Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
{"ubuntucve": [{"lastseen": "2021-07-31T02:16:37", "description": "Use-after-free vulnerability in the gss_indicate_mechs function in\nlib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown\nimpact and attack vectors. NOTE: this might be the result of a typo in the\nsource code.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[kees](<https://launchpad.net/~kees>) | upstream did not publish a security update for this issue\n", "cvss3": {}, "published": "2007-12-05T00:00:00", "type": "ubuntucve", "title": "CVE-2007-5901", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5901"], "modified": "2007-12-05T00:00:00", "id": "UB:CVE-2007-5901", "href": "https://ubuntu.com/security/CVE-2007-5901", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-02-25T00:40:42", "description": "Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.", "cvss3": {}, "published": "2007-12-06T02:46:00", "type": "debiancve", "title": "CVE-2007-5901", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5901"], "modified": "2007-12-06T02:46:00", "id": "DEBIANCVE:CVE-2007-5901", "href": "https://security-tracker.debian.org/tracker/CVE-2007-5901", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:59", "description": " [1.6.1-17.el5_1.1]\n - add preliminary patch to fix use of uninitialized pointer / double-free in\n KDC (CVE-2008-0062,CVE-2008-0063) (#432620, #432621)\n - add backported patch to fix use-after-free in libgssapi_krb5 \n (CVE-2007-5901)\n (#415321)\n - add backported patch to fix double-free in libgssapi_krb5 (CVE-2007-5971)\n (#415351)\n - add preliminary patch to fix incorrect handling of high-numbered \n descriptors\n in the RPC library (CVE-2008-0947) (#433596)\n - fix storage of delegated krb5 credentials when they've been wrapped up in\n spnego (#436460)\n - return a delegated credential handle even if the application didn't pass a\n location to store the flags which would be used to indicate that \n credentials\n were delegated (#436465)\n - add patch to fall back to TCP kpasswd servers for kdc-unreachable,\n can't-resolve-server, and response-too-big errors (#436467)\n - use the right sequence numbers when generating password-set/change \n requests\n for kpasswd servers after the first one (#436468)\n - backport from 1.6.3 to initialize a library-allocated get_init_creds_opt\n structure the same way we would one which was allocated by the calling\n application, to restore kinit's traditional behavior of doing a password\n change right when it detects an expired password (#436470) ", "cvss3": {}, "published": "2008-03-18T00:00:00", "type": "oraclelinux", "title": "Critical: krb5 security and bugfix update ", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-5971", "CVE-2008-0062"], "modified": "2008-03-18T00:00:00", "id": "ELSA-2008-0164", "href": "http://linux.oracle.com/errata/ELSA-2008-0164.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-04-09T11:39:42", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for krb5 MDVSA-2008:069 (krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-5971", "CVE-2008-0062"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830705", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830705", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDVSA-2008:069 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple memory management flaws were found in the GSSAPI library\n used by Kerberos that could result in the use of already freed memory\n or an attempt to free already freed memory, possibly leading to a\n crash or allowing the execution of arbitrary code (CVE-2007-5901,\n CVE-2007-5971).\n\n A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4\n protocol packets. An unauthenticated remote attacker could use this\n flaw to crash the krb5kdc daemon, disclose portions of its memory,\n or possibly %execute arbitrary code using malformed or truncated\n Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063).\n \n This issue only affects krb5kdc when it has Kerberos v4 protocol\n compatibility enabled, which is a compiled-in default in all\n Kerberos versions that Mandriva Linux ships prior to Mandriva\n Linux 2008.0. Kerberos v4 protocol support can be disabled by\n adding v4_mode=none (without quotes) to the [kdcdefaults] section\n of /etc/kerberos/krb5kdc/kdc.conf.\n \n A flaw in the RPC library as used in Kerberos' kadmind was discovered\n by Jeff Altman of Secure Endpoints. An unauthenticated remote attacker\n could use this vulnerability to crash kadmind or possibly execute\n arbitrary code in systems with certain resource limits configured;\n this does not affect the default resource limits used by Mandriva Linux\n (CVE-2008-0947).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-03/msg00018.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830705\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:069\");\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_name( \"Mandriva Update for krb5 MDVSA-2008:069 (krb5)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:05:42", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-924-1", "cvss3": {}, "published": "2010-04-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for krb5 vulnerabilities USN-924-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2010-0629", "CVE-2007-5972", "CVE-2007-5971", "CVE-2007-5902"], "modified": "2018-01-25T00:00:00", "id": "OPENVAS:1361412562310840414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_924_1.nasl 8528 2018-01-25 07:57:36Z teissa $\n#\n# Ubuntu Update for krb5 vulnerabilities USN-924-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sol Jerome discovered that the Kerberos kadmind service did not correctly\n free memory. An unauthenticated remote attacker could send specially\n crafted traffic to crash the kadmind process, leading to a denial of\n service. (CVE-2010-0629)\n\n It was discovered that Kerberos did not correctly free memory in\n the GSSAPI library. If a remote attacker were able to manipulate an\n application using GSSAPI carefully, the service could crash, leading to\n a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901,\n CVE-2007-5971)\n \n It was discovered that Kerberos did not correctly free memory in the\n GSSAPI and kdb libraries. If a remote attacker were able to manipulate\n an application using these libraries carefully, the service could crash,\n leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.)\n (CVE-2007-5902, CVE-2007-5972)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-924-1\";\ntag_affected = \"krb5 vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-924-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840414\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"924-1\");\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\", \"CVE-2010-0629\");\n script_name(\"Ubuntu Update for krb5 vulnerabilities USN-924-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:03", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for krb5 RHSA-2008:0164-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-5971", "CVE-2008-0062"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870072", "href": "http://plugins.openvas.org/nasl.php?oid=870072", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for krb5 RHSA-2008:0164-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other through use of symmetric encryption\n and a trusted third party, the KDC.\n\n A flaw was found in the way the MIT Kerberos Authentication Service and Key\n Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\n An unauthenticated remote attacker could use this flaw to crash the\n krb5kdc daemon, disclose portions of its memory, or possibly execute\n arbitrary code using malformed or truncated Kerberos v4 protocol requests.\n (CVE-2008-0062, CVE-2008-0063)\n \n This issue only affected krb5kdc with Kerberos v4 protocol compatibility\n enabled, which is the default setting on Red Hat Enterprise Linux 4.\n Kerberos v4 protocol support can be disabled by adding "v4_mode=none"\n (without the quotes) to the "[kdcdefaults]" section of\n /var/kerberos/krb5kdc/kdc.conf.\n \n Jeff Altman of Secure Endpoints discovered a flaw in the RPC library as\n used by MIT Kerberos kadmind server. An unauthenticated remote attacker\n could use this flaw to crash kadmind or possibly execute arbitrary code.\n This issue only affected systems with certain resource limits configured\n and did not affect systems using default resource limits used by Red Hat\n Enterprise Linux 5. (CVE-2008-0947)\n \n Red Hat would like to thank MIT for reporting these issues.\n \n Multiple memory management flaws were discovered in the GSSAPI library used\n by MIT Kerberos. These flaws could possibly result in use of already freed\n memory or an attempt to free already freed memory blocks (double-free\n flaw), possibly causing a crash or arbitrary code execution.\n (CVE-2007-5901, CVE-2007-5971)\n \n In addition to the security issues resolved above, the following bugs were\n also fixed:\n \n * delegated krb5 credentials were not properly stored when SPNEGO was the\n underlying mechanism during GSSAPI authentication. Consequently,\n applications attempting to copy delegated Kerberos 5 credentials into a\n credential cache received an "Invalid credential was supplied" message\n rather than a copy of the delegated credentials. With this update, SPNEGO\n credentials can be properly searched, allowing applications to copy\n delegated credentials as expected.\n \n * applications can initiate context acceptance (via gss_accept_sec_context)\n without passing a ret_flags value that would indicate that credentials were\n delegated. A delegated credential handle should have been returned in such\n instances. This updated package adds a temp_ret_flag that stores th ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"krb5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00009.html\");\n script_id(870072);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0164-01\");\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_name( \"RedHat Update for krb5 RHSA-2008:0164-01\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:28", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for krb5 MDVSA-2008:069 (krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-5971", "CVE-2008-0062"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830705", "href": "http://plugins.openvas.org/nasl.php?oid=830705", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDVSA-2008:069 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple memory management flaws were found in the GSSAPI library\n used by Kerberos that could result in the use of already freed memory\n or an attempt to free already freed memory, possibly leading to a\n crash or allowing the execution of arbitrary code (CVE-2007-5901,\n CVE-2007-5971).\n\n A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4\n protocol packets. An unauthenticated remote attacker could use this\n flaw to crash the krb5kdc daemon, disclose portions of its memory,\n or possibly %execute arbitrary code using malformed or truncated\n Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063).\n \n This issue only affects krb5kdc when it has Kerberos v4 protocol\n compatibility enabled, which is a compiled-in default in all\n Kerberos versions that Mandriva Linux ships prior to Mandriva\n Linux 2008.0. Kerberos v4 protocol support can be disabled by\n adding v4_mode=none (without quotes) to the [kdcdefaults] section\n of /etc/kerberos/krb5kdc/kdc.conf.\n \n A flaw in the RPC library as used in Kerberos' kadmind was discovered\n by Jeff Altman of Secure Endpoints. An unauthenticated remote attacker\n could use this vulnerability to crash kadmind or possibly execute\n arbitrary code in systems with certain resource limits configured;\n this does not affect the default resource limits used by Mandriva Linux\n (CVE-2008-0947).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-03/msg00018.php\");\n script_id(830705);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:069\");\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_name( \"Mandriva Update for krb5 MDVSA-2008:069 (krb5)\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.5.2~6.6mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.2~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:42", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2008-2647", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-5971", "CVE-2008-0062"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860483", "href": "http://plugins.openvas.org/nasl.php?oid=860483", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2008-2647\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 8\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html\");\n script_id(860483);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2647\");\n script_cve_id(\"CVE-2007-5971\", \"CVE-2007-5901\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_name( \"Fedora Update for krb5 FEDORA-2008-2647\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.2~14.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:41", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for krb5 RHSA-2008:0164-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-5971", "CVE-2008-0062"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870072", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870072", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for krb5 RHSA-2008:0164-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other through use of symmetric encryption\n and a trusted third party, the KDC.\n\n A flaw was found in the way the MIT Kerberos Authentication Service and Key\n Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\n An unauthenticated remote attacker could use this flaw to crash the\n krb5kdc daemon, disclose portions of its memory, or possibly execute\n arbitrary code using malformed or truncated Kerberos v4 protocol requests.\n (CVE-2008-0062, CVE-2008-0063)\n \n This issue only affected krb5kdc with Kerberos v4 protocol compatibility\n enabled, which is the default setting on Red Hat Enterprise Linux 4.\n Kerberos v4 protocol support can be disabled by adding "v4_mode=none"\n (without the quotes) to the "[kdcdefaults]" section of\n /var/kerberos/krb5kdc/kdc.conf.\n \n Jeff Altman of Secure Endpoints discovered a flaw in the RPC library as\n used by MIT Kerberos kadmind server. An unauthenticated remote attacker\n could use this flaw to crash kadmind or possibly execute arbitrary code.\n This issue only affected systems with certain resource limits configured\n and did not affect systems using default resource limits used by Red Hat\n Enterprise Linux 5. (CVE-2008-0947)\n \n Red Hat would like to thank MIT for reporting these issues.\n \n Multiple memory management flaws were discovered in the GSSAPI library used\n by MIT Kerberos. These flaws could possibly result in use of already freed\n memory or an attempt to free already freed memory blocks (double-free\n flaw), possibly causing a crash or arbitrary code execution.\n (CVE-2007-5901, CVE-2007-5971)\n \n In addition to the security issues resolved above, the following bugs were\n also fixed:\n \n * delegated krb5 credentials were not properly stored when SPNEGO was the\n underlying mechanism during GSSAPI authentication. Consequently,\n applications attempting to copy delegated Kerberos 5 credentials into a\n credential cache received an "Invalid credential was supplied" message\n rather than a copy of the delegated credentials. With this update, SPNEGO\n credentials can be properly searched, allowing applications to copy\n delegated credentials as expected.\n \n * applications can initiate context acceptance (via gss_accept_sec_context)\n without passing a ret_flags value that would indicate that credentials were\n delegated. A delegated credential handle should have been returned in such\n instances. This updated package adds a temp_ret_flag that stores th ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"krb5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00009.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870072\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0164-01\");\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_name( \"RedHat Update for krb5 RHSA-2008:0164-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~17.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:56", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-924-1", "cvss3": {}, "published": "2010-04-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for krb5 vulnerabilities USN-924-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2010-0629", "CVE-2007-5972", "CVE-2007-5971", "CVE-2007-5902"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840414", "href": "http://plugins.openvas.org/nasl.php?oid=840414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_924_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for krb5 vulnerabilities USN-924-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sol Jerome discovered that the Kerberos kadmind service did not correctly\n free memory. An unauthenticated remote attacker could send specially\n crafted traffic to crash the kadmind process, leading to a denial of\n service. (CVE-2010-0629)\n\n It was discovered that Kerberos did not correctly free memory in\n the GSSAPI library. If a remote attacker were able to manipulate an\n application using GSSAPI carefully, the service could crash, leading to\n a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901,\n CVE-2007-5971)\n \n It was discovered that Kerberos did not correctly free memory in the\n GSSAPI and kdb libraries. If a remote attacker were able to manipulate\n an application using these libraries carefully, the service could crash,\n leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.)\n (CVE-2007-5902, CVE-2007-5972)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-924-1\";\ntag_affected = \"krb5 vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-924-1/\");\n script_id(840414);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"924-1\");\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\", \"CVE-2010-0629\");\n script_name(\"Ubuntu Update for krb5 vulnerabilities USN-924-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:26", "description": "Oracle Linux Local Security Checks ELSA-2008-0164", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0164", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-5971", "CVE-2008-0062"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0164.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122602\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:02 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0164\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0164 - Critical: krb5 security and bugfix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0164\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0164.html\");\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~17.el5_1.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~17.el5_1.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~17.el5_1.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~17.el5_1.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-10-30T10:46:23", "description": "The remote host is missing updates announced in\nadvisory GLSA 200803-31.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200803-31 (mit-krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-5971", "CVE-2008-0062", "CVE-2007-5894"], "modified": "2017-10-26T00:00:00", "id": "OPENVAS:60623", "href": "http://plugins.openvas.org/nasl.php?oid=60623", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in MIT Kerberos 5, which could\nallow a remote unauthenticated user to execute arbitrary code with root\nprivileges.\";\ntag_solution = \"All MIT Kerberos 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.6.3-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200803-31\nhttp://bugs.gentoo.org/show_bug.cgi?id=199205\nhttp://bugs.gentoo.org/show_bug.cgi?id=212363\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200803-31.\";\n\n \n\nif(description)\n{\n script_id(60623);\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-5894\", \"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200803-31 (mit-krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/mit-krb5\", unaffected: make_list(\"ge 1.6.3-r1\"), vulnerable: make_list(\"lt 1.6.3-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:33", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2008-2637", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-2442", "CVE-2007-2798", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-4743", "CVE-2007-0957", "CVE-2007-5971", "CVE-2007-0956", "CVE-2007-1216", "CVE-2007-4000", "CVE-2007-2443", "CVE-2007-3999", "CVE-2008-0062"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860003", "href": "http://plugins.openvas.org/nasl.php?oid=860003", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2008-2637\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 7\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html\");\n script_id(860003);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2637\");\n script_cve_id(\"CVE-2007-5971\", \"CVE-2007-5901\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\", \"CVE-2007-3999\", \"CVE-2007-4743\", \"CVE-2007-4000\", \"CVE-2007-2442\", \"CVE-2007-2443\", \"CVE-2007-2798\", \"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"Fedora Update for krb5 FEDORA-2008-2637\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.1~9.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2022-02-27T15:52:03", "description": "**CentOS Errata and Security Advisory** CESA-2008:0164\n\n\nKerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\r\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\r\nAn unauthenticated remote attacker could use this flaw to crash the\r\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\r\narbitrary code using malformed or truncated Kerberos v4 protocol requests.\r\n(CVE-2008-0062, CVE-2008-0063)\r\n\r\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\r\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\r\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\r\n(without the quotes) to the \"[kdcdefaults]\" section of\r\n/var/kerberos/krb5kdc/kdc.conf.\r\n\r\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library as\r\nused by MIT Kerberos kadmind server. An unauthenticated remote attacker\r\ncould use this flaw to crash kadmind or possibly execute arbitrary code.\r\nThis issue only affected systems with certain resource limits configured\r\nand did not affect systems using default resource limits used by Red Hat\r\nEnterprise Linux 5. (CVE-2008-0947)\r\n\r\nRed Hat would like to thank MIT for reporting these issues.\r\n\r\nMultiple memory management flaws were discovered in the GSSAPI library used\r\nby MIT Kerberos. These flaws could possibly result in use of already freed\r\nmemory or an attempt to free already freed memory blocks (double-free\r\nflaw), possibly causing a crash or arbitrary code execution.\r\n(CVE-2007-5901, CVE-2007-5971)\r\n\r\nIn addition to the security issues resolved above, the following bugs were\r\nalso fixed:\r\n\r\n* delegated krb5 credentials were not properly stored when SPNEGO was the\r\nunderlying mechanism during GSSAPI authentication. Consequently,\r\napplications attempting to copy delegated Kerberos 5 credentials into a\r\ncredential cache received an \"Invalid credential was supplied\" message\r\nrather than a copy of the delegated credentials. With this update, SPNEGO\r\ncredentials can be properly searched, allowing applications to copy\r\ndelegated credentials as expected.\r\n\r\n* applications can initiate context acceptance (via gss_accept_sec_context)\r\nwithout passing a ret_flags value that would indicate that credentials were\r\ndelegated. A delegated credential handle should have been returned in such\r\ninstances. This updated package adds a temp_ret_flag that stores the\r\ncredential status in the event no other ret_flags value is passed by an\r\napplication calling gss_accept_sec_context.\r\n\r\n* kpasswd did not fallback to TCP on receipt of certain errors, or when a\r\npacket was too big for UDP. This update corrects this.\r\n\r\n* when the libkrb5 password-routine generated a set-password or\r\nchange-password request, incorrect sequence numbers were generated for all\r\nrequests subsequent to the first request. This caused password change\r\nrequests to fail if the primary server was unavailable. This updated\r\npackage corrects this by saving the sequence number value after the AP-REQ\r\ndata is built and restoring this value before the request is generated.\r\n\r\n* when a user's password expired, kinit would not prompt that user to\r\nchange the password, instead simply informing the user their password had\r\nexpired. This update corrects this behavior: kinit now prompts for a new\r\npassword to be set when a password has expired.\r\n\r\nAll krb5 users are advised to upgrade to these updated packages, which\r\ncontain backported fixes to address these vulnerabilities and fix these\r\nbugs.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/051685.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-March/051686.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2008:0164", "cvss3": {}, "published": "2008-03-19T00:46:42", "type": "centos", "title": "krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2008-03-19T00:46:43", "id": "CESA-2008:0164", "href": "https://lists.centos.org/pipermail/centos-announce/2008-March/051685.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:55:39", "description": "Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. (CVE-2010-0629)\n\nIt was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, CVE-2007-5971)\n\nIt was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.) (CVE-2007-5902, CVE-2007-5972).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-03-09T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : krb5 vulnerabilities (USN-924-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2007-5902", "CVE-2007-5971", "CVE-2007-5972", "CVE-2010-0629"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-clients", "p-cpe:/a:canonical:ubuntu_linux:krb5-doc", "p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap", "p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit", "p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:libkadm55", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev", "p-cpe:/a:canonical:ubuntu_linux:libkrb53", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-924-1.NASL", "href": "https://www.tenable.com/plugins/nessus/65123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-924-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65123);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\", \"CVE-2010-0629\");\n script_bugtraq_id(26750);\n script_xref(name:\"USN\", value:\"924-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : krb5 vulnerabilities (USN-924-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sol Jerome discovered that the Kerberos kadmind service did not\ncorrectly free memory. An unauthenticated remote attacker could send\nspecially crafted traffic to crash the kadmind process, leading to a\ndenial of service. (CVE-2010-0629)\n\nIt was discovered that Kerberos did not correctly free memory in the\nGSSAPI library. If a remote attacker were able to manipulate an\napplication using GSSAPI carefully, the service could crash, leading\nto a denial of service. (Ubuntu 8.10 was not affected.)\n(CVE-2007-5901, CVE-2007-5971)\n\nIt was discovered that Kerberos did not correctly free memory in the\nGSSAPI and kdb libraries. If a remote attacker were able to manipulate\nan application using these libraries carefully, the service could\ncrash, leading to a denial of service. (Only Ubuntu 8.04 LTS was\naffected.) (CVE-2007-5902, CVE-2007-5972).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/924-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-clients / krb5-doc / krb5-ftpd / krb5-kdc / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:49", "description": "This update incorporates fixes included in MITKRB5-SA-2008-001 (use of uninitialized pointer / double-free in the KDC when v4 compatibility is enabled) and MITKRB5-SA-2008-002 (incorrect handling of high-numbered descriptors in the RPC library). This update also incorporates less-critical fixes for a double- free (CVE-2007-5971) and an incorrect attempt to free non-heap memory (CVE-2007-5901) in the GSSAPI library.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "Fedora 7 : krb5-1.6.1-9.fc7 (2008-2637)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:krb5", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2008-2637.NASL", "href": "https://www.tenable.com/plugins/nessus/31668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2637.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31668);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_bugtraq_id(26750, 28302, 28303);\n script_xref(name:\"FEDORA\", value:\"2008-2637\");\n\n script_name(english:\"Fedora 7 : krb5-1.6.1-9.fc7 (2008-2637)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates fixes included in MITKRB5-SA-2008-001 (use of\nuninitialized pointer / double-free in the KDC when v4 compatibility\nis enabled) and MITKRB5-SA-2008-002 (incorrect handling of\nhigh-numbered descriptors in the RPC library). This update also\nincorporates less-critical fixes for a double- free (CVE-2007-5971)\nand an incorrect attempt to free non-heap memory (CVE-2007-5901) in\nthe GSSAPI library.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=415321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=415351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=433596\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008876.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d03904b0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"krb5-1.6.1-9.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:09", "description": "Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf.\n\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library as used by MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind or possibly execute arbitrary code. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nMultiple memory management flaws were discovered in the GSSAPI library used by MIT Kerberos. These flaws could possibly result in use of already freed memory or an attempt to free already freed memory blocks (double-free flaw), possibly causing a crash or arbitrary code execution. (CVE-2007-5901, CVE-2007-5971)\n\nIn addition to the security issues resolved above, the following bugs were also fixed :\n\n* delegated krb5 credentials were not properly stored when SPNEGO was the underlying mechanism during GSSAPI authentication. Consequently, applications attempting to copy delegated Kerberos 5 credentials into a credential cache received an 'Invalid credential was supplied' message rather than a copy of the delegated credentials. With this update, SPNEGO credentials can be properly searched, allowing applications to copy delegated credentials as expected.\n\n* applications can initiate context acceptance (via gss_accept_sec_context) without passing a ret_flags value that would indicate that credentials were delegated. A delegated credential handle should have been returned in such instances. This updated package adds a temp_ret_flag that stores the credential status in the event no other ret_flags value is passed by an application calling gss_accept_sec_context.\n\n* kpasswd did not fallback to TCP on receipt of certain errors, or when a packet was too big for UDP. This update corrects this.\n\n* when the libkrb5 password-routine generated a set-password or change-password request, incorrect sequence numbers were generated for all requests subsequent to the first request. This caused password change requests to fail if the primary server was unavailable. This updated package corrects this by saving the sequence number value after the AP-REQ data is built and restoring this value before the request is generated.\n\n* when a user's password expired, kinit would not prompt that user to change the password, instead simply informing the user their password had expired. This update corrects this behavior: kinit now prompts for a new password to be set when a password has expired.\n\nAll krb5 users are advised to upgrade to these updated packages, which contain backported fixes to address these vulnerabilities and fix these bugs.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-19T00:00:00", "type": "nessus", "title": "RHEL 5 : krb5 (RHSA-2008:0164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-server", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.1"], "id": "REDHAT-RHSA-2008-0164.NASL", "href": "https://www.tenable.com/plugins/nessus/31616", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0164. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31616);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_bugtraq_id(26750, 28302, 28303);\n script_xref(name:\"RHSA\", value:\"2008:0164\");\n\n script_name(english:\"RHEL 5 : krb5 (RHSA-2008:0164)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that resolve several issues and fix multiple\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library\nas used by MIT Kerberos kadmind server. An unauthenticated remote\nattacker could use this flaw to crash kadmind or possibly execute\narbitrary code. This issue only affected systems with certain resource\nlimits configured and did not affect systems using default resource\nlimits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nMultiple memory management flaws were discovered in the GSSAPI library\nused by MIT Kerberos. These flaws could possibly result in use of\nalready freed memory or an attempt to free already freed memory blocks\n(double-free flaw), possibly causing a crash or arbitrary code\nexecution. (CVE-2007-5901, CVE-2007-5971)\n\nIn addition to the security issues resolved above, the following bugs\nwere also fixed :\n\n* delegated krb5 credentials were not properly stored when SPNEGO was\nthe underlying mechanism during GSSAPI authentication. Consequently,\napplications attempting to copy delegated Kerberos 5 credentials into\na credential cache received an 'Invalid credential was supplied'\nmessage rather than a copy of the delegated credentials. With this\nupdate, SPNEGO credentials can be properly searched, allowing\napplications to copy delegated credentials as expected.\n\n* applications can initiate context acceptance (via\ngss_accept_sec_context) without passing a ret_flags value that would\nindicate that credentials were delegated. A delegated credential\nhandle should have been returned in such instances. This updated\npackage adds a temp_ret_flag that stores the credential status in the\nevent no other ret_flags value is passed by an application calling\ngss_accept_sec_context.\n\n* kpasswd did not fallback to TCP on receipt of certain errors, or\nwhen a packet was too big for UDP. This update corrects this.\n\n* when the libkrb5 password-routine generated a set-password or\nchange-password request, incorrect sequence numbers were generated for\nall requests subsequent to the first request. This caused password\nchange requests to fail if the primary server was unavailable. This\nupdated package corrects this by saving the sequence number value\nafter the AP-REQ data is built and restoring this value before the\nrequest is generated.\n\n* when a user's password expired, kinit would not prompt that user to\nchange the password, instead simply informing the user their password\nhad expired. This update corrects this behavior: kinit now prompts for\na new password to be set when a password has expired.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported fixes to address these vulnerabilities and fix\nthese bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0164\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0164\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"krb5-devel-1.6.1-17.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"krb5-libs-1.6.1-17.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"krb5-server-1.6.1-17.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"krb5-server-1.6.1-17.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"krb5-server-1.6.1-17.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"krb5-workstation-1.6.1-17.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"krb5-workstation-1.6.1-17.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"krb5-workstation-1.6.1-17.el5_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:35", "description": "Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf.\n\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library as used by MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind or possibly execute arbitrary code. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nMultiple memory management flaws were discovered in the GSSAPI library used by MIT Kerberos. These flaws could possibly result in use of already freed memory or an attempt to free already freed memory blocks (double-free flaw), possibly causing a crash or arbitrary code execution. (CVE-2007-5901, CVE-2007-5971)\n\nIn addition to the security issues resolved above, the following bugs were also fixed :\n\n* delegated krb5 credentials were not properly stored when SPNEGO was the underlying mechanism during GSSAPI authentication. Consequently, applications attempting to copy delegated Kerberos 5 credentials into a credential cache received an 'Invalid credential was supplied' message rather than a copy of the delegated credentials. With this update, SPNEGO credentials can be properly searched, allowing applications to copy delegated credentials as expected.\n\n* applications can initiate context acceptance (via gss_accept_sec_context) without passing a ret_flags value that would indicate that credentials were delegated. A delegated credential handle should have been returned in such instances. This updated package adds a temp_ret_flag that stores the credential status in the event no other ret_flags value is passed by an application calling gss_accept_sec_context.\n\n* kpasswd did not fallback to TCP on receipt of certain errors, or when a packet was too big for UDP. This update corrects this.\n\n* when the libkrb5 password-routine generated a set-password or change-password request, incorrect sequence numbers were generated for all requests subsequent to the first request. This caused password change requests to fail if the primary server was unavailable. This updated package corrects this by saving the sequence number value after the AP-REQ data is built and restoring this value before the request is generated.\n\n* when a user's password expired, kinit would not prompt that user to change the password, instead simply informing the user their password had expired. This update corrects this behavior: kinit now prompts for a new password to be set when a password has expired.\n\nAll krb5 users are advised to upgrade to these updated packages, which contain backported fixes to address these vulnerabilities and fix these bugs.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : krb5 (CESA-2008:0164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-devel", "p-cpe:/a:centos:centos:krb5-libs", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-workstation", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0164.NASL", "href": "https://www.tenable.com/plugins/nessus/43676", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0164 and \n# CentOS Errata and Security Advisory 2008:0164 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43676);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_bugtraq_id(26750, 28302, 28303);\n script_xref(name:\"RHSA\", value:\"2008:0164\");\n\n script_name(english:\"CentOS 5 : krb5 (CESA-2008:0164)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that resolve several issues and fix multiple\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library\nas used by MIT Kerberos kadmind server. An unauthenticated remote\nattacker could use this flaw to crash kadmind or possibly execute\narbitrary code. This issue only affected systems with certain resource\nlimits configured and did not affect systems using default resource\nlimits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nMultiple memory management flaws were discovered in the GSSAPI library\nused by MIT Kerberos. These flaws could possibly result in use of\nalready freed memory or an attempt to free already freed memory blocks\n(double-free flaw), possibly causing a crash or arbitrary code\nexecution. (CVE-2007-5901, CVE-2007-5971)\n\nIn addition to the security issues resolved above, the following bugs\nwere also fixed :\n\n* delegated krb5 credentials were not properly stored when SPNEGO was\nthe underlying mechanism during GSSAPI authentication. Consequently,\napplications attempting to copy delegated Kerberos 5 credentials into\na credential cache received an 'Invalid credential was supplied'\nmessage rather than a copy of the delegated credentials. With this\nupdate, SPNEGO credentials can be properly searched, allowing\napplications to copy delegated credentials as expected.\n\n* applications can initiate context acceptance (via\ngss_accept_sec_context) without passing a ret_flags value that would\nindicate that credentials were delegated. A delegated credential\nhandle should have been returned in such instances. This updated\npackage adds a temp_ret_flag that stores the credential status in the\nevent no other ret_flags value is passed by an application calling\ngss_accept_sec_context.\n\n* kpasswd did not fallback to TCP on receipt of certain errors, or\nwhen a packet was too big for UDP. This update corrects this.\n\n* when the libkrb5 password-routine generated a set-password or\nchange-password request, incorrect sequence numbers were generated for\nall requests subsequent to the first request. This caused password\nchange requests to fail if the primary server was unavailable. This\nupdated package corrects this by saving the sequence number value\nafter the AP-REQ data is built and restoring this value before the\nrequest is generated.\n\n* when a user's password expired, kinit would not prompt that user to\nchange the password, instead simply informing the user their password\nhad expired. This update corrects this behavior: kinit now prompts for\na new password to be set when a password has expired.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported fixes to address these vulnerabilities and fix\nthese bugs.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014766.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b44b161\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014767.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?055da6b6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-devel-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-libs-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-server-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-workstation-1.6.1-17.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:08:24", "description": "Multiple memory management flaws were found in the GSSAPI library used by Kerberos that could result in the use of already freed memory or an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code (CVE-2007-5901, CVE-2007-5971).\n\nA flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly %execute arbitrary code using malformed or truncated Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063).\n\nThis issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0.\nKerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf.\n\nA flaw in the RPC library as used in Kerberos' kadmind was discovered by Jeff Altman of Secure Endpoints. An unauthenticated remote attacker could use this vulnerability to crash kadmind or possibly execute arbitrary code in systems with certain resource limits configured;\nthis does not affect the default resource limits used by Mandriva Linux (CVE-2008-0947).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2008:069)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ftp-client-krb5", "p-cpe:/a:mandriva:linux:ftp-server-krb5", "p-cpe:/a:mandriva:linux:krb5", "p-cpe:/a:mandriva:linux:krb5-server", "p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:lib64krb53", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:libkrb53", "p-cpe:/a:mandriva:linux:libkrb53-devel", "p-cpe:/a:mandriva:linux:telnet-client-krb5", "p-cpe:/a:mandriva:linux:telnet-server-krb5", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2008-069.NASL", "href": "https://www.tenable.com/plugins/nessus/38056", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:069. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38056);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_xref(name:\"MDVSA\", value:\"2008:069\");\n\n script_name(english:\"Mandriva Linux Security Advisory : krb5 (MDVSA-2008:069)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple memory management flaws were found in the GSSAPI library used\nby Kerberos that could result in the use of already freed memory or an\nattempt to free already freed memory, possibly leading to a crash or\nallowing the execution of arbitrary code (CVE-2007-5901,\nCVE-2007-5971).\n\nA flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly %execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests (CVE-2008-0062, CVE-2008-0063).\n\nThis issue only affects krb5kdc when it has Kerberos v4 protocol\ncompatibility enabled, which is a compiled-in default in all Kerberos\nversions that Mandriva Linux ships prior to Mandriva Linux 2008.0.\nKerberos v4 protocol support can be disabled by adding v4_mode=none\n(without quotes) to the [kdcdefaults] section of\n/etc/kerberos/krb5kdc/kdc.conf.\n\nA flaw in the RPC library as used in Kerberos' kadmind was discovered\nby Jeff Altman of Secure Endpoints. An unauthenticated remote attacker\ncould use this vulnerability to crash kadmind or possibly execute\narbitrary code in systems with certain resource limits configured;\nthis does not affect the default resource limits used by Mandriva\nLinux (CVE-2008-0947).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"ftp-client-krb5-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"ftp-server-krb5-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"krb5-server-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"krb5-workstation-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64krb53-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libkrb53-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libkrb53-devel-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"telnet-client-krb5-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"telnet-server-krb5-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"ftp-client-krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ftp-server-krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-server-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-workstation-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkrb53-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"telnet-client-krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"telnet-server-krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:51", "description": "From Red Hat Security Advisory 2008:0164 :\n\nUpdated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf.\n\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library as used by MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind or possibly execute arbitrary code. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nMultiple memory management flaws were discovered in the GSSAPI library used by MIT Kerberos. These flaws could possibly result in use of already freed memory or an attempt to free already freed memory blocks (double-free flaw), possibly causing a crash or arbitrary code execution. (CVE-2007-5901, CVE-2007-5971)\n\nIn addition to the security issues resolved above, the following bugs were also fixed :\n\n* delegated krb5 credentials were not properly stored when SPNEGO was the underlying mechanism during GSSAPI authentication. Consequently, applications attempting to copy delegated Kerberos 5 credentials into a credential cache received an 'Invalid credential was supplied' message rather than a copy of the delegated credentials. With this update, SPNEGO credentials can be properly searched, allowing applications to copy delegated credentials as expected.\n\n* applications can initiate context acceptance (via gss_accept_sec_context) without passing a ret_flags value that would indicate that credentials were delegated. A delegated credential handle should have been returned in such instances. This updated package adds a temp_ret_flag that stores the credential status in the event no other ret_flags value is passed by an application calling gss_accept_sec_context.\n\n* kpasswd did not fallback to TCP on receipt of certain errors, or when a packet was too big for UDP. This update corrects this.\n\n* when the libkrb5 password-routine generated a set-password or change-password request, incorrect sequence numbers were generated for all requests subsequent to the first request. This caused password change requests to fail if the primary server was unavailable. This updated package corrects this by saving the sequence number value after the AP-REQ data is built and restoring this value before the request is generated.\n\n* when a user's password expired, kinit would not prompt that user to change the password, instead simply informing the user their password had expired. This update corrects this behavior: kinit now prompts for a new password to be set when a password has expired.\n\nAll krb5 users are advised to upgrade to these updated packages, which contain backported fixes to address these vulnerabilities and fix these bugs.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : krb5 (ELSA-2008-0164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-workstation", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2008-0164.NASL", "href": "https://www.tenable.com/plugins/nessus/67664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0164 and \n# Oracle Linux Security Advisory ELSA-2008-0164 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67664);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_bugtraq_id(26750, 28302, 28303);\n script_xref(name:\"RHSA\", value:\"2008:0164\");\n\n script_name(english:\"Oracle Linux 5 : krb5 (ELSA-2008-0164)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0164 :\n\nUpdated krb5 packages that resolve several issues and fix multiple\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library\nas used by MIT Kerberos kadmind server. An unauthenticated remote\nattacker could use this flaw to crash kadmind or possibly execute\narbitrary code. This issue only affected systems with certain resource\nlimits configured and did not affect systems using default resource\nlimits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nMultiple memory management flaws were discovered in the GSSAPI library\nused by MIT Kerberos. These flaws could possibly result in use of\nalready freed memory or an attempt to free already freed memory blocks\n(double-free flaw), possibly causing a crash or arbitrary code\nexecution. (CVE-2007-5901, CVE-2007-5971)\n\nIn addition to the security issues resolved above, the following bugs\nwere also fixed :\n\n* delegated krb5 credentials were not properly stored when SPNEGO was\nthe underlying mechanism during GSSAPI authentication. Consequently,\napplications attempting to copy delegated Kerberos 5 credentials into\na credential cache received an 'Invalid credential was supplied'\nmessage rather than a copy of the delegated credentials. With this\nupdate, SPNEGO credentials can be properly searched, allowing\napplications to copy delegated credentials as expected.\n\n* applications can initiate context acceptance (via\ngss_accept_sec_context) without passing a ret_flags value that would\nindicate that credentials were delegated. A delegated credential\nhandle should have been returned in such instances. This updated\npackage adds a temp_ret_flag that stores the credential status in the\nevent no other ret_flags value is passed by an application calling\ngss_accept_sec_context.\n\n* kpasswd did not fallback to TCP on receipt of certain errors, or\nwhen a packet was too big for UDP. This update corrects this.\n\n* when the libkrb5 password-routine generated a set-password or\nchange-password request, incorrect sequence numbers were generated for\nall requests subsequent to the first request. This caused password\nchange requests to fail if the primary server was unavailable. This\nupdated package corrects this by saving the sequence number value\nafter the AP-REQ data is built and restoring this value before the\nrequest is generated.\n\n* when a user's password expired, kinit would not prompt that user to\nchange the password, instead simply informing the user their password\nhad expired. This update corrects this behavior: kinit now prompts for\na new password to be set when a password has expired.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported fixes to address these vulnerabilities and fix\nthese bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000547.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"krb5-devel-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-libs-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-server-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-workstation-1.6.1-17.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:55", "description": "This update incorporates fixes included in MITKRB5-SA-2008-001 (use of uninitialized pointer / double-free in the KDC when v4 compatibility is enabled) and MITKRB5-SA-2008-002 (incorrect handling of high-numbered descriptors in the RPC library). This update also incorporates less-critical fixes for a double- free (CVE-2007-5971) and an incorrect attempt to free non-heap memory (CVE-2007-5901) in the GSSAPI library. This update also fixes an incorrect calculation of the length of the absolute path name of a file when the relative path is known and the library needs to look up which SELinux label to apply to the file.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "Fedora 8 : krb5-1.6.2-14.fc8 (2008-2647)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:krb5", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-2647.NASL", "href": "https://www.tenable.com/plugins/nessus/31670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2647.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31670);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_bugtraq_id(26750, 28302, 28303);\n script_xref(name:\"FEDORA\", value:\"2008-2647\");\n\n script_name(english:\"Fedora 8 : krb5-1.6.2-14.fc8 (2008-2647)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates fixes included in MITKRB5-SA-2008-001 (use of\nuninitialized pointer / double-free in the KDC when v4 compatibility\nis enabled) and MITKRB5-SA-2008-002 (incorrect handling of\nhigh-numbered descriptors in the RPC library). This update also\nincorporates less-critical fixes for a double- free (CVE-2007-5971)\nand an incorrect attempt to free non-heap memory (CVE-2007-5901) in\nthe GSSAPI library. This update also fixes an incorrect calculation of\nthe length of the absolute path name of a file when the relative path\nis known and the library needs to look up which SELinux label to apply\nto the file.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=415321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=415351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=433596\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008883.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bf78340\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"krb5-1.6.2-14.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:51:42", "description": "The remote host is affected by the vulnerability described in GLSA-200803-31 (MIT Kerberos 5: Multiple vulnerabilities)\n\n Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063).\n Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947).\n Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971).\n Impact :\n\n The first two vulnerabilities can be exploited by a remote unauthenticated attacker to execute arbitrary code on the host running krb5kdc, compromise the Kerberos key database or cause a Denial of Service. These bugs can only be triggered when Kerberos 4 support is enabled.\n The RPC related vulnerability can be exploited by a remote unauthenticated attacker to crash kadmind, and theoretically execute arbitrary code with root privileges or cause database corruption. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process.\n The GSSAPI vulnerabilities could be exploited by a remote attacker to cause Denial of Service conditions or possibly execute arbitrary code.\n Workaround :\n\n Kerberos 4 support can be disabled via disabling the 'krb4' USE flag and recompiling the ebuild, or setting 'v4_mode=none' in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "GLSA-200803-31 : MIT Kerberos 5: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5894", "CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mit-krb5", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200803-31.NASL", "href": "https://www.tenable.com/plugins/nessus/31671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-31.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31671);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5894\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_xref(name:\"GLSA\", value:\"200803-31\");\n\n script_name(english:\"GLSA-200803-31 : MIT Kerberos 5: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-31\n(MIT Kerberos 5: Multiple vulnerabilities)\n\n Two vulnerabilities were found in the Kerberos 4 support in\n KDC: A global variable is not set for some incoming message types,\n leading to a NULL pointer dereference or a double free()\n (CVE-2008-0062) and unused portions of a buffer are not properly\n cleared when generating an error message, which results in stack\n content being contained in a reply (CVE-2008-0063).\n Jeff\n Altman (Secure Endpoints) discovered a buffer overflow in the RPC\n library server code, used in the kadmin server, caused when too many\n file descriptors are opened (CVE-2008-0947).\n Venustech AD-LAB\n discovered multiple vulnerabilities in the GSSAPI library: usage of a\n freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and\n a double free() vulnerability in the gss_krb5int_make_seal_token_v3()\n function (CVE-2007-5971).\n \nImpact :\n\n The first two vulnerabilities can be exploited by a remote\n unauthenticated attacker to execute arbitrary code on the host running\n krb5kdc, compromise the Kerberos key database or cause a Denial of\n Service. These bugs can only be triggered when Kerberos 4 support is\n enabled.\n The RPC related vulnerability can be exploited by a remote\n unauthenticated attacker to crash kadmind, and theoretically execute\n arbitrary code with root privileges or cause database corruption. This\n bug can only be triggered in configurations that allow large numbers of\n open file descriptors in a process.\n The GSSAPI vulnerabilities could be exploited by a remote attacker to\n cause Denial of Service conditions or possibly execute arbitrary code.\n \nWorkaround :\n\n Kerberos 4 support can be disabled via disabling the 'krb4' USE flag\n and recompiling the ebuild, or setting 'v4_mode=none' in the\n [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around\n the KDC related vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-31\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MIT Kerberos 5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.6.3-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mit-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/mit-krb5\", unaffected:make_list(\"ge 1.6.3-r1\"), vulnerable:make_list(\"lt 1.6.3-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MIT Kerberos 5\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:52", "description": "A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Scientific Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf.\n\nSL 3x only: A flaw was found in the RPC library used by the MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Scientific Linux 3. (CVE-2008-0948)\n\nSL 4x and 5x only: Multiple memory management flaws were discovered in the GSSAPI library used by MIT Kerberos. These flaws could possibly result in use of already freed memory or an attempt to free already freed memory blocks (double-free flaw), possibly causing a crash or arbitrary code execution. (CVE-2007-5901, CVE-2007-5971)\n\nSL 5x only: Jeff Altman of Secure Endpoints discovered a flaw in the RPC library as used by MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind or possibly execute arbitrary code. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947", "CVE-2008-0948"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080318_KRB5_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60373);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\", \"CVE-2008-0948\");\n\n script_name(english:\"Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Scientific\nLinux 4. Kerberos v4 protocol support can be disabled by adding\n'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of\n/var/kerberos/krb5kdc/kdc.conf.\n\nSL 3x only: A flaw was found in the RPC library used by the MIT\nKerberos kadmind server. An unauthenticated remote attacker could use\nthis flaw to crash kadmind. This issue only affected systems with\ncertain resource limits configured and did not affect systems using\ndefault resource limits used by Scientific Linux 3. (CVE-2008-0948)\n\nSL 4x and 5x only: Multiple memory management flaws were discovered in\nthe GSSAPI library used by MIT Kerberos. These flaws could possibly\nresult in use of already freed memory or an attempt to free already\nfreed memory blocks (double-free flaw), possibly causing a crash or\narbitrary code execution. (CVE-2007-5901, CVE-2007-5971)\n\nSL 5x only: Jeff Altman of Secure Endpoints discovered a flaw in the\nRPC library as used by MIT Kerberos kadmind server. An unauthenticated\nremote attacker could use this flaw to crash kadmind or possibly\nexecute arbitrary code. This issue only affected systems with certain\nresource limits configured and did not affect systems using default\nresource limits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0803&L=scientific-linux-errata&T=0&P=1691\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d795345\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"krb5-devel-1.2.7-68\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"krb5-libs-1.2.7-68\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"krb5-server-1.2.7-68\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"krb5-workstation-1.2.7-68\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"krb5-devel-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"krb5-libs-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"krb5-server-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"krb5-workstation-1.3.4-54.el4_6.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"krb5-devel-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"krb5-libs-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"krb5-server-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"krb5-workstation-1.6.1-17.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:00", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. \n\nThis update contains several security fixes for a number of programs.", "cvss3": {"score": null, "vector": null}, "published": "2008-03-19T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2008-002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-3352", "CVE-2005-4077", "CVE-2006-3334", "CVE-2006-3747", "CVE-2006-5793", "CVE-2006-6481", "CVE-2007-0897", "CVE-2007-0898", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-1745", "CVE-2007-1997", "CVE-2007-2445", "CVE-2007-2799", "CVE-2007-3378", "CVE-2007-3725", "CVE-2007-3799", "CVE-2007-3847", "CVE-2007-4510", "CVE-2007-4560", "CVE-2007-4568", "CVE-2007-4752", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4887", "CVE-2007-4990", "CVE-2007-5000", "CVE-2007-5266", "CVE-2007-5267", "CVE-2007-5268", "CVE-2007-5269", "CVE-2007-5795", "CVE-2007-5901", "CVE-2007-5958", "CVE-2007-5971", "CVE-2007-6109", "CVE-2007-6203", "CVE-2007-6335", "CVE-2007-6336", "CVE-2007-6337", "CVE-2007-6388", "CVE-2007-6421", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0005", "CVE-2008-0006", "CVE-2008-0044", "CVE-2008-0045", "CVE-2008-0046", "CVE-2008-0047", "CVE-2008-0048", "CVE-2008-0049", "CVE-2008-0050", "CVE-2008-0051", "CVE-2008-0052", "CVE-2008-0053", "CVE-2008-0054", "CVE-2008-0055", "CVE-2008-0056", "CVE-2008-0057", "CVE-2008-0058", "CVE-2008-0059", "CVE-2008-0060", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0318", "CVE-2008-0596", "CVE-2008-0728", "CVE-2008-0882", "CVE-2008-0987", "CVE-2008-0988", "CVE-2008-0989", "CVE-2008-0990", "CVE-2008-0992", "CVE-2008-0993", "CVE-2008-0994", "CVE-2008-0995", "CVE-2008-0996", "CVE-2008-0997", "CVE-2008-0998", "CVE-2008-0999", "CVE-2008-1000"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2008-002.NASL", "href": "https://www.tenable.com/plugins/nessus/31605", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31605);\n script_version (\"1.38\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-4077\", \"CVE-2006-3334\", \"CVE-2006-3747\", \"CVE-2006-5793\",\n \"CVE-2006-6481\", \"CVE-2007-0897\", \"CVE-2007-0898\", \"CVE-2007-1659\", \"CVE-2007-1660\",\n \"CVE-2007-1661\", \"CVE-2007-1662\", \"CVE-2007-1745\", \"CVE-2007-1997\", \"CVE-2007-2445\",\n \"CVE-2007-2799\", \"CVE-2007-3378\", \"CVE-2007-3725\", \"CVE-2007-3799\", \"CVE-2007-3847\",\n \"CVE-2007-4510\", \"CVE-2007-4560\", \"CVE-2007-4568\", \"CVE-2007-4752\", \"CVE-2007-4766\",\n \"CVE-2007-4767\", \"CVE-2007-4768\", \"CVE-2007-4887\", \"CVE-2007-4990\", \"CVE-2007-5000\",\n \"CVE-2007-5266\", \"CVE-2007-5267\", \"CVE-2007-5268\", \"CVE-2007-5269\", \"CVE-2007-5795\",\n \"CVE-2007-5901\", \"CVE-2007-5958\", \"CVE-2007-5971\", \"CVE-2007-6109\", \"CVE-2007-6203\",\n \"CVE-2007-6335\", \"CVE-2007-6336\", \"CVE-2007-6337\", \"CVE-2007-6388\", \"CVE-2007-6421\",\n \"CVE-2007-6427\", \"CVE-2007-6428\", \"CVE-2007-6429\", \"CVE-2008-0005\", \"CVE-2008-0006\",\n \"CVE-2008-0044\", \"CVE-2008-0045\", \"CVE-2008-0046\", \"CVE-2008-0047\", \"CVE-2008-0048\",\n \"CVE-2008-0049\", \"CVE-2008-0050\", \"CVE-2008-0051\", \"CVE-2008-0052\", \"CVE-2008-0053\",\n \"CVE-2008-0054\", \"CVE-2008-0055\", \"CVE-2008-0056\", \"CVE-2008-0057\", \"CVE-2008-0058\",\n \"CVE-2008-0059\", \"CVE-2008-0060\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0318\",\n \"CVE-2008-0596\", \"CVE-2008-0728\", \"CVE-2008-0882\", \"CVE-2008-0987\", \"CVE-2008-0988\",\n \"CVE-2008-0989\", \"CVE-2008-0990\", \"CVE-2008-0992\", \"CVE-2008-0993\", \"CVE-2008-0994\",\n \"CVE-2008-0995\", \"CVE-2008-0996\", \"CVE-2008-0997\", \"CVE-2008-0998\", \"CVE-2008-0999\",\n \"CVE-2008-1000\");\n script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838,\n 26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307,\n 28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357,\n 28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372,\n 28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)\");\n script_summary(english:\"Check for the presence of Security Update 2008-002\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have the security update 2008-002 applied. \n\nThis update contains several security fixes for a number of programs.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=307562\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/advisories/14242\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2008-002 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/08/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/06/02\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0);\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\nelse if (egrep(pattern:\"Darwin.* (9\\.[0-2]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2008\\.002\\.bom\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T13:21:28", "description": "Sol Jerome discovered that the Kerberos kadmind service did not correctly \nfree memory. An unauthenticated remote attacker could send specially \ncrafted traffic to crash the kadmind process, leading to a denial of \nservice. (CVE-2010-0629)\n\nIt was discovered that Kerberos did not correctly free memory in \nthe GSSAPI library. If a remote attacker were able to manipulate an \napplication using GSSAPI carefully, the service could crash, leading to \na denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, \nCVE-2007-5971)\n\nIt was discovered that Kerberos did not correctly free memory in the \nGSSAPI and kdb libraries. If a remote attacker were able to manipulate \nan application using these libraries carefully, the service could crash, \nleading to a denial of service. (Only Ubuntu 8.04 LTS was affected.) \n(CVE-2007-5902, CVE-2007-5972)\n", "cvss3": {}, "published": "2010-04-07T00:00:00", "type": "ubuntu", "title": "Kerberos vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5971", "CVE-2007-5972", "CVE-2010-0629", "CVE-2007-5901", "CVE-2007-5902"], "modified": "2010-04-07T00:00:00", "id": "USN-924-1", "href": "https://ubuntu.com/security/notices/USN-924-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2008-03-21T22:21:37", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: krb5-1.6.2-14.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2008-03-21T22:21:37", "id": "FEDORA:M2LMPMY8021560", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LGKJSX5PUSJ6EA3BWOLYJIE6JDEFKUIP/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2008-03-21T22:18:10", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: krb5-1.6.1-9.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2798", "CVE-2007-3999", "CVE-2007-4000", "CVE-2007-4743", "CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2008-03-21T22:18:10", "id": "FEDORA:M2LMMNJ4021372", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QJ6LTNU6X325WAKKYRDQYA7MM3IBW6EZ/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:42:25", "description": "Kerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\r\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\r\nAn unauthenticated remote attacker could use this flaw to crash the\r\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\r\narbitrary code using malformed or truncated Kerberos v4 protocol requests.\r\n(CVE-2008-0062, CVE-2008-0063)\r\n\r\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\r\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\r\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\r\n(without the quotes) to the \"[kdcdefaults]\" section of\r\n/var/kerberos/krb5kdc/kdc.conf.\r\n\r\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library as\r\nused by MIT Kerberos kadmind server. An unauthenticated remote attacker\r\ncould use this flaw to crash kadmind or possibly execute arbitrary code.\r\nThis issue only affected systems with certain resource limits configured\r\nand did not affect systems using default resource limits used by Red Hat\r\nEnterprise Linux 5. (CVE-2008-0947)\r\n\r\nRed Hat would like to thank MIT for reporting these issues.\r\n\r\nMultiple memory management flaws were discovered in the GSSAPI library used\r\nby MIT Kerberos. These flaws could possibly result in use of already freed\r\nmemory or an attempt to free already freed memory blocks (double-free\r\nflaw), possibly causing a crash or arbitrary code execution.\r\n(CVE-2007-5901, CVE-2007-5971)\r\n\r\nIn addition to the security issues resolved above, the following bugs were\r\nalso fixed:\r\n\r\n* delegated krb5 credentials were not properly stored when SPNEGO was the\r\nunderlying mechanism during GSSAPI authentication. Consequently,\r\napplications attempting to copy delegated Kerberos 5 credentials into a\r\ncredential cache received an \"Invalid credential was supplied\" message\r\nrather than a copy of the delegated credentials. With this update, SPNEGO\r\ncredentials can be properly searched, allowing applications to copy\r\ndelegated credentials as expected.\r\n\r\n* applications can initiate context acceptance (via gss_accept_sec_context)\r\nwithout passing a ret_flags value that would indicate that credentials were\r\ndelegated. A delegated credential handle should have been returned in such\r\ninstances. This updated package adds a temp_ret_flag that stores the\r\ncredential status in the event no other ret_flags value is passed by an\r\napplication calling gss_accept_sec_context.\r\n\r\n* kpasswd did not fallback to TCP on receipt of certain errors, or when a\r\npacket was too big for UDP. This update corrects this.\r\n\r\n* when the libkrb5 password-routine generated a set-password or\r\nchange-password request, incorrect sequence numbers were generated for all\r\nrequests subsequent to the first request. This caused password change\r\nrequests to fail if the primary server was unavailable. This updated\r\npackage corrects this by saving the sequence number value after the AP-REQ\r\ndata is built and restoring this value before the request is generated.\r\n\r\n* when a user's password expired, kinit would not prompt that user to\r\nchange the password, instead simply informing the user their password had\r\nexpired. This update corrects this behavior: kinit now prompts for a new\r\npassword to be set when a password has expired.\r\n\r\nAll krb5 users are advised to upgrade to these updated packages, which\r\ncontain backported fixes to address these vulnerabilities and fix these\r\nbugs.", "cvss3": {}, "published": "2008-03-18T00:00:00", "type": "redhat", "title": "(RHSA-2008:0164) Critical: krb5 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2017-09-08T07:55:43", "id": "RHSA-2008:0164", "href": "https://access.redhat.com/errata/RHSA-2008:0164", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:15:33", "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. \n\n### Description\n\n * Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063).\n * Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947).\n * Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971).\n\n### Impact\n\nThe first two vulnerabilities can be exploited by a remote unauthenticated attacker to execute arbitrary code on the host running krb5kdc, compromise the Kerberos key database or cause a Denial of Service. These bugs can only be triggered when Kerberos 4 support is enabled. \n\nThe RPC related vulnerability can be exploited by a remote unauthenticated attacker to crash kadmind, and theoretically execute arbitrary code with root privileges or cause database corruption. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. \n\nThe GSSAPI vulnerabilities could be exploited by a remote attacker to cause Denial of Service conditions or possibly execute arbitrary code. \n\n### Workaround\n\nKerberos 4 support can be disabled via disabling the \"krb4\" USE flag and recompiling the ebuild, or setting \"v4_mode=none\" in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities. \n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.6.3-r1\"", "cvss3": {}, "published": "2008-03-24T00:00:00", "type": "gentoo", "title": "MIT Kerberos 5: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5894", "CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2008-03-24T00:00:00", "id": "GLSA-200803-31", "href": "https://security.gentoo.org/glsa/200803-31", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2007-5901
