsdhx\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"112237-16\", obsoleted_by:\"\", package:\"SUNWgssdh\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"112237-16\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"112237-16\", obsoleted_by:\"\", package:\"SUNWgsskx\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"112237-16\", obsoleted_by:\"\", package:\"SUNWcslx\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"112237-16\", obsoleted_by:\"\", package:\"SUNWgssk\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"112237-16\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:19:19", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-doc_1.2.4-5woody10_all.deb", "arch": "all", "packageName": "krb5-doc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_arm.deb", "arch": "arm", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2.diff", "packageFilename": "krb5_1.3.6-2sarge2.diff.gz", "arch": "src", "packageName": "krb5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5_1.2.4-5woody10.dsc", "arch": "src", "packageName": "krb5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_arm.deb", "arch": "arm", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_arm.deb", "arch": "arm", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_arm.deb", "arch": "arm", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_arm.deb", "arch": "arm", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10.diff", "packageFilename": "krb5_1.2.4-5woody10.diff.gz", "arch": "src", "packageName": "krb5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_arm.deb", "arch": "arm", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_arm.deb", "arch": "arm", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-doc_1.3.6-2sarge2_all.deb", "arch": "all", "packageName": "krb5-doc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_mipsel.deb", "arch": "mipsel", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5_1.3.6-2sarge2.dsc", "arch": "src", "packageName": "krb5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_arm.deb", "arch": "arm", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-clients_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_m68k.deb", "arch": "m68k", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_hppa.deb", "arch": "hppa", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_alpha.deb", "arch": "alpha", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-telnetd_1.2.4-5woody10_hppa.deb", "arch": "hppa", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_s390.deb", "arch": "s390x", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_mips.deb", "arch": "mips", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-user_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-admin-server_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-telnetd_1.3.6-2sarge2_ia64.deb", "arch": "ia64", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-admin-server_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4.orig", "packageFilename": "krb5_1.2.4.orig.tar.gz", "arch": "src", "packageName": "krb5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_arm.deb", "arch": "arm", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-rsh-server_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_i386.deb", "arch": "i686", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_i386.deb", "arch": "i686", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_sparc.deb", "arch": "sparc", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-ftpd_1.2.4-5woody10_ia64.deb", "arch": "ia64", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb53_1.3.6-2sarge2_s390.deb", "arch": "s390x", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb53_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-user_1.2.4-5woody10_mipsel.deb", "arch": "mipsel", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-kdc_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-kdc_1.2.4-5woody10_arm.deb", "arch": "arm", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-ftpd_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "krb5-ftpd", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkadm55_1.2.4-5woody10_powerpc.deb", "arch": "ppc", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "krb5-clients_1.2.4-5woody10_mips.deb", "arch": "mips", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_sparc.deb", "arch": "sparc", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.2.4-5woody10", "packageFilename": "libkrb5-dev_1.2.4-5woody10_m68k.deb", "arch": "m68k", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkadm55_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "libkadm55", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "libkrb5-dev_1.3.6-2sarge2_alpha.deb", "arch": "alpha", "packageName": "libkrb5-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.6-2sarge2", "packageFilename": "krb5-rsh-server_1.3.6-2sarge2_powerpc.deb", "arch": "ppc", "packageName": "krb5-rsh-server", "operator": "lt"}], "edition": 1, "description": "Daniel Wachdorf reported two problems in the MIT krb5 distribution used for network authentication. First, the KDC program from the krb5-kdc package can corrupt the heap by trying to free memory which has already been freed on receipt of a certain TCP connection. This vulnerability can cause the KDC to crash, leading to a denial of service. [[CAN-2005-1174](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174>)] Second, under certain rare circumstances this type of request can lead to a buffer overflow and remote code execution. [[CAN-2005-1175](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175>)] \n\nAdditionally, Magnus Hagander reported another problem in which the krb5_recvauth function can in certain circumstances free previously freed memory, potentially leading to the execution of remote code. [[CAN-2005-1689](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689>)] \n\nAll of these vulnerabilities are believed difficult to exploit, and no exploits have yet been discovered.\n\nFor the old stable distribution (woody), these problems have been fixed in version 1.2.4-5woody10. Note that woody's KDC does not have TCP support and is not vulnerable to [CAN-2005-1174](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174>).\n\nFor the stable distribution (sarge), these problems have been fixed in version 1.3.6-2sarge2.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1.3.6-4.\n\nWe recommend that you upgrade your krb5 package.", "reporter": "Debian", "published": "2005-07-17T00:00:00", "type": "debian", "title": "krb5 -- buffer overflow, double-free memory", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2005-07-17T00:00:00", "id": "DSA-757", "href": "http://www.debian.org/security/dsa-757", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:25", "references": [], "pluginID": "54373", "description": "The remote host is missing an update to krb5\nannounced via advisory DSA 757-1.\n\nDaniel Wachdorf reported two problems in the MIT krb5 distribution used\nfor network authentication. First, the KDC program from the krb5-kdc\npackage can corrupt the heap by trying to free memory which has already\nbeen freed on receipt of a certain TCP connection. This vulnerability\ncan cause the KDC to crash, leading to a denial of service.\n[CVE-2005-1174] Second, under certain rare circumstances this type of\nrequest can lead to a buffer overflow and remote code execution.\n[CVE-2005-1175]\n\nAdditionally, Magnus Hagander reported another problem in which the\nkrb5_recvauth function can in certain circumstances free previously\nfreed memory, potentially leading to the execution of remote code.\n[CVE-2005-1689]\n\nAll of these vulnerabilities are believed difficult to exploit, and no\nexploits have yet been discovered.\n\nFor the old stable distribution (woody), these problems have been fixed\nin version 1.2.4-5woody10. Note that woody's KDC does not have TCP\nsupport and is not vulnerable to CVE-2005-1174.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 757-1 (krb5)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54373", "id": "OPENVAS:54373", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_757_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 757-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), these problems have been fixed in\nversion 1.3.6-2sarge2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.6-4.\n\nWe recommend that you upgrade your krb5 package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20757-1\";\ntag_summary = \"The remote host is missing an update to krb5\nannounced via advisory DSA 757-1.\n\nDaniel Wachdorf reported two problems in the MIT krb5 distribution used\nfor network authentication. First, the KDC program from the krb5-kdc\npackage can corrupt the heap by trying to free memory which has already\nbeen freed on receipt of a certain TCP connection. This vulnerability\ncan cause the KDC to crash, leading to a denial of service.\n[CVE-2005-1174] Second, under certain rare circumstances this type of\nrequest can lead to a buffer overflow and remote code execution.\n[CVE-2005-1175]\n\nAdditionally, Magnus Hagander reported another problem in which the\nkrb5_recvauth function can in certain circumstances free previously\nfreed memory, potentially leading to the execution of remote code.\n[CVE-2005-1689]\n\nAll of these vulnerabilities are believed difficult to exploit, and no\nexploits have yet been discovered.\n\nFor the old stable distribution (woody), these problems have been fixed\nin version 1.2.4-5woody10. Note that woody's KDC does not have TCP\nsupport and is not vulnerable to CVE-2005-1174.\";\n\n\nif(description)\n{\n script_id(54373);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-1689\", \"CVE-2005-1174\", \"CVE-2005-1175\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 757-1 (krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.2.4-5woody10\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.3.6-2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:23", "references": [], "pluginID": "54987", "description": "The remote host is missing updates announced in\nadvisory GLSA 200507-11.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "title": "Gentoo Security Advisory GLSA 200507-11 (mit-krb5)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54987", "id": "OPENVAS:54987", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote\nexecution of arbitrary code, possibly leading to the compromise of the\nentire Kerberos realm.\";\ntag_solution = \"All MIT Kerberos 5 users should upgrade to the latest available version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.4.1-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200507-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=98799\nhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt\nhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200507-11.\";\n\n \n\nif(description)\n{\n script_id(54987);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-1174\", \"CVE-2005-1175\", \"CVE-2005-1689\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200507-11 (mit-krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/mit-krb5\", unaffected: make_list(\"ge 1.4.1-r1\"), vulnerable: make_list(\"lt 1.4.1-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:51", "references": ["2008:191", "http://lists.mandriva.com/security-announce/2008-09/msg00008.php"], "pluginID": "1361412562310830694", "description": "Check for the Version of rsh", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for rsh MDVSA-2008:191 (rsh)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0175"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830694", "id": "OPENVAS:1361412562310830694", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for rsh MDVSA-2008:191 (rsh)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in the rcp protocol was discovered that allows a\n server to instruct a client to write arbitrary files outside of the\n current directory, which could potentially be a security concern if\n a user used rcp to copy files from a malicious server (CVE-2004-0175).\n\n This issue was originally corrected in MDKSA-2005:100, but the patch\n had not been applied to the development tree, so released packages\n after that date did not have the fix applied.\n \n This update also corrects an issue where rexecd did not honor settings\n in /etc/security/limits if pam_limits was in use.\";\n\ntag_affected = \"rsh on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-09/msg00008.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830694\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:191\");\n script_cve_id(\"CVE-2004-0175\");\n script_name( \"Mandriva Update for rsh MDVSA-2008:191 (rsh)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of rsh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~16.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~16.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~18.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~19.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~18.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~19.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~20.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~20.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:57:14", "references": ["2008:191", "http://lists.mandriva.com/security-announce/2008-09/msg00008.php"], "pluginID": "830694", "description": "Check for the Version of rsh", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Mandriva Update for rsh MDVSA-2008:191 (rsh)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0175"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830694", "id": "OPENVAS:830694", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for rsh MDVSA-2008:191 (rsh)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in the rcp protocol was discovered that allows a\n server to instruct a client to write arbitrary files outside of the\n current directory, which could potentially be a security concern if\n a user used rcp to copy files from a malicious server (CVE-2004-0175).\n\n This issue was originally corrected in MDKSA-2005:100, but the patch\n had not been applied to the development tree, so released packages\n after that date did not have the fix applied.\n \n This update also corrects an issue where rexecd did not honor settings\n in /etc/security/limits if pam_limits was in use.\";\n\ntag_affected = \"rsh on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-09/msg00008.php\");\n script_id(830694);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:191\");\n script_cve_id(\"CVE-2004-0175\");\n script_name( \"Mandriva Update for rsh MDVSA-2008:191 (rsh)\");\n\n script_summary(\"Check for the Version of rsh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~16.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~16.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~16.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~18.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~19.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~18.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~19.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"rsh\", rpm:\"rsh~0.17~20.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rsh-server\", rpm:\"rsh-server~0.17~20.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:13:55", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-21-119434-01-1", "119434-01"], "pluginID": "855053", "description": "Check for the Version of telnet", "edition": 1, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-06-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Solaris Update for telnet 119434-01", "type": "openvas", "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855053", "id": "OPENVAS:855053", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 119434-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855053);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"119434-01\");\n script_name( \"Solaris Update for telnet 119434-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119434-01-1\");\n\n script_summary(\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"119434-01\", package:\"SUNWtnetc\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:04", "references": ["110668-05", "http://sunsolve.sun.com/search/document.do?assetkey=1-21-110668-05-1"], "pluginID": "855537", "description": "Check for the Version of telnet", "edition": 1, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-06-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Solaris Update for telnet 110668-05", "type": "openvas", "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855537", "id": "OPENVAS:855537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 110668-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.8_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855537);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"110668-05\");\n script_name( \"Solaris Update for telnet 110668-05\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-110668-05-1\");\n\n script_summary(\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"110668-05\", package:\"SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:49", "references": ["110669-05", "http://sunsolve.sun.com/search/document.do?assetkey=1-21-110669-05-1"], "pluginID": "1361412562310855072", "description": "Check for the Version of telnet", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-06-03T00:00:00", "title": "Solaris Update for telnet 110669-05", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855072", "id": "OPENVAS:1361412562310855072", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 110669-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.8_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855072\");\n script_version(\"$Revision: 9370 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"110669-05\");\n script_name( \"Solaris Update for telnet 110669-05\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-110669-05-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"110669-05\", package:\"SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:20", "references": ["110668-05", "http://sunsolve.sun.com/search/document.do?assetkey=1-21-110668-05-1"], "pluginID": "1361412562310855537", "description": "Check for the Version of telnet", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for telnet 110668-05", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855537", "id": "OPENVAS:1361412562310855537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 110668-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.8_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855537\");\n script_version(\"$Revision: 9370 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"110668-05\");\n script_name( \"Solaris Update for telnet 110668-05\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-110668-05-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"110668-05\", package:\"SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:22", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-21-119434-01-1", "119434-01"], "pluginID": "1361412562310855053", "description": "Check for the Version of telnet", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for telnet 119434-01", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855053", "id": "OPENVAS:1361412562310855053", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 119434-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855053\");\n script_version(\"$Revision: 9370 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"119434-01\");\n script_name( \"Solaris Update for telnet 119434-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119434-01-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"119434-01\", package:\"SUNWtnetc\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:26", "references": ["http://sunsolve.sun.com/search/document.do?assetkey=1-21-119433-01-1", "119433-01"], "pluginID": "1361412562310855256", "description": "Check for the Version of telnet", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for telnet 119433-01", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0469", "CVE-2005-0488", "CVE-2005-0468"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855256", "id": "OPENVAS:1361412562310855256", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for telnet 119433-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"telnet on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n telnet\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855256\");\n script_version(\"$Revision: 9370 $\");\n script_cve_id(\"CVE-2005-0468\", \"CVE-2005-0469\", \"CVE-2005-0488\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"119433-01\");\n script_name( \"Solaris Update for telnet 119433-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119433-01-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of telnet\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"119433-01\", package:\"SUNWtnetc\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:57", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=98799", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.4.1-r1", "packageName": "app-crypt/mit-krb5", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nMIT Kerberos 5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. \n\n### Description\n\nDaniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request (CAN-2005-1174). He also discovered that the same request could lead to a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered that krb5_recvauth() function of MIT Kerberos 5 might try to double-free memory (CAN-2005-1689). \n\n### Impact\n\nAlthough exploitation is considered difficult, a remote attacker could exploit the single-byte heap overflow and the double-free vulnerability to execute arbitrary code, which could lead to the compromise of the whole Kerberos realm. A remote attacker could also use the heap corruption to cause a Denial of Service. \n\n### Workaround\n\nThere are no known workarounds at this time. \n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest available version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.4.1-r1\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2005-07-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "MIT Kerberos 5: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-1175"], "modified": "2005-07-12T00:00:00", "id": "GLSA-200507-11", "href": "https://security.gentoo.org/glsa/200507-11", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:49", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-1175", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-0469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-0468", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-1689", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-1174"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-clients", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-rsh-server", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kerberos4kth-clients", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-telnetd", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "kerberos4kth-clients", "operator": "lt"}], "description": "Ga\ufffdl Delalleau discovered a buffer overflow in the env_opt_add() function of the Kerberos 4 and 5 telnet clients. By sending specially crafted replies, a malicious telnet server could exploit this to execute arbitrary code with the privileges of the user running the telnet client. (CVE-2005-0468)\n\nGa\ufffdl Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By sending a specially constructed reply containing a large number of SLC (Set Local Character) commands, a remote attacker (i. e. a malicious telnet server) could execute arbitrary commands with the privileges of the user running the telnet client. (CVE-2005-0469)\n\nDaniel Wachdorf discovered two remote vulnerabilities in the Key Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP connection requests, a remote attacker could trigger a double-freeing of memory, which led to memory corruption and a crash of the KDC server. (CVE-2005-1174). Under rare circumstances the same type of TCP connection requests could also trigger a buffer overflow that could be exploited to run arbitrary code with the privileges of the KDC server. (CVE-2005-1175)\n\nMagnus Hagander discovered that the krb5_recvauth() function attempted to free previously freed memory in some situations. A remote attacker could possibly exploit this to run arbitrary code with the privileges of the program that called this function. Most imporantly, this affects the following daemons: kpropd (from the krb5-kdc package), klogind, and kshd (both from the krb5-rsh-server package). (CVE-2005-1689)\n\nPlease note that these packages are not officially supported by Ubuntu (they are in the \u2018universe\u2019 component of the archive).", "edition": 3, "reporter": "Ubuntu", "published": "2005-12-06T00:00:00", "title": "Kerberos vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1689", "CVE-2005-1174", "CVE-2005-0469", "CVE-2005-0468", "CVE-2005-1175"], "modified": "2005-12-06T00:00:00", "id": "USN-224-1", "href": "https://usn.ubuntu.com/224-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cert": [{"lastseen": "2018-08-31T02:37:53", "references": ["http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt", "http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-1175", "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt", "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt", "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt", "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt"], "description": "### Overview\n\nUnauthenticated attacker can cause MIT krb5 Key Distribution Center (KDC) to overflow a heap buffer by one byte, possibly leading to arbitrary code execution.\n\n### Description\n\nKerberos is a network authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions. \n\nThe [MIT krb5 Security Advisory 2005-002](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt>) issued 2005 July 12, available from \n&lt;<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt>&gt; indicates: \n \nWhen an MIT krb5 Key Distribution Center (KDC) implementation receives a certain unlikely (but valid) request via a TCP or UDP connection it can trigger a bug in the krb5 library which results in a single-byte overflow of a heap buffer. Application servers are vulnerable to a highly improbable attack, provided that the attacker controls a realm sharing a cross-realm key with the target realm. \n \n--- \n \n### Impact\n\nAn unauthenticated attacker may be able to use this vulnerability to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. No exploit code is known to exist at this time. According to the [MIT krb5 Security Advisory 2005-002](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt>) this vulnerability affects KDC implementations and application servers in all MIT krb5 releases, up to and including krb5-1.4.1. Third-party application servers which use MIT krb5 are also affected. \n \n--- \n \n### Solution\n\nApply patches available from your vendor. Details of the patch are also available from \n\n \n<http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt>. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nRed Hat Inc.| | 10 May 2005| 11 Jul 2005 \nSun Microsystems Inc.| | 10 May 2005| 13 Jul 2005 \nF5 Networks| | 12 May 2005| 27 May 2005 \nJuniper Networks| | 10 May 2005| 21 Jun 2005 \nMicrosoft Corporation| | 10 May 2005| 19 May 2005 \nApple Computer Inc.| | 10 May 2005| 10 May 2005 \nApple Computer Inc.| | 10 May 2005| 10 May 2005 \nConectiva| | 10 May 2005| 10 May 2005 \nCray Inc.| | 10 May 2005| 17 May 2005 \nDebian| | 10 May 2005| 17 May 2005 \nEMC Corporation| | 10 May 2005| 17 May 2005 \nEngarde| | 10 May 2005| 17 May 2005 \nFreeBSD| | 10 May 2005| 17 May 2005 \nFujitsu| | 10 May 2005| 17 May 2005 \nHitachi| | 10 May 2005| 17 May 2005 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23885830 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt>\n * <http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt>\n\n### Credit\n\nThis vulnerability was reported by the MIT Kerberos Development Team. The MIT Kerberos Development Team thank Daniel Wachdorf for reporting this vulnerability.\n\nThis document was written by Robert Mead based on information in the MIT krb5 Security Advisory 2005-002 .\n\n### Other Information\n\n * CVE IDs: [CAN-2005-1175](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-1175>)\n * Date Public: 12 Jul 2005\n * Date First Published: 13 Jul 2005\n * Date Last Updated: 13 Jul 2005\n * Severity Metric: 4.63\n * Document Revision: 16\n\n", "edition": 4, "reporter": "CERT", "published": "2005-07-13T00:00:00", "title": "MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to overflow a heap buffer by one byte", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2005-1175", "CVE-2005-1175"], "modified": "2005-07-13T00:00:00", "id": "VU:885830", "href": "https://www.kb.cert.org/vuls/id/885830", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:38:12", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-1689", "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt", "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt", "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt", "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt", "http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt"], "description": "### Overview\n\nAn unauthenticated attacker can cause krb5_recvauth() function to free a block of memory twice, possibly leading to arbitrary code execution.\n\n### Description\n\nKerberos is a network authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions. \n\n[MIT krb5 Security Advisory 2005-003](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>) issued 2005 July 12, available from \n&lt;<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>&gt; states: \n \nThe krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code. Exploitation of this vulnerability on a Kerberos Key Distribution Center (KDC) host can result in compromise of an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of double-free vulnerabilities is believed to be difficult. \n \n--- \n \n### Impact\n\nAn unauthenticated attacker may be able to execute arbitrary code in the context of a program calling krb5_recvauth(). This includes the kpropd program which typically runs on slave Key Distribution Center (KDC) hosts, potentially leading to compromise of an entire Kerberos realm. For more information please see the [MIT krb5 Security Advisory 2005-003](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>). \n \n--- \n \n### Solution\n\nApply patches available from your vendor. Details of the patch are also available from \n\n \n<http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt>. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nMiT Kerberos Development Team| | -| 12 Jul 2005 \nRed Hat Inc.| | 06 Jun 2005| 12 Jul 2005 \nSun Microsystems Inc.| | 06 Jun 2005| 13 Jul 2005 \nCheck Point| | 06 Jun 2005| 09 Jun 2005 \nF5 Networks| | 06 Jun 2005| 06 Jun 2005 \nForce10 Networks Inc.| | 06 Jun 2005| 07 Jun 2005 \nHitachi| | 10 May 2005| 12 Jul 2005 \nJuniper Networks| | 06 Jun 2005| 12 Jul 2005 \nMicrosoft Corporation| | 06 Jun 2005| 06 Jun 2005 \nNetfilter| | 06 Jun 2005| 09 Jun 2005 \nWatchGuard| | 06 Jun 2005| 12 Jul 2005 \nApple Computer Inc.| | 06 Jun 2005| 12 Jul 2005 \nConnectiva| | 06 Jun 2005| 12 Jul 2005 \nCray Inc.| | 06 Jun 2005| 12 Jul 2005 \nDebian| | 06 Jun 2005| 12 Jul 2005 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23623332 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>\n\n### Credit\n\nThis vulnerability was reported by the MIT Kerberos Development Team. The MIT Kerberos Development Team thanks Magnus Hagander for reporting this vulnerability.\n\nThis document was written by Robert Mead based on information in the MIT krb5 Security Advisory 2005-003 .\n\n### Other Information\n\n * CVE IDs: [CAN-2005-1689](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-1689>)\n * Date Public: 12 Jul 2005\n * Date First Published: 13 Jul 2005\n * Date Last Updated: 08 Aug 2005\n * Severity Metric: 13.01\n * Document Revision: 19\n\n", "edition": 4, "reporter": "CERT", "published": "2005-07-13T00:00:00", "title": "MIT Kerberos 5 contains double free vulnerability in \"krb5_recvauth()\" function", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2005-1689", "CVE-2005-1689"], "modified": "2005-08-08T00:00:00", "id": "VU:623332", "href": "https://www.kb.cert.org/vuls/id/623332", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:37:33", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-0488", "http://www.securityfocus.com/archive/1/402230", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1205", "http://www.apps.ietf.org/rfc/rfc854.html", "http://www.apps.ietf.org/rfc/rfc1572.html", "http://www.apps.ietf.org/rfc/rfc1572.html", "http://www.apps.ietf.org/rfc/rfc855.html", "http://www.idefense.com/application/poi/display?id=260", "http://www.idefense.com/application/poi/display?id=260", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0488"], "description": "### Overview\n\nA vulnerability in the handling of the NEW-ENVIRON command allows a malicious telnet server to gain information from a client's environment variables.\n\n### Description\n\nThe Telnet network protocol is described in [RFC854](<http://www.apps.ietf.org/rfc/rfc854.html>) and [RFC855](<http://www.apps.ietf.org/rfc/rfc855.html>) as a general, bi-directional communications facility. The Telnet protocol is commonly used for command-line login sessions between Internet hosts. \n\nThe vulnerability is in the NEW-ENVIRON sub-command that is the mechanism to used for passing environment information between a telnet client and server. Use of this mechanism enables a telnet user to propagate configuration information to a remote host when connecting. Please see [RFC1572](<http://www.apps.ietf.org/rfc/rfc1572.html>) for more information. As specified in section 3 of RFC1572 the expected default behavior should be \"that there will not be any exchange of environment information\". \n \nIn order to exploit this vulnerability, a malicious server can send a connected client the following telnet command: \n \n`SB NEW-ENVIRON SEND ENV_USERVAR <name of environment variable> SE \n` \nVulnerable telnet clients will send the value of the referenced environment variable. Environment variables may contain a variety of the information such as local username, executable file search paths, locations of sensitive data, and other potentially sensitive information about the client computer. \n \nPlease note telnet functionality has been embedded in many applications and not just underlying operating systems distributions. \n \nThe [iDefense Security Advisory](<http://www.idefense.com/application/poi/display?id=260>) contains additional information about affected and unaffected vendors. \n \n--- \n \n### Impact\n\nAn attacker may be able to gather information about remote systems and users who connect to attackers malicious telnet server. An attacker would have to trick a victim into initiating a telnet connection using a vulnerable client. This may be accomplished with an HTML rendered email or web page, using the TELNET:// URI handler, however further user interaction may be required. \n \n--- \n \n### Solution\n\n**Apply an update from your vendor**\n\nPatches, updates, and fixes should be available from multiple vendors. \n \n--- \n \n \n**Workarounds** \nDisable access to telnet, limit the use of telnet to trusted sites and/or encourage the use more secure remote connection clients. \n \nOn Unix systems it might be viable to remove execute permission from telnet and other binaries that perform telnet. \n \nOn Windows systems changing or removing the registry key entry: HKEY_CLASSES_ROOT\\telnet\\shell\\open\\command \nshould reduce the likelihood of successful automatic exploitation attempts such as those using telnet URLs. \n \nNote these workarounds do not address the underlying vulnerability. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nMicrosoft Corporation| | -| 14 Jun 2005 \nRed Hat Inc.| | -| 28 Jul 2005 \nSun Microsystems Inc.| | -| 14 Jun 2005 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23800829 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.idefense.com/application/poi/display?id=260>\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0488>\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1205>\n * <http://www.apps.ietf.org/rfc/rfc1572.html>\n * <http://www.securityfocus.com/archive/1/402230>\n\n### Credit\n\nGa\u00ebl Delalleau is credited with this discovery. Thank you to iDefense for coordinating the release of information about this issue.\n\nThis document was written by Robert Mead based on information in the iDEFENSE Security Advisory\n\n### Other Information\n\n * CVE IDs: [CAN-2005-0488](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-0488>)\n * Date Public: 14 Jun 2005\n * Date First Published: 14 Jun 2005\n * Date Last Updated: 28 Jul 2005\n * Severity Metric: 0.17\n * Document Revision: 22\n\n", "edition": 4, "reporter": "CERT", "published": "2005-06-14T00:00:00", "title": "Telnet Client Information Disclosure Vulnerability", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2005-0488", "CVE-2005-0488", "CVE-2005-0488", "CVE-2005-1205"], "modified": "2005-07-28T00:00:00", "id": "VU:800829", "href": "https://www.kb.cert.org/vuls/id/800829", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-757)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=302163)\nSecurity Tracker: 1014460\n[Secunia Advisory ID:16050](https://secuniaresearch.flexerasoftware.com/advisories/16050/)\n[Secunia Advisory ID:16341](https://secuniaresearch.flexerasoftware.com/advisories/16341/)\n[Secunia Advisory ID:16449](https://secuniaresearch.flexerasoftware.com/advisories/16449/)\n[Secunia Advisory ID:17135](https://secuniaresearch.flexerasoftware.com/advisories/17135/)\n[Secunia Advisory ID:16060](https://secuniaresearch.flexerasoftware.com/advisories/16060/)\n[Secunia Advisory ID:16086](https://secuniaresearch.flexerasoftware.com/advisories/16086/)\n[Secunia Advisory ID:16041](https://secuniaresearch.flexerasoftware.com/advisories/16041/)\n[Secunia Advisory ID:16034](https://secuniaresearch.flexerasoftware.com/advisories/16034/)\n[Secunia Advisory ID:17899](https://secuniaresearch.flexerasoftware.com/advisories/17899/)\n[Secunia Advisory ID:16052](https://secuniaresearch.flexerasoftware.com/advisories/16052/)\n[Secunia Advisory ID:16054](https://secuniaresearch.flexerasoftware.com/advisories/16054/)\n[Secunia Advisory ID:16057](https://secuniaresearch.flexerasoftware.com/advisories/16057/)\n[Secunia Advisory ID:16413](https://secuniaresearch.flexerasoftware.com/advisories/16413/)\n[Secunia Advisory ID:20364](https://secuniaresearch.flexerasoftware.com/advisories/20364/)\n[Related OSVDB ID: 1001065](https://vulners.com/osvdb/OSVDB:1001065)\n[Related OSVDB ID: 17842](https://vulners.com/osvdb/OSVDB:17842)\nRedHat RHSA: RHSA-2005:567\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jul/0004.html\nOther Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt\nOther Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt\nOther Advisory URL: http://www.debian.org/security/2005/dsa-773\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-224-1\nOther Advisory URL: http://lists.trustix.org/pipermail/tsl-announce/2005-July/000330.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200507-11.xml\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1\nOther Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:119\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000993\nGeneric Informational URL: http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html\n[CVE-2005-1175](https://vulners.com/cve/CVE-2005-1175)\nCERT VU: 885830\n", "reporter": "OSVDB", "published": "2005-07-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Kerberos Key Distribution Center (KDC) krb5_unparse_name Overflow", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-1175"], "modified": "2005-07-12T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:17843", "id": "OSVDB:17843", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:04", "references": [], "edition": 1, "description": "## Vulnerability Description\nOpenSSH contains a flaw that may allow a context-dependent attacker to overwrite arbitrary files on a remote system. The issue is due to the scp utility not properly sanitizing file copy requests which could allow a remote server to overwrite arbitrary files on the target system.\n## Solution Description\nUpgrade to version 3.4p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nOpenSSH contains a flaw that may allow a context-dependent attacker to overwrite arbitrary files on a remote system. The issue is due to the scp utility not properly sanitizing file copy requests which could allow a remote server to overwrite arbitrary files on the target system.\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20041101-01-P.asc)\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:100)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-167.pdf)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2004_09_kernel.html)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt)\n[Vendor Specific Advisory URL](http://www.juniper.net/support/security/alerts/adv59739.txt)\nSecurity Tracker: 1011193\nSecurity Tracker: 1011144\n[Secunia Advisory ID:17135](https://secuniaresearch.flexerasoftware.com/advisories/17135/)\n[Secunia Advisory ID:19243](https://secuniaresearch.flexerasoftware.com/advisories/19243/)\n[Secunia Advisory ID:15414](https://secuniaresearch.flexerasoftware.com/advisories/15414/)\n[Secunia Advisory ID:15418](https://secuniaresearch.flexerasoftware.com/advisories/15418/)\n[Secunia Advisory ID:15920](https://secuniaresearch.flexerasoftware.com/advisories/15920/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:12450](https://secuniaresearch.flexerasoftware.com/advisories/12450/)\n[Secunia Advisory ID:16034](https://secuniaresearch.flexerasoftware.com/advisories/16034/)\n[Secunia Advisory ID:16622](https://secuniaresearch.flexerasoftware.com/advisories/16622/)\n[Secunia Advisory ID:16057](https://secuniaresearch.flexerasoftware.com/advisories/16057/)\n[Secunia Advisory ID:16054](https://secuniaresearch.flexerasoftware.com/advisories/16054/)\nRedHat RHSA: RHSA-2005:567\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2005:100\nOther Advisory URL: http://www.trustix.org/errata/2005/0031/\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc\nOther Advisory URL: http://www.juniper.net/support/security/alerts/adv59739.txt\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-106.html\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-074.html\nKeyword: SCOSA-2005.49\nISS X-Force ID: 16323\n[CVE-2004-0175](https://vulners.com/cve/CVE-2004-0175)\nBugtraq ID: 9986\n", "reporter": "OSVDB", "published": "2004-04-06T07:31:22", "title": "OpenSSH scp Traversal Arbitrary File Overwrite", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [{"name": "OpenSSH", "version": "3.4", "operator": "eq"}], "bulletinFamily": "software", "cvelist": ["CVE-2004-0175"], "modified": "2004-04-06T07:31:22", "id": "OSVDB:9550", "href": "https://vulners.com/osvdb/OSVDB:9550", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:14", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-757)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=302163)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00768776)\nSecurity Tracker: 1014461\n[Secunia Advisory ID:16050](https://secuniaresearch.flexerasoftware.com/advisories/16050/)\n[Secunia Advisory ID:16341](https://secuniaresearch.flexerasoftware.com/advisories/16341/)\n[Secunia Advisory ID:16449](https://secuniaresearch.flexerasoftware.com/advisories/16449/)\n[Secunia Advisory ID:17135](https://secuniaresearch.flexerasoftware.com/advisories/17135/)\n[Secunia Advisory ID:16086](https://secuniaresearch.flexerasoftware.com/advisories/16086/)\n[Secunia Advisory ID:16041](https://secuniaresearch.flexerasoftware.com/advisories/16041/)\n[Secunia Advisory ID:16061](https://secuniaresearch.flexerasoftware.com/advisories/16061/)\n[Secunia Advisory ID:16034](https://secuniaresearch.flexerasoftware.com/advisories/16034/)\n[Secunia Advisory ID:17899](https://secuniaresearch.flexerasoftware.com/advisories/17899/)\n[Secunia Advisory ID:16057](https://secuniaresearch.flexerasoftware.com/advisories/16057/)\n[Secunia Advisory ID:16052](https://secuniaresearch.flexerasoftware.com/advisories/16052/)\n[Secunia Advisory ID:16054](https://secuniaresearch.flexerasoftware.com/advisories/16054/)\n[Secunia Advisory ID:16413](https://secuniaresearch.flexerasoftware.com/advisories/16413/)\n[Secunia Advisory ID:22090](https://secuniaresearch.flexerasoftware.com/advisories/22090/)\n[Related OSVDB ID: 17843](https://vulners.com/osvdb/OSVDB:17843)\n[Related OSVDB ID: 17842](https://vulners.com/osvdb/OSVDB:17842)\nRedHat RHSA: RHSA-2005:567\nOther Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jul/0004.html\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1\nOther Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt\nOther Advisory URL: http://www.debian.org/security/2005/dsa-773\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-224-1\nOther Advisory URL: http://lists.trustix.org/pipermail/tsl-announce/2005-July/000330.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200507-11.xml\nOther Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:119\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000993\nKeyword: HPSBUX02152,SSRT5973\nGeneric Informational URL: http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html\n[CVE-2005-1689](https://vulners.com/cve/CVE-2005-1689)\nCERT VU: 623332\n", "reporter": "OSVDB", "published": "2005-07-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "title": "MIT Kerberos kpropd krb5_recvauth Double Free Command Execution", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-1689"], "modified": "2005-07-12T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:17841", "id": "OSVDB:17841", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:13", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1)\n[Vendor Specific Advisory URL](http://support.wrq.com/techdocs/1704.html)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2005-145_RHSA-2005-504.pdf)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=304063)\nSecurity Tracker: 1014203\n[Secunia Advisory ID:15690](https://secuniaresearch.flexerasoftware.com/advisories/15690/)\n[Secunia Advisory ID:15820](https://secuniaresearch.flexerasoftware.com/advisories/15820/)\n[Secunia Advisory ID:17135](https://secuniaresearch.flexerasoftware.com/advisories/17135/)\n[Secunia Advisory ID:15741](https://secuniaresearch.flexerasoftware.com/advisories/15741/)\n[Secunia Advisory ID:15713](https://secuniaresearch.flexerasoftware.com/advisories/15713/)\n[Secunia Advisory ID:21253](https://secuniaresearch.flexerasoftware.com/advisories/21253/)\n[Secunia Advisory ID:15709](https://secuniaresearch.flexerasoftware.com/advisories/15709/)\n[Secunia Advisory ID:16651](https://secuniaresearch.flexerasoftware.com/advisories/16651/)\nRedHat RHSA: RHSA-2005:504\nOther Advisory URL: http://www.trustix.org/errata/2005/0029/\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.35/SCOSA-2005.35.txt\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_16_sr.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=260&type=vulnerabilities\nMicrosoft Security Bulletin: MS05-033\nMicrosoft Knowledge Base Article: 896428\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0172.html\n[CVE-2005-1205](https://vulners.com/cve/CVE-2005-1205)\n[CVE-2005-0488](https://vulners.com/cve/CVE-2005-0488)\nCERT VU: 800829\n", "reporter": "OSVDB", "published": "2005-06-14T15:10:23", "title": "Multiple Vendor Telnet Client NEW-ENVIRON Variable Information Disclosure", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-0488", "CVE-2005-1205"], "modified": "2005-06-14T15:10:23", "href": "https://vulners.com/osvdb/OSVDB:17303", "id": "OSVDB:17303", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:13", "references": [], "description": " MIT krb5 Security Advisory 2005-003\r\n\r\nOriginal release: 2005-07-12\r\n\r\nTopic: double-free in krb5_recvauth\r\n\r\nSeverity: CRITICAL\r\n\r\nSUMMARY\r\n=======\r\n\r\nThe krb5_recvauth&#40;&#41; function can free previously freed memory under\r\nsome error conditions. This vulnerability may allow an\r\nunauthenticated remote attacker to execute arbitrary code.\r\nExploitation of this vulnerability on a Kerberos Key Distribution\r\nCenter &#40;KDC&#41; host can result in compromise of an entire Kerberos\r\nrealm. No exploit code is known to exist at this time. Exploitation\r\nof double-free vulnerabilities is believed to be difficult.\r\n[CAN-2005-1689, VU#623332]\r\n\r\nIMPACT\r\n======\r\n\r\nAn unauthenticated attacker may be able to execute arbitrary code in\r\nthe context of a program calling krb5_recvauth&#40;&#41;. This includes the\r\nkpropd program which typically runs on slave Key Distribution Center\r\n&#40;KDC&#41; hosts, potentially leading to compromise of an entire Kerberos\r\nrealm. Other vulnerable programs which call krb5_recvauth&#40;&#41; are\r\nusually remote login programs running with root privileges.\r\nUnsuccessful attempts at exploitation may result in denial of service\r\nby crashing the target program.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* The kpropd daemon in all releases of MIT krb5, up to and including\r\n krb5-1.4.1, is vulnerable.\r\n\r\n* The klogind and krshd remote-login daemons in all releases of MIT\r\n krb5, up to and including krb5-1.4.1, is vulnerable.\r\n\r\n* Third-party application programs which call krb5-recvauth&#40;&#41; are also\r\n vulnerable.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.4.2 release will have a fix for this\r\n vulnerability.\r\n\r\n* Apply the following patch. This patch was generated against the\r\n krb5-1.4.1 release. It may apply, with some offset, to earlier\r\n releases.\r\n\r\n The patch may also be found at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt\r\n\r\n The associated detached PGP signature is at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt.asc\r\n\r\nIndex: lib/krb5/krb/recvauth.c\r\n===================================================================\r\nRCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/recvauth.c,v\r\nretrieving revision 5.38\r\ndiff -c -r5.38 recvauth.c\r\n*** lib/krb5/krb/recvauth.c 3 Sep 2002 01:13:47 -0000 5.38\r\n--- lib/krb5/krb/recvauth.c 23 May 2005 23:19:15 -0000\r\n***************\r\n*** 76,82 ****\r\n if &#40;&#40;retval = krb5_read_message&#40;context, fd, &amp;inbuf&#41;&#41;&#41;\r\n return&#40;retval&#41;;\r\n if &#40;strcmp&#40;inbuf.data, sendauth_version&#41;&#41; {\r\n- krb5_xfree&#40;inbuf.data&#41;;\r\n problem = KRB5_SENDAUTH_BADAUTHVERS;\r\n }\r\n krb5_xfree&#40;inbuf.data&#41;;\r\n--- 76,81 ----\r\n***************\r\n*** 90,96 ****\r\n if &#40;&#40;retval = krb5_read_message&#40;context, fd, &amp;inbuf&#41;&#41;&#41;\r\n return&#40;retval&#41;;\r\n if &#40;appl_version &amp;&amp; strcmp&#40;inbuf.data, appl_version&#41;&#41; {\r\n- krb5_xfree&#40;inbuf.data&#41;;\r\n if &#40;!problem&#41;\r\n problem = KRB5_SENDAUTH_BADAPPLVERS;\r\n }\r\n--- 89,94 ----\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVE: CAN-2005-1689\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689\r\n\r\nCERT: VU#623332\r\nhttp://www.kb.cert.org/vuls/id/623332\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Magnus Hagander for reporting this vulnerability.\r\n\r\nDETAILS\r\n=======\r\n\r\nThe helper function revcauth_common&#40;&#41; in lib/krb5/krb/recvauth.c has\r\ntwo locations which call krb5_read_message&#40;&#41;, followed by an\r\nunconditional krb5_xfree&#40;&#41; of the buffer allocated by\r\nkrb5_read_message&#40;&#41;. In the cases where the sendauth version string\r\nor the application version string do not match the expected value,\r\nrecvauth_common&#40;&#41; performs a krb5_xfree&#40;&#41; on the buffer allocated by\r\nkrb5_read_message&#40;&#41; preceding the subsequent unconditional call to\r\nkrb5_xfree&#40;&#41; on the same buffer.\r\n\r\nSince the code paths which call krb5_xfree&#40;&#41; twice do so with almost\r\nno intervening code, exploitation of this vulnerability may be more\r\ndifficult than exploitation of other double-free vulnerabilities. No\r\ndetailed analysis has been performed on the ease of exploitation.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2005-05-12 original release\r\n\r\nCopyright &#40;C&#41; 2005 Massachusetts Institute of Technology", "edition": 1, "reporter": "Securityvulns", "published": "2005-07-13T00:00:00", "title": "MITKRB5-SA-2005-003: double-free in krb5_recvauth", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:13", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-1689"], "modified": "2005-07-13T00:00:00", "id": "SECURITYVULNS:DOC:9150", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9150", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:13", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n MIT krb5 Security Advisory 2005-002\r\n\r\nOriginal release: 2005-07-12\r\n\r\nTopic: buffer overflow, heap corruption in KDC\r\n\r\nSeverity: CRITICAL\r\n\r\nSUMMARY\r\n=======\r\n\r\nThe MIT krb5 Key Distribution Center &#40;KDC&#41; implementation can corrupt\r\nthe heap by attempting to free memory at a random address when it\r\nreceives a certain unlikely &#40;but valid&#41; request via a TCP connection.\r\nThis attempt to free unallocated memory can result in a KDC crash and\r\nconsequent denial of service. [CAN-2005-1174, VU#259798]\r\n\r\nAdditionally, the same request, when received by the KDC via either\r\nTCP or UDP, can trigger a bug in the krb5 library which results in a\r\nsingle-byte overflow of a heap buffer. Application servers are\r\nvulnerable to a highly improbable attack, provided that the attacker\r\ncontrols a realm sharing a cross-realm key with the target\r\nrealm. [CAN-2005-1175, VU#885830]\r\n\r\nAn unauthenticated attacker may be able to use these vulnerabilities\r\nto execute arbitrary code on the KDC host, potentially compromising an\r\nentire Kerberos realm. No exploit code is known to exist at this\r\ntime. Exploitation of these vulnerabilities is believed to be\r\ndifficult.\r\n\r\nIMPACT\r\n======\r\n\r\nAn unauthenticated attacker may be able to execute arbitrary code on\r\nthe KDC host, potentially compromising an entire Kerberos realm. An\r\nunsuccessful attack against the heap corruption vulnerability may\r\nresult in a denial of service by crashing the KDC process.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* [CAN-2005-1174] affects the KDC implementation in all MIT krb5\r\n releases supporting TCP client connections to the KDC. This\r\n includes krb5-1.3 and later releases, up to and including\r\n krb5-1.4.1.\r\n\r\n* [CAN-2005-1175] affects KDC implementations and application servers\r\n in all MIT krb5 releases, up to and including krb5-1.4.1.\r\n Third-party application servers which use MIT krb5 are also\r\n affected.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.4.2 release will have fixes for these\r\n vulnerabilities.\r\n\r\n* WORKAROUNDS: Disabling TCP support in the KDC avoids one\r\n vulnerability [CAN-2005-1174]. The single-byte overflow\r\n [CAN-2005-1175] is still possible even without KDC TCP support\r\n enabled. Running the KDC from init or from some similar automatic\r\n respawning facility may reduce the durations of denials of service,\r\n but this approach may make it difficult to detect deliberate attacks\r\n targeted at code execution.\r\n\r\n* Apply the patch at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt\r\n\r\n The associated detached PGP signature is at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt.asc\r\n\r\n The patch was generated against the krb5-1.4.1 release. It may\r\n apply, with some offset, to earlier releases. On releases prior to\r\n krb5-1.3, only the patch to lib/krb5/krb/unparse.c should be\r\n necessary.\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVE: CAN-2005-1174\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174\r\n\r\nCERT: VU#259798\r\nhttp://www.kb.cert.org/vuls/id/259798\r\n\r\nCVE: CAN-2005-1175\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175\r\n\r\nCERT: VU#885830\r\nhttp://www.kb.cert.org/vuls/id/885830\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Daniel Wachdorf for reporting these vulnerabilities.\r\n\r\nDETAILS\r\n=======\r\n\r\nKerberos 5 principal names may have an arbitrary number of components.\r\nThe krb5_unparse_name&#40;&#41; function in the MIT krb5 library converts an\r\ninternal representation of a Kerberos principal name into a\r\nhuman-readable string. The internal representation might have\r\noriginated from the decoding of a Kerberos protocol message.\r\n\r\nThe single-byte overflow occurs whenever the krb5_unparse_name&#40;&#41;\r\nfunction is called on a principal name having zero components. The\r\nfunction writes a null byte to an address one beyond the end of a\r\nbuffer allocated my malloc&#40;&#41;. The corresponding krb5_parse_name&#40;&#41;\r\nfunction never generates an internal representation having zero\r\ncomponents; instead, it generates at least one zero-length component.\r\nThe current string representation form of Kerberos principal names has\r\nsome ambiguity between a zero-component principal name and a\r\none-component principal name having a zero-length single component.\r\n\r\nApplication servers which call krb5_unparse_name&#40;&#41;, directly or\r\nindirectly, are vulnerable to the single-byte overflow in\r\nkrb5_unparse_name&#40;&#41;, provided that the attacker controls a realm which\r\nshares a cross-realm key with the target realm. This enables the\r\nattacker to use a cross-realm ticket for a zero-component client\r\nprincipal name, which the application server will then pass to\r\nkrb5_unparse_name&#40;&#41;, triggering the single-byte overflow.\r\n\r\nFor this attack to succeed, the attacker needs access to a KDC in the\r\ntarget realm which will create a ticket for a zero-component client\r\nprincipal name. Since the current MIT krb5 KDC implementation will\r\nrefuse to create such a ticket, the attack is unlikely to succeed\r\nunless the implementation has been altered to allow the issuance of\r\ntickets for zero-component client principal names.\r\n\r\nWhen the KDC fails to find the principal with a zero-component name in\r\nits database &#40;such a principal is very unlikely to exist in most\r\ndatabases, as there are extremely few uses for such a principal&#41;, it\r\nattempts to encode an error packet containing the offending principal\r\nname, using prepare_error_as&#40;&#41; or prepare_error_tgs&#40;&#41;. This encoding\r\nattempt fails inside encode_krb5_error&#40;&#41;, since the ASN.1 encoder\r\nfunction asn1_encode_principal_name&#40;&#41; interprets the internal\r\nrepresentation of a zero-component principal name as an error\r\ncondition.\r\n\r\nencode_krb5_error&#40;&#41; does not allocate an output buffer when it\r\nencounters an error condition. While the UDP request handling code in\r\nkdc/network.c:process_packet&#40;&#41; does not attempt to free the output\r\nbuffer containing the encoded message when it encounters an error, the\r\nTCP request handling code in process does free the buffer inside\r\nkill_tcp_connection&#40;&#41;, which attempts to free unallocated memory\r\npointed to by an uninitialized pointer.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2005-05-12 original release\r\n\r\nCopyright &#40;C&#41; 2005 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.5 &#40;SunOS&#41;\r\n\r\niQCVAwUBQtMbCabDgE/zdoE9AQFo9QP5AZMbr0YGmyzYbARTqFq+Lt+FYbfQ7XC/\r\nc1hqTfsTkN0Mfh1I5d6dTjhXQT6kfN+EdNYfPhY+4LANB5CW9xe9BARPcW9i2ftt\r\nxSTIODrD6LdNtOCCut1ha3T5tcV5GodvXzj7dSClde29j0IJR6dBcigfvR4mAygw\r\n/U7r46obgM0=\r\n=SnqK\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2005-07-13T00:00:00", "title": "MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:13", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-1174", "CVE-2005-1175"], "modified": "2005-07-13T00:00:00", "id": "SECURITYVULNS:DOC:9151", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9151", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:13", "references": [], "description": "Multiple Vendor Telnet Client Information Disclosure Vulnerability\r\n\r\niDEFENSE Security Advisory 06.14.05\r\nwww.idefense.com/application/poi/display?id=260&type=vulnerabilities\r\nJune 14, 2005\r\n\r\nI. BACKGROUND\r\n\r\nThe TELNET protocol allows virtual network terminals to be connected to \r\nover the internet. The initial description of the telnet protocol was \r\ngiven in RFC854 in May 1983. Since then there have been many extra \r\nfeatures added including encryption. \r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of an input validation error in multiple telnet \r\nclients could allow an attacker to gain sensitive information about the \r\nvictim&#39;s system.\r\n\r\nThe vulnerability specifically exists in the handling of the NEW-ENVIRON \r\ncommand.\r\n\r\nIn order to exploit this vulnerability, a malicious server can send a \r\nconnected client the following telnet command:\r\n\r\nSB NEW-ENVIRON SEND ENV_USERVAR &lt;name of environment variable&gt; SE\r\n\r\nVulnerable telnet clients will send the contents of the reference \r\nenvironment variable, which may contain information useful to an \r\nattacker. The expected behavior would be only to send environment \r\nvariables related directly to the operation of the telnet client &#40;for \r\nexample, TERM&#41;, or those specifically allowed by the user.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation of the vulnerability would allow an attacker to \r\nread the values of arbitrary environment variables. By itself this \r\nvulnerability is not a large threat, but exploiting this vulnerability \r\nmay give an attacker more information about a targeted system, which \r\ncould allow more effective attacks.\r\n\r\nIn order to exploit this vulnerability, an attacker would need to \r\nconvince the user to connect to their malicious server. It may be \r\npossible to automatically launch the telnet command from a web page, for \r\nexample\r\n\r\n&lt;html&gt;&lt;body&gt;\r\n&lt;iframe src=&#39;telnet://malicious.server/&#39;&gt;\r\n&lt;/body&gt;\r\n\r\nOn opening this page the telnet client may be launched and attempt to \r\nconnect to the host &#39;malicious.server&#39;.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE has confirmed the existence of the vulnerability in version \r\n5.1.2600.2180 of the Microsoft Telnet Client, the telnet client included \r\nin the Kerberos V5 Release 1.3.6 package and the client included in the \r\nSUNWtnetc package of Solaris 5.9. It is suspected that most BSD based \r\ntelnet clients are affected by this vulnerability. The telnet client \r\nfrom the netkit-telnet package distributed with all current versions of \r\nRedhat Linux contains a patch for this vulnerability, introduced in \r\nearly 2000. Some other distributions may also contain this patch. There \r\ndoes not appear to have been a security advisory released at the time\r\nthe patch was added, nor does there appear to be an entry in the\r\nBugzilla database. This issue appears to have been mentioned in passing\r\nin RHSA-2000-028, in relation to a vulnerability in Netscape.\r\n\r\nV. WORKAROUND\r\n\r\nFor Windows based platforms, disabling the Telnet handler or specifying \r\na different application to handle Telnet URL&#39;s can mitigate URL based \r\nattacks. This can be accomplished by removing or modifying the following \r\nregistry key:\r\n\r\nHKEY_CLASSES_ROOT&#92;telnet&#92;shell&#92;open&#92;command\r\n\r\nThis workaround should prevent automatic exploitation attempts. It does \r\nnot fix the underlying issue. \r\n\r\niDEFENSE is currently unaware of any workarounds for this issue for other \r\naffected platforms.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nVulnerable:\r\n\r\n- Microsoft Corp.\r\n\r\nMicrosoft has investigated this issue. We have released an update to\r\naddress this concern. For more information, visit the following Web\r\nSite: http://go.microsoft.com/fwlink/?linkid=47016\r\n\r\n- MIT Kerberos\r\n\r\nThe MIT Kerberos Development Team believes that the telnet client in our\r\ndistribution behaves as intended with regards to its handling of the\r\nNEW-ENVIRON option. We do not feel that disclosure of user environment\r\nvariable settings constitutes a significant exposure.\r\n\r\nWe are willing to consider patches which implement an option to restrict\r\nor disable the transmission of environment variables by the telnet\r\nclient.\r\n\r\n- Sun Microsystems, Inc.\r\n\r\nSun Microsystems, Inc. can confirm that Solaris and the SEAM product are\r\naffected by this issue. The impact, contributing factors and patch\r\ndetails are available in Sun Alert 57755 for Solaris which is available\r\nhere:\r\n\r\n http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1\r\n\r\nand Sun Alert 57761 for SEAM which is available here:\r\n\r\n http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1\r\n\r\n- SUSE LINUX\r\n\r\nThe updates will be released on the coordinated release date. Customers\r\nof SUSE LINUX can download the package by using YOU or directly via FTP\r\nfrom our servers.\r\n\r\n\r\nNot Vulnerable:\r\n\r\n- ALT Linux\r\n\r\nALT Linux is not vulnerable to the telnet environment variable\r\ndisclosure since February of 2002, due to our inclusion of the Red Hat\r\nLinux derived patch from Openwall GNU/*/Linux.\r\n\r\n- CyberSafe Ltd.\r\n\r\nThe TrustBroker Secure Connection Utilities and TrustBroker Secure\r\nConnection Services, version 5.6.1 or later, are not effected by this\r\nvulnerability. If you are using earlier releases of these products you\r\nneed to upgrade.\r\n\r\n- Openwall Project\r\n\r\nOpenwall GNU/*/Linux is not vulnerable to the telnet environment\r\nvariable disclosure, and it never was due to our inclusion of the Red\r\nHat Linux derived patch in the very first publicly available version of\r\nour telnet package &#40;which was in other aspects based off the code found\r\nin OpenBSD 3.0&#41;. It is, however, worth noting that the unsafe\r\nenvironment variable disclosure was in fact documented in the BSD telnet\r\nclient manual page. Thus, now that this issue has been revisited, we\r\nhave reworked the environment variable restrictions patch to have our\r\ndocumentation in sync with the actual behavior.\r\n\r\n- Ubuntu\r\n\r\nUbuntu supports and ships netkit-telnet, which has been patched to not\r\ndisclose arbitrary environment variables for a long time now. The krb5\r\nversion is also available in the archive, however, it is unsupported and\r\nthere will not be an official advisory for it. It will most likely be\r\nfixed by the community.\r\n\r\n- WRQ, Inc.\r\n\r\nNo versions of the WRQ Reflection for the Web Telnet clients are\r\nvulnerable as they return very limited terminal information in response\r\nto the NEW_ENVIRONMENT command and use dynamically-sized buffering.\r\nSecurity update and advisory information for WRQ Reflection for the Web\r\ncan be found at:\r\n \r\n http://support.wrq.com/techdocs/1704.html\r\n\r\nNo versions of the WRQ Reflection Telnet, TN3270, TN3270E, TN5250 or\r\nKerberized Telnet clients are vulnerable as they are not based on either\r\nthe BSD or MIT Telnet clients and use Microsoft Windows memory\r\nmanagement routines along with compile-time buffer overflow protection.\r\nSecurity update and advisory information for WRQ Reflection products can\r\nbe found at:\r\n\r\n http://support.wrq.com/techdocs/1708.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CAN-2005-0488 to this issue. The CVE Project has also assigned\r\nCAN-2005-1205 to identify this issue in Microsoft products. A separate\r\nCVE number was issued for Microsoft due to the differing code base used.\r\nThese are candidates for inclusion in the CVE list\r\n&#40;http://cve.mitre.org&#41;, which standardizes names for security problems.\r\n\r\nAdditionally, CERT has issued VU#800829 for this vulnerability.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n02/18/2005 Initial vendor notification\r\n06/14/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nGa&#235;l Delalleau is credited with this discovery.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2005 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2005-06-15T00:00:00", "title": "iDEFENSE Security Advisory 06.14.05: Multiple Vendor Telnet Client Information Disclosure Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:13", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-0488", "CVE-2005-1205"], "modified": "2005-06-15T00:00:00", "id": "SECURITYVULNS:DOC:8858", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8858", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "f5": [{"lastseen": "2018-07-04T01:25:37", "references": [], "description": "", "edition": 1, "reporter": "f5", "published": "2005-07-22T04:00:00", "title": "BSD telnet environment vulnerability CAN-2005-0488", "type": "f5", "enchantments": {"score": {"modified": "2018-07-04T01:25:37", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-0488"], "modified": "2018-07-03T23:29:00", "id": "F5:K4616", "href": "https://support.f5.com/csp/article/K4616", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:21", "references": [], "edition": 1, "description": "#### Was this resource helpful in solving your issue?\n\nYes - this resource was helpful \nNo - this resource was not helpful \nI don\u0091t know yet \n\n\nNOTE: Please do not provide personal information.\n\n \n \n\n\n#### Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear: \n", "reporter": "f5", "published": "2005-07-21T00:00:00", "title": "SOL4616 - BSD telnet environment vulnerability CAN-2005-0488", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-0488"], "modified": "2016-07-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/4000/600/sol4616.html", "id": "SOL4616", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:50:35", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "2.4.18-290", "arch": "i386", "packageFilename": "k_psmp-2.4.18-290.i386.rpm", "packageName": "k_psmp", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "2.4.21-202", "arch": "i586", "packageFilename": "k_smp-2.4.21-202.i586.rpm", "packageName": "k_smp", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "2.4.21-203", "arch": "i586", "packageFilename": "k_deflt-2.4.21-203.i586.rpm", "packageName": "k_deflt", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "2.4.21-201", "arch": "i586", "packageFilename": "k_athlon-2.4.21-201.i586.rpm", "packageName": "k_athlon", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "2.4.20-109", "arch": "i586", "packageFilename": "k_smp-2.4.20-109.i586.rpm", "packageName": "k_smp", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "2.4.18.SuSE-290", "arch": "i386", "packageFilename": "kernel-source-2.4.18.SuSE-290.i386.rpm", "packageName": "kernel-source", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "2.4.20-109", "arch": "i586", "packageFilename": "k_psmp-2.4.20-109.i586.rpm", "packageName": "k_psmp", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "2.4.21-201", "arch": "i586", "packageFilename": "k_psmp-2.4.21-201.i586.rpm", "packageName": "k_psmp", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "2.4.20.SuSE-109", "arch": "i586", "packageFilename": "kernel-source-2.4.20.SuSE-109.i586.rpm", "packageName": "kernel-source", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "2.4.18-290", "arch": "i386", "packageFilename": "k_smp-2.4.18-290.i386.rpm", "packageName": "k_smp", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "2.4.20-109", "arch": "i586", "packageFilename": "k_athlon-2.4.20-109.i586.rpm", "packageName": "k_athlon", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "2.4.21-202", "arch": "i586", "packageFilename": "k_smp4G-2.4.21-202.i586.rpm", "packageName": "k_smp4G", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "2.4.21-202", "arch": "i586", "packageFilename": "k_athlon-2.4.21-202.i586.rpm", "packageName": "k_athlon", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "2.4.21-202", "arch": "i586", "packageFilename": "k_deflt-2.4.21-202.i586.rpm", "packageName": "k_deflt", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "2.4.18-290", "arch": "i386", "packageFilename": "k_i386-2.4.18-290.i386.rpm", "packageName": "k_i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "2.4.21-202", "arch": "i586", "packageFilename": "kernel-source-2.4.21-202.i586.rpm", "packageName": "kernel-source", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "2.4.21-201", "arch": "i586", "packageFilename": "kernel-source-2.4.21-201.i586.rpm", "packageName": "kernel-source", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "2.4.21-201", "arch": "i586", "packageFilename": "k_smp-2.4.21-201.i586.rpm", "packageName": "k_smp", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "2.4.18-290", "arch": "i386", "packageFilename": "k_deflt-2.4.18-290.i386.rpm", "packageName": "k_deflt", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "2.4.21-202", "arch": "i586", "packageFilename": "k_um-2.4.21-202.i586.rpm", "packageName": "k_um", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "2.4.20-109", "arch": "i586", "packageFilename": "k_deflt-2.4.20-109.i586.rpm", "packageName": "k_deflt", "operator": "lt"}], "description": "iDEFENSE Inc. informed us about a buffer overflow in the linux 2.4 kernel code which handles ISO9660 filesystems. The original code is not able to handle very long symlink names. The vulnerability can be triggered locally by mounting removable media that contains a malformed filesystem or by using the loopback device. Exploiting this buffer overflow results in kernel-level access to the system.", "edition": 1, "reporter": "Suse", "published": "2004-04-14T15:46:44", "title": "local privilege escalation in Linux Kernel", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0991", "CVE-2004-0113", "CVE-2004-0179", "CVE-2004-0174", "CVE-2004-0153", "CVE-2004-0175", "CVE-2003-0020", "CVE-2004-0152", "CVE-2004-0181", "CVE-2004-0109"], "modified": "2004-04-14T15:46:44", "id": "SUSE-SA:2004:009", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-04/msg00004.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}