ID CVE-2014-9421 Type cve Reporter NVD Modified 2017-01-02T21:59:24
Description
The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.
{"title": "CVE-2014-9421", "reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "published": "2015-02-19T06:59:05", "cvelist": ["CVE-2014-9421"], "viewCount": 11, "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9421", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "7c7ef8c166436db86753353fc3979519", "key": "cpe"}, {"hash": "3da6148ad6f05fecc9200dd1bff42030", "key": "cvelist"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "20d5460682b7aea0d3a5d06a245e2d4e", "key": "description"}, {"hash": "d55fd815aab32d60e54ce3b7bb0167e2", "key": "href"}, {"hash": "004cb656d31e162e2dd19f2e4cb5d12d", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "29dd9d728b9e44d6beea804f48a3ac5b", "key": "published"}, {"hash": "41c81b373fbb4c382d69f70be4d5041a", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "a45e50e960ce1d5ffef6aa1335ba029e", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2015-02-19T06:59:05", "cvelist": ["CVE-2014-9421"], "title": "CVE-2014-9421", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9421", "bulletinFamily": "NVD", "id": "CVE-2014-9421", "history": [], "scanner": [], "cpe": ["cpe:/a:mit:kerberos:5-1.11.1", "cpe:/a:mit:kerberos:5-1.12.2", "cpe:/a:mit:kerberos:5-1.11.3", "cpe:/a:mit:kerberos:5-1.11.4", "cpe:/a:mit:kerberos:5-1.11.2", "cpe:/a:mit:kerberos:5-1.11.5", "cpe:/a:mit:kerberos:5-1.12.1", "cpe:/a:mit:kerberos:5-1.12", "cpe:/a:mit:kerberos:5-1.13", "cpe:/a:mit:kerberos:5-1.11"], "modified": "2015-04-13T21:59:58", "hash": "be87743632510100f3f8403ce450099147761a44a84a0cdfab57d9de9d28887d", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 1, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["http://rhn.redhat.com/errata/RHSA-2015-0794.html", "http://rhn.redhat.com/errata/RHSA-2015-0439.html", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", "http://www.debian.org/security/2015/dsa-3153", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html", "http://www.ubuntu.com/usn/USN-2498-1", "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt", "https://github.com/krb5/krb5/commit/a197e92349a4aa2141b5dff12e9dd44c2a2166e3", "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "7c7ef8c166436db86753353fc3979519", "key": "cpe"}, {"hash": "a45e50e960ce1d5ffef6aa1335ba029e", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "29dd9d728b9e44d6beea804f48a3ac5b", "key": "published"}, {"hash": "1d9965e5c5db56daa90bd84bff1a5755", "key": "modified"}, {"hash": "0455ea7c78c2d61d14a7a0a360ebb9c8", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "3da6148ad6f05fecc9200dd1bff42030", "key": "cvelist"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "d55fd815aab32d60e54ce3b7bb0167e2", "key": "href"}, {"hash": "20d5460682b7aea0d3a5d06a245e2d4e", "key": "description"}], "lastseen": "2016-09-03T21:38:22", "description": "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T21:38:22"}], "scanner": [], "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "modified": "2017-01-02T21:59:24", "hash": "0a7556d5124b3c1d92c1a2fbb9f66384d7d75d6b793746f5a804cccdc6a73478", "cpe": ["cpe:/a:mit:kerberos:5-1.11.1", "cpe:/a:mit:kerberos:5-1.12.2", "cpe:/a:mit:kerberos:5-1.11.3", "cpe:/a:mit:kerberos:5-1.11.4", "cpe:/a:mit:kerberos:5-1.11.2", "cpe:/a:mit:kerberos:5-1.11.5", "cpe:/a:mit:kerberos:5-1.12.1", "cpe:/a:mit:kerberos:5-1.12", "cpe:/a:mit:kerberos:5-1.13", "cpe:/a:mit:kerberos:5-1.11"], "edition": 2, "description": "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", "references": ["http://rhn.redhat.com/errata/RHSA-2015-0794.html", "http://rhn.redhat.com/errata/RHSA-2015-0439.html", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", "http://www.debian.org/security/2015/dsa-3153", "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html", "http://www.ubuntu.com/usn/USN-2498-1", "http://www.securityfocus.com/bid/72496", "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt", "https://github.com/krb5/krb5/commit/a197e92349a4aa2141b5dff12e9dd44c2a2166e3", "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"], "id": "CVE-2014-9421", "lastseen": "2017-04-18T15:55:35", "assessment": {"name": "", "href": "", "system": ""}}
{"f5": [{"lastseen": "2016-09-26T17:22:55", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "reporter": "f5", "published": "2015-04-15T00:00:00", "title": "SOL16443 - MIT Kerberos 5 vulnerabilities CVE-2014-9421 and CVE-2014-5352", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ARX", "version": "6.4.0", "operator": "le"}], "cvelist": ["CVE-2014-5352", "CVE-2014-9421"], "modified": "2016-07-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16443.html", "id": "SOL16443", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:12", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 476378 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| High| Kerberos 5 library \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.4.0 - 2.5.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None \nBIG-IP Edge Clients for Android| None| 2.0.0 - 2.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Apple iOS| None| 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Linux| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for MAC OS X| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for Windows| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients Windows Phone 8.1| None| 1.0.0.x| Not vulnerable| None \nBIG-IP Edge Portal for Android| None| 1.0.0 - 1.0.2| Not vulnerable| None \nBIG-IP Edge Portal for Apple iOS| None| 1.0.0 - 1.0.3| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity** value. Security Advisory articles published before this date do not list a **Severity** value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "reporter": "f5", "published": "2015-04-15T20:13:00", "title": "MIT Kerberos 5 vulnerabilities CVE-2014-9421 and CVE-2014-5352", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-5352", "CVE-2014-9421"], "modified": "2017-03-14T00:02:00", "href": "https://support.f5.com/csp/article/K16443", "id": "F5:K16443", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:04", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0794.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-devel-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-devel-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-server-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-pkinit-openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-devel-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-server-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-server", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-server-ldap", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-libs-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-libs-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-1.10.3-37.el6_6.src.rpm", "packageName": "krb5", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-workstation-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-workstation", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-workstation-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-workstation", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-pkinit-openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-server-ldap", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-server-ldap", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "packageFilename": "krb5-libs-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-libs", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0794\n\n\nKerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC.\n\nThe following security issues are fixed with this release:\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make\nan application using the GSS-API library (libgssapi) could call the\ngss_process_context_token() function and use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker who has the permissions to set the password policy\ncould crash kadmind by attempting to use a named ticket policy object as a\npassword policy for a principal. (CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not\ncorrectly sanitize input, and could create invalid krb5_data objects.\nA remote, unauthenticated attacker could use this flaw to crash a Kerberos\nchild process via a specially crafted request. (CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could use\nthis flaw to crash the MIT Kerberos administration server (kadmind), or\nother applications using Kerberos libraries, via specially crafted XDR\npackets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as \"kad/x\") could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as that\nuser. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project\nacknowledges Nico Williams for assisting with the analysis of\nCVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021058.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-pkinit-openssl\nkrb5-server\nkrb5-server-ldap\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0794.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-04-09T11:47:52", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "krb5 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2015-04-09T11:47:52", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021058.html", "id": "CESA-2015:0794", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:27", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0439.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "packageFilename": "krb5-workstation-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-workstation", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "packageFilename": "krb5-libs-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "packageFilename": "krb5-pkinit-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-pkinit", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "packageFilename": "krb5-server-ldap-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-server-ldap", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "packageFilename": "krb5-server-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "packageFilename": "krb5-libs-1.12.2-14.el7.i686.rpm", "packageName": "krb5-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "packageFilename": "krb5-devel-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "packageFilename": "krb5-devel-1.12.2-14.el7.i686.rpm", "packageName": "krb5-devel", "arch": "i686", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0439\n\n\nA NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor\nfor continuation tokens. A remote, unauthenticated attacker could use this flaw\nto crash a GSSAPI-enabled server application. (CVE-2014-4344)\n\nA buffer overflow was found in the KADM5 administration server (kadmind) when it\nwas used with an LDAP back end for the KDC database. A remote, authenticated\nattacker could potentially use this flaw to execute arbitrary code on the system\nrunning kadmind. (CVE-2014-4345)\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make an\napplication using the GSS-API library (libgssapi) call the\ngss_process_context_token() function could use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker with the permissions to set the password policy could\ncrash kadmind by attempting to use a named ticket policy object as a password\npolicy for a principal. (CVE-2014-5353)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External\nData Representation (XDR) data. An authenticated user could use this flaw to\ncrash the MIT Kerberos administration server (kadmind), or other applications\nusing Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly\naccepted certain authentication requests for two-component server principal\nnames. A remote attacker able to acquire a key with a particularly named\nprincipal (such as \"kad/x\") could use this flaw to impersonate any user to\nkadmind, and perform administrative actions as that user. (CVE-2014-9422)\n\nAn information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS\nimplementation (libgssrpc) handled certain requests. An attacker could send a\nspecially crafted request to an application using libgssrpc to disclose a\nlimited portion of uninitialized memory used by that application.\n(CVE-2014-9423)\n\nTwo buffer over-read flaws were found in the way MIT Kerberos handled certain\nrequests. A remote, unauthenticated attacker able to inject packets into a\nclient or server application's GSSAPI session could use either of these flaws to\ncrash the application. (CVE-2014-4341, CVE-2014-4342)\n\nA double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker\nable to spoof packets to appear as though they are from an GSSAPI acceptor could\nuse this flaw to crash a client application that uses MIT Kerberos.\n(CVE-2014-4343)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT\nKerberos project acknowledges Nico Williams for helping with the analysis of\nCVE-2014-5352.\n\nThe krb5 packages have been upgraded to upstream version 1.12, which provides a\nnumber of bug fixes and enhancements, including:\n\n* Added plug-in interfaces for principal-to-username mapping and verifying\nauthorization to user accounts.\n\n* When communicating with a KDC over a connected TCP or HTTPS socket, the client\ngives the KDC more time to reply before it transmits the request to another\nserver. (BZ#1049709, BZ#1127995)\n\nThis update also fixes multiple bugs, for example:\n\n* The Kerberos client library did not recognize certain exit statuses that the\nresolver libraries could return when looking up the addresses of servers\nconfigured in the /etc/krb5.conf file or locating Kerberos servers using DNS\nservice location. The library could treat non-fatal return codes as fatal\nerrors. Now, the library interprets the specific return codes correctly.\n(BZ#1084068, BZ#1109102)\n\nIn addition, this update adds various enhancements. Among others:\n\n* Added support for contacting KDCs and kpasswd servers through HTTPS proxies\nimplementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/001610.html\n\n**Affected packages:**\nkrb5-devel\nkrb5-libs\nkrb5-pkinit\nkrb5-server\nkrb5-server-ldap\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0439.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-03-17T13:28:30", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "krb5 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-4342", "CVE-2014-5352", "CVE-2014-4343", "CVE-2014-5353", "CVE-2014-4344", "CVE-2014-9421", "CVE-2014-4345", "CVE-2014-4341", "CVE-2014-9423"], "modified": "2015-03-17T13:28:30", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/001610.html", "id": "CESA-2015:0439", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:38:54", "references": ["http://www.nessus.org/u?11da79ae", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"], "pluginID": "81175", "description": "SO-AND-SO reports :\n\nCVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after gss_process_context_token() is used to process a valid context deletion token, the caller is left with a security context handle containing a dangling pointer. Further uses of this handle will result in use-after-free and double-free memory access violations. libgssrpc server applications such as kadmind are vulnerable as they can be instructed to call gss_process_context_token().\n\nCVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR data from an authenticated user, it may perform use-after-free and double-free memory access violations while cleaning up the partial deserialization results. Other libgssrpc server applications may also be vulnerable if they contain insufficiently defensive XDR functions.\n\nCVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepts authentications to two-component server principals whose first component is a left substring of 'kadmin' or whose realm is a left prefix of the default realm.\n\nCVE-2014-9423: libgssrpc applications including kadmind output four or eight bytes of uninitialized memory to the network as part of an unused 'handle' field in replies to clients.", "edition": 4, "reporter": "Tenable", "published": "2015-02-05T00:00:00", "title": "FreeBSD : krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 (24ce5597-acab-11e4-a847-206a8a720317)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-05-31T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:krb5", "p-cpe:/a:freebsd:freebsd:krb5-111", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:krb5-112"], "id": "FREEBSD_PKG_24CE5597ACAB11E4A847206A8A720317.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81175", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2015 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81175);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/05/31 04:37:06 $\");\n\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n\n script_name(english:\"FreeBSD : krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 (24ce5597-acab-11e4-a847-206a8a720317)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SO-AND-SO reports :\n\nCVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after\ngss_process_context_token() is used to process a valid context\ndeletion token, the caller is left with a security context handle\ncontaining a dangling pointer. Further uses of this handle will result\nin use-after-free and double-free memory access violations. libgssrpc\nserver applications such as kadmind are vulnerable as they can be\ninstructed to call gss_process_context_token().\n\nCVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR\ndata from an authenticated user, it may perform use-after-free and\ndouble-free memory access violations while cleaning up the partial\ndeserialization results. Other libgssrpc server applications may also\nbe vulnerable if they contain insufficiently defensive XDR functions.\n\nCVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepts\nauthentications to two-component server principals whose first\ncomponent is a left substring of 'kadmin' or whose realm is a left\nprefix of the default realm.\n\nCVE-2014-9423: libgssrpc applications including kadmind output four or\neight bytes of uninitialized memory to the network as part of an\nunused 'handle' field in replies to clients.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt\"\n );\n # http://www.freebsd.org/ports/portaudit/24ce5597-acab-11e4-a847-206a8a720317.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11da79ae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:krb5-111\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:krb5-112\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"krb5<1.13_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"krb5-112<1.12.2_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"krb5-111<1.11.5_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:39", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-April/004988.html"], "pluginID": "82689", "description": "From Red Hat Security Advisory 2015:0794 :\n\nUpdated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC.\n\nThe following security issues are fixed with this release :\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project acknowledges Nico Williams for assisting with the analysis of CVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 5, "reporter": "Tenable", "published": "2015-04-10T00:00:00", "title": "Oracle Linux 6 : krb5 (ELSA-2015-0794)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-pkinit-openssl", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation"], "id": "ORACLELINUX_ELSA-2015-0794.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82689", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0794 and \n# Oracle Linux Security Advisory ELSA-2015-0794 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82689);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-5353\", \"CVE-2014-5355\", \"CVE-2014-9421\", \"CVE-2014-9422\");\n script_bugtraq_id(71679, 72494, 72495, 72496);\n script_xref(name:\"RHSA\", value:\"2015:0794\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2015-0794)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0794 :\n\nUpdated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC.\n\nThe following security issues are fixed with this release :\n\nA use-after-free flaw was found in the way the MIT Kerberos\nlibgssapi_krb5 library processed valid context deletion tokens. An\nattacker able to make an application using the GSS-API library\n(libgssapi) could call the gss_process_context_token() function and\nuse this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a\nremote, authenticated attacker who has the permissions to set the\npassword policy could crash kadmind by attempting to use a named\nticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did\nnot correctly sanitize input, and could create invalid krb5_data\nobjects. A remote, unauthenticated attacker could use this flaw to\ncrash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could\nuse this flaw to crash the MIT Kerberos administration server\n(kadmind), or other applications using Kerberos libraries, via\nspecially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as 'kad/x') could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as\nthat user. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos\nproject acknowledges Nico Williams for assisting with the analysis of\nCVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-April/004988.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.10.3-37.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:05", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=897874", "https://bugzilla.opensuse.org/show_bug.cgi?id=898439", "https://bugzilla.opensuse.org/show_bug.cgi?id=912002"], "pluginID": "81304", "description": "krb5 was updated to fix five security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-5351: current keys returned when randomizing the keys for a service principal (bnc#897874) \n\n - CVE-2014-5352: An authenticated attacker could cause a vulnerable application (including kadmind) to crash or to execute arbitrary code (bnc#912002).\n\n - CVE-2014-9421: An authenticated attacker could cause kadmind or other vulnerable server application to crash or to execute arbitrary code (bnc#912002).\n\n - CVE-2014-9422: An attacker who possess the key of a particularly named principal (such as 'kad/root') could impersonate any user to kadmind and perform administrative actions as that user (bnc#912002).\n\n - CVE-2014-9423: An attacker could attempt to glean sensitive information from the four or eight bytes of uninitialized data output by kadmind or other libgssrpc server application. Because MIT krb5 generally sanitizes memory containing krb5 keys before freeing it, it is unlikely that kadmind would leak Kerberos key information, but it is not impossible (bnc#912002).\n\nThis non-security issue was fixed :\n\n - Work around replay cache creation race (bnc#898439).", "edition": 4, "reporter": "Tenable", "published": "2015-02-12T00:00:00", "title": "openSUSE Security Update : krb5 (openSUSE-2015-128)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-05-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5-debuginfo", "p-cpe:/a:novell:opensuse:krb5-mini-debuginfo", "p-cpe:/a:novell:opensuse:krb5-server-debuginfo", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:opensuse:krb5-debugsource", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-server", "p-cpe:/a:novell:opensuse:krb5-client", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit-debuginfo", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:krb5-client-debuginfo", "p-cpe:/a:novell:opensuse:krb5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp-debuginfo", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5-mini", "p-cpe:/a:novell:opensuse:krb5-mini-debugsource", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp", "p-cpe:/a:novell:opensuse:krb5-mini-devel", "p-cpe:/a:novell:opensuse:krb5"], "id": "OPENSUSE-2015-128.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81304);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/05/31 04:37:06 $\");\n\n script_cve_id(\"CVE-2014-5351\", \"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n\n script_name(english:\"openSUSE Security Update : krb5 (openSUSE-2015-128)\");\n script_summary(english:\"Check for the openSUSE-2015-128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"krb5 was updated to fix five security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-5351: current keys returned when randomizing\n the keys for a service principal (bnc#897874) \n\n - CVE-2014-5352: An authenticated attacker could cause a\n vulnerable application (including kadmind) to crash or\n to execute arbitrary code (bnc#912002).\n\n - CVE-2014-9421: An authenticated attacker could cause\n kadmind or other vulnerable server application to crash\n or to execute arbitrary code (bnc#912002).\n\n - CVE-2014-9422: An attacker who possess the key of a\n particularly named principal (such as 'kad/root') could\n impersonate any user to kadmind and perform\n administrative actions as that user (bnc#912002).\n\n - CVE-2014-9423: An attacker could attempt to glean\n sensitive information from the four or eight bytes of\n uninitialized data output by kadmind or other libgssrpc\n server application. Because MIT krb5 generally sanitizes\n memory containing krb5 keys before freeing it, it is\n unlikely that kadmind would leak Kerberos key\n information, but it is not impossible (bnc#912002).\n\nThis non-security issue was fixed :\n\n - Work around replay cache creation race (bnc#898439).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=897874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912002\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-client-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-client-debuginfo-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-debuginfo-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-debugsource-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-devel-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-mini-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-mini-debuginfo-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-mini-debugsource-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-mini-devel-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-plugin-kdb-ldap-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-plugin-kdb-ldap-debuginfo-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-plugin-preauth-otp-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-plugin-preauth-otp-debuginfo-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-plugin-preauth-pkinit-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-plugin-preauth-pkinit-debuginfo-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-server-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"krb5-server-debuginfo-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"krb5-32bit-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"krb5-debuginfo-32bit-1.12.2-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.12.2-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-mini / krb5-mini-debuginfo / krb5-mini-debugsource / etc\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:08", "references": ["http://www.nessus.org/u?26862e4f"], "pluginID": "82694", "description": "The following security issues are fixed with this release :\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)", "edition": 4, "reporter": "Tenable", "published": "2015-04-10T00:00:00", "title": "Scientific Linux Security Update : krb5 on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2016-08-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150409_KRB5_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82694);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/08/02 13:41:58 $\");\n\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-5353\", \"CVE-2014-5355\", \"CVE-2014-9421\", \"CVE-2014-9422\");\n\n script_name(english:\"Scientific Linux Security Update : krb5 on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues are fixed with this release :\n\nA use-after-free flaw was found in the way the MIT Kerberos\nlibgssapi_krb5 library processed valid context deletion tokens. An\nattacker able to make an application using the GSS-API library\n(libgssapi) could call the gss_process_context_token() function and\nuse this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a\nremote, authenticated attacker who has the permissions to set the\npassword policy could crash kadmind by attempting to use a named\nticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did\nnot correctly sanitize input, and could create invalid krb5_data\nobjects. A remote, unauthenticated attacker could use this flaw to\ncrash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could\nuse this flaw to crash the MIT Kerberos administration server\n(kadmind), or other applications using Kerberos libraries, via\nspecially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as 'kad/x') could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as\nthat user. (CVE-2014-9422)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1504&L=scientific-linux-errata&T=0&P=727\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26862e4f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"krb5-debuginfo-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-devel-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-libs-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-pkinit-openssl-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-server-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-server-ldap-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-workstation-1.10.3-37.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:19", "references": [], "pluginID": "82322", "description": "Multiple vulnerabilities has been discovered and corrected in krb5 :\n\nThe krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind (CVE-2014-5352).\n\nMIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c (CVE-2014-5355).\n\nThe auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind (CVE-2014-9421).\n\nThe check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial kadmind substring, as demonstrated by a ka/x principal (CVE-2014-9422).\n\nThe svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field (CVE-2014-9423).\n\nThe updated packages provides a solution for these security issues.", "edition": 5, "reporter": "Tenable", "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2015:069)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:krb5-pkinit-openssl", "p-cpe:/a:mandriva:linux:krb5-server", "cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:krb5-server-ldap", "p-cpe:/a:mandriva:linux:krb5", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:lib64krb53"], "id": "MANDRIVA_MDVSA-2015-069.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82322", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:069. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82322);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-5355\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n script_xref(name:\"MDVSA\", value:\"2015:069\");\n\n script_name(english:\"Mandriva Linux Security Advisory : krb5 (MDVSA-2015:069)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in krb5 :\n\nThe krb5_gss_process_context_token function in\nlib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library\nin MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2,\nand 1.13.x before 1.13.1 does not properly maintain security-context\nhandles, which allows remote authenticated users to cause a denial of\nservice (use-after-free and double free, and daemon crash) or possibly\nexecute arbitrary code via crafted GSSAPI traffic, as demonstrated by\ntraffic to kadmind (CVE-2014-5352).\n\nMIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a\nkrb5_read_message data field is represented as a string ending with a\n'\\0' character, which allows remote attackers to (1) cause a denial of\nservice (NULL pointer dereference) via a zero-byte version string or\n(2) cause a denial of service (out-of-bounds read) by omitting the\n'\\0' character, related to appl/user_user/server.c and\nlib/krb5/krb/recvauth.c (CVE-2014-5355).\n\nThe auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in\nMIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and\n1.13.x before 1.13.1 does not properly handle partial XDR\ndeserialization, which allows remote authenticated users to cause a\ndenial of service (use-after-free and double free, and daemon crash)\nor possibly execute arbitrary code via malformed XDR data, as\ndemonstrated by data sent to kadmind (CVE-2014-9421).\n\nThe check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in\nkadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through\n1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to\nbypass a kadmin/* authorization check and obtain administrative access\nby leveraging access to a two-component principal with an initial\nkadmind substring, as demonstrated by a ka/x principal\n(CVE-2014-9422).\n\nThe svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c\nin MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through\n1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer\ndata to clients, which allows remote attackers to obtain sensitive\ninformation from process heap memory by sniffing the network for data\nin a handle field (CVE-2014-9423).\n\nThe updated packages provides a solution for these security issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-1.9.2-3.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-pkinit-openssl-1.9.2-3.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-server-1.9.2-3.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-server-ldap-1.9.2-3.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-workstation-1.9.2-3.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64krb53-1.9.2-3.9.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.9.2-3.9.mbs1\")) flag++;\n\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"krb5-1.12.2-5.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"krb5-pkinit-openssl-1.12.2-5.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"krb5-server-1.12.2-5.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"krb5-server-ldap-1.12.2-5.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"krb5-workstation-1.12.2-5.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64krb53-1.12.2-5.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.12.2-5.2.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:46", "references": ["http://www.nessus.org/u?e6d31ffc", "https://bugzilla.redhat.com/show_bug.cgi?id=1179857", "https://bugzilla.redhat.com/show_bug.cgi?id=1179861", "https://bugzilla.redhat.com/show_bug.cgi?id=1179856", "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", "https://bugzilla.redhat.com/show_bug.cgi?id=1179863"], "pluginID": "81705", "description": "Security fix for CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 Security fix for CVE-2014-5351\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-03-10T00:00:00", "title": "Fedora 20 : krb5-1.11.5-18.fc20 (2015-2382)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:krb5"], "id": "FEDORA_2015-2382.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81705", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2382.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81705);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:17 $\");\n\n script_cve_id(\"CVE-2014-5351\", \"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n script_bugtraq_id(70380, 72494, 72495, 72496, 72503);\n script_xref(name:\"FEDORA\", value:\"2015-2382\");\n\n script_name(english:\"Fedora 20 : krb5-1.11.5-18.fc20 (2015-2382)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-5352, CVE-2014-9421, CVE-2014-9422,\nCVE-2014-9423 Security fix for CVE-2014-5351\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1145425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179863\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6d31ffc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"krb5-1.11.5-18.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:37:24", "references": ["http://www.nessus.org/u?61688492"], "pluginID": "82692", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - fix for CVE-2014-5355 (#1193939) 'krb5: unauthenticated denial of service in recvauth_common and others'\n\n - fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy name crash'\n\n - Changelog fixes to make errata subsystem happy.\n\n - fix for CVE-2014-5352 (#1179856) 'gss_process_context_token incorrectly frees context (MITKRB5-SA-2015-001)'\n\n - fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)'\n\n - fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)'", "edition": 7, "reporter": "Tenable", "published": "2015-04-10T00:00:00", "title": "OracleVM 3.3 : krb5 (OVMSA-2015-0054)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:krb5-libs"], "id": "ORACLEVM_OVMSA-2015-0054.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0054.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82692);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-5353\", \"CVE-2014-5355\", \"CVE-2014-9421\", \"CVE-2014-9422\");\n script_bugtraq_id(71679, 72494, 72495, 72496, 74042);\n\n script_name(english:\"OracleVM 3.3 : krb5 (OVMSA-2015-0054)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix for CVE-2014-5355 (#1193939) 'krb5: unauthenticated\n denial of service in recvauth_common and others'\n\n - fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused\n policy name crash'\n\n - Changelog fixes to make errata subsystem happy.\n\n - fix for CVE-2014-5352 (#1179856)\n 'gss_process_context_token incorrectly frees context\n (MITKRB5-SA-2015-001)'\n\n - fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees\n partial deserialization results (MITKRB5-SA-2015-001)'\n\n - fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly\n validates server principal name (MITKRB5-SA-2015-001)'\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-April/000295.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61688492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected krb5-libs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"krb5-libs-1.10.3-37.el6_6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-libs\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:54", "references": ["https://security-tracker.debian.org/tracker/CVE-2014-9421", "http://www.debian.org/security/2015/dsa-3153", "https://security-tracker.debian.org/tracker/CVE-2014-5352", "https://security-tracker.debian.org/tracker/CVE-2014-9422", "https://packages.debian.org/source/wheezy/krb5", "https://security-tracker.debian.org/tracker/CVE-2014-9423"], "pluginID": "81150", "description": "Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos :\n\n - CVE-2014-5352 Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code.\n\n - CVE-2014-9421 Incorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code.\n\n - CVE-2014-9422 Incorrect processing of two-component server principals might result in impersonation attacks.\n\n - CVE-2014-9423 An information leak in the libgssrpc library.", "edition": 5, "reporter": "Tenable", "published": "2015-02-04T00:00:00", "title": "Debian DSA-3153-1 : krb5 - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2018-07-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:krb5", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3153.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3153. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81150);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/09 14:30:26\");\n\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n script_xref(name:\"DSA\", value:\"3153\");\n\n script_name(english:\"Debian DSA-3153-1 : krb5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been found in krb5, the MIT\nimplementation of Kerberos :\n\n - CVE-2014-5352\n Incorrect memory management in the libgssapi_krb5\n library might result in denial of service or the\n execution of arbitrary code.\n\n - CVE-2014-9421\n Incorrect memory management in kadmind's processing of\n XDR data might result in denial of service or the\n execution of arbitrary code.\n\n - CVE-2014-9422\n Incorrect processing of two-component server principals\n might result in impersonation attacks.\n\n - CVE-2014-9423\n An information leak in the libgssrpc library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/krb5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3153\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the krb5 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.10.1+dfsg-5+deb7u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"krb5-admin-server\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"krb5-doc\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"krb5-gss-samples\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"krb5-kdc\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"krb5-kdc-ldap\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"krb5-locales\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"krb5-multidev\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"krb5-pkinit\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"krb5-user\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgssapi-krb5-2\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgssrpc4\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libk5crypto3\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkadm5clnt-mit8\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkadm5srv-mit8\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdb5-6\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkrb5-3\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkrb5-dbg\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkrb5-dev\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkrb5support0\", reference:\"1.10.1+dfsg-5+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:07:50", "references": ["http://www.nessus.org/u?0342d8c1"], "pluginID": "82667", "description": "Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC.\n\nThe following security issues are fixed with this release :\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project acknowledges Nico Williams for assisting with the analysis of CVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 5, "reporter": "Tenable", "published": "2015-04-10T00:00:00", "title": "CentOS 6 : krb5 (CESA-2015:0794)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2018-07-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-workstation", "p-cpe:/a:centos:centos:krb5-devel", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-libs", "p-cpe:/a:centos:centos:krb5-pkinit-openssl", "p-cpe:/a:centos:centos:krb5-server-ldap"], "id": "CENTOS_RHSA-2015-0794.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82667", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0794 and \n# CentOS Errata and Security Advisory 2015:0794 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82667);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-5353\", \"CVE-2014-5355\", \"CVE-2014-9421\", \"CVE-2014-9422\");\n script_bugtraq_id(71679, 72494, 72495, 72496);\n script_xref(name:\"RHSA\", value:\"2015:0794\");\n\n script_name(english:\"CentOS 6 : krb5 (CESA-2015:0794)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC.\n\nThe following security issues are fixed with this release :\n\nA use-after-free flaw was found in the way the MIT Kerberos\nlibgssapi_krb5 library processed valid context deletion tokens. An\nattacker able to make an application using the GSS-API library\n(libgssapi) could call the gss_process_context_token() function and\nuse this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a\nremote, authenticated attacker who has the permissions to set the\npassword policy could crash kadmind by attempting to use a named\nticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did\nnot correctly sanitize input, and could create invalid krb5_data\nobjects. A remote, unauthenticated attacker could use this flaw to\ncrash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could\nuse this flaw to crash the MIT Kerberos administration server\n(kadmind), or other applications using Kerberos libraries, via\nspecially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as 'kad/x') could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as\nthat user. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos\nproject acknowledges Nico Williams for assisting with the analysis of\nCVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-April/021058.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0342d8c1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-devel-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-libs-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-pkinit-openssl-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-server-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-server-ldap-1.10.3-37.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-workstation-1.10.3-37.el6_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:20", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1179857", "https://bugzilla.redhat.com/show_bug.cgi?id=1179861", "https://bugzilla.redhat.com/show_bug.cgi?id=1179856", "http://www.nessus.org/u?93fb540e", "https://bugzilla.redhat.com/show_bug.cgi?id=1179863"], "pluginID": "81796", "description": "Security fix for CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-03-13T00:00:00", "title": "Fedora 21 : krb5-1.12.2-14.fc21 (2015-2347)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:krb5"], "id": "FEDORA_2015-2347.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81796", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2347.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81796);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:17 $\");\n\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n script_bugtraq_id(72494, 72495, 72496, 72503);\n script_xref(name:\"FEDORA\", value:\"2015-2347\");\n\n script_name(english:\"Fedora 21 : krb5-1.12.2-14.fc21 (2015-2347)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-5352, CVE-2014-9421, CVE-2014-9422,\nCVE-2014-9423\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1179863\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93fb540e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"krb5-1.12.2-14.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:52:22", "references": ["https://www.redhat.com/archives/rhsa-announce/2015-April/msg00013.html", "2015:0794-01"], "pluginID": "1361412562310871351", "description": "Check the version of krb5", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-10T00:00:00", "title": "RedHat Update for krb5 RHSA-2015:0794-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871351", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for krb5 RHSA-2015:0794-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871351\");\n script_version(\"$Revision: 6689 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-10 07:10:58 +0200 (Fri, 10 Apr 2015)\");\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-5353\", \"CVE-2014-5355\", \"CVE-2014-9421\", \"CVE-2014-9422\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for krb5 RHSA-2015:0794-01\");\n script_tag(name: \"summary\", value: \"Check the version of krb5\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Kerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC.\n\nThe following security issues are fixed with this release:\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make\nan application using the GSS-API library (libgssapi) could call the\ngss_process_context_token() function and use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker who has the permissions to set the password policy\ncould crash kadmind by attempting to use a named ticket policy object as a\npassword policy for a principal. (CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not\ncorrectly sanitize input, and could create invalid krb5_data objects.\nA remote, unauthenticated attacker could use this flaw to crash a Kerberos\nchild process via a specially crafted request. (CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could use\nthis flaw to crash the MIT Kerberos administration server (kadmind), or\nother applications using Kerberos libraries, via specially crafted XDR\npackets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as 'kad/x') could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as that\nuser. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project\nacknowledges Nico Williams for assisting with the analysis of\nCVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\");\n script_tag(name: \"affected\", value: \"krb5 on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:0794-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-April/msg00013.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.10.3~37.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.10.3~37.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.10.3~37.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.10.3~37.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.10.3~37.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.10.3~37.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.10.3~37.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:02", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-April/021058.html", "2015:0794"], "pluginID": "1361412562310882160", "description": "Check the version of krb5-devel", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-10T00:00:00", "title": "CentOS Update for krb5-devel CESA-2015:0794 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882160", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882160", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2015:0794 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882160\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-5353\", \"CVE-2014-5355\", \"CVE-2014-9421\",\n \"CVE-2014-9422\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-10 07:11:41 +0200 (Fri, 10 Apr 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for krb5-devel CESA-2015:0794 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of krb5-devel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT\n and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Kerberos is a networked authentication system which\n allows clients and servers to authenticate to each other with the help of a trusted third\n party, the Kerberos KDC.\n\nThe following security issues are fixed with this release:\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make\nan application using the GSS-API library (libgssapi) could call the\ngss_process_context_token() function and use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker who has the permissions to set the password policy\ncould crash kadmind by attempting to use a named ticket policy object as a\npassword policy for a principal. (CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not\ncorrectly sanitize input, and could create invalid krb5_data objects.\nA remote, unauthenticated attacker could use this flaw to crash a Kerberos\nchild process via a specially crafted request. (CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could use\nthis flaw to crash the MIT Kerberos administration server (kadmind), or\nother applications using Kerberos libraries, via specially crafted XDR\npackets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as 'kad/x') could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as that\nuser. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project\nacknowledges Nico Williams for assisting with the analysis of\nCVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\");\n script_tag(name: \"affected\", value: \"krb5-devel on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0794\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-April/021058.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.10.3~37.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.10.3~37.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.10.3~37.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.10.3~37.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.10.3~37.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.10.3~37.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.10.3~37.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:52:55", "references": ["http://www.debian.org/security/2015/dsa-3153.html"], "pluginID": "703153", "description": "Multiple vulnerabilities have\nbeen found in krb5, the MIT implementation of Kerberos:\n\nCVE-2014-5352\nIncorrect memory management in the libgssapi_krb5 library might\nresult in denial of service or the execution of arbitrary code.\n\nCVE-2014-9421\nIncorrect memory management in kadmind", "edition": 2, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-02-03T00:00:00", "title": "Debian Security Advisory DSA 3153-1 (krb5 - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703153", "id": "OPENVAS:703153", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3153.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3153-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703153);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n script_name(\"Debian Security Advisory DSA 3153-1 (krb5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-02-03 00:00:00 +0100 (Tue, 03 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3153.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"krb5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Kerberos is a system for authenticating\nusers and services on a network. Kerberos is a trusted third-party service.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.10.1+dfsg-5+deb7u3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+dfsg-17.\n\nWe recommend that you upgrade your krb5 packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have\nbeen found in krb5, the MIT implementation of Kerberos:\n\nCVE-2014-5352\nIncorrect memory management in the libgssapi_krb5 library might\nresult in denial of service or the execution of arbitrary code.\n\nCVE-2014-9421\nIncorrect memory management in kadmind's processing of XDR data\nmight result in denial of service or the execution of arbitrary code.\n\nCVE-2014-9422\nIncorrect processing of two-component server principals might result\nin impersonation attacks.\n\nCVE-2014-9423\nAn information leak in the libgssrpc library.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-gss-samples\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-locales\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-multidev\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgssrpc4\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libk5crypto3\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit8\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm5srv-mit8\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkdb5-6\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-3\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5support0\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:27", "references": ["2015:0290_1"], "pluginID": "1361412562310850977", "description": "Check the version of krb5", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "title": "SuSE Update for krb5 SUSE-SU-2015:0290-1 (krb5)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310850977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850977", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0290_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for krb5 SUSE-SU-2015:0290-1 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850977\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 15:27:10 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-5351\", \"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for krb5 SUSE-SU-2015:0290-1 (krb5)\");\n script_tag(name: \"summary\", value: \"Check the version of krb5\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n MIT kerberos krb5 was updated to fix several security issues and bugs.\n\n Security issues fixed: CVE-2014-5351: The kadm5_randkey_principal_3\n function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5\n (aka krb5) sent old keys in a response to a -randkey -keepold request,\n which allowed remote authenticated users to forge tickets by leveraging\n administrative access.\n\n CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after\n gss_process_context_token() is used to process a valid context deletion\n token, the caller was left with a security context handle containing a\n dangling pointer. Further uses of this handle would have resulted in\n use-after-free and double-free memory access violations. libgssrpc server\n applications such as kadmind were vulnerable as they can be instructed to\n call gss_process_context_token().\n\n CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR data\n from an authenticated user, it may have performed use-after-free and\n double-free memory access violations while cleaning up the partial\n deserialization results. Other libgssrpc server applications might also\n been vulnerable if they contain insufficiently defensive XDR functions.\n\n CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted\n authentications to two-component server principals whose first component\n is a left substring of 'kadmin' or whose realm is a left prefix of the\n default realm.\n\n CVE-2014-9423: libgssrpc applications including kadmind output four or\n eight bytes of uninitialized memory to the network as part of an unused\n 'handle' field in replies to clients.\n\n Bugs fixed:\n - Work around replay cache creation race (bnc#898439).\");\n script_tag(name: \"affected\", value: \"krb5 on SUSE Linux Enterprise Server 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:0290_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-client-debuginfo\", rpm:\"krb5-client-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debugsource\", rpm:\"krb5-debugsource~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-doc\", rpm:\"krb5-doc~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-kdb-ldap\", rpm:\"krb5-plugin-kdb-ldap~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-kdb-ldap-debuginfo\", rpm:\"krb5-plugin-kdb-ldap-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-preauth-otp\", rpm:\"krb5-plugin-preauth-otp~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-preauth-otp-debuginfo\", rpm:\"krb5-plugin-preauth-otp-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-preauth-pkinit\", rpm:\"krb5-plugin-preauth-pkinit~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-preauth-pkinit-debuginfo\", rpm:\"krb5-plugin-preauth-pkinit-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-debuginfo\", rpm:\"krb5-server-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo-32bit\", rpm:\"krb5-debuginfo-32bit~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:00", "references": ["http://linux.oracle.com/errata/ELSA-2015-0794.html"], "pluginID": "1361412562310123137", "description": "Oracle Linux Local Security Checks ELSA-2015-0794", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-0794", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310123137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123137", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2015-0794.nasl 6560 2017-07-06 11:58:38Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123137\");\nscript_version(\"$Revision: 6560 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 13:59:49 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:58:38 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2015-0794\");\nscript_tag(name: \"insight\", value: \"ELSA-2015-0794 - krb5 security update - [1.10.3-37]- fix for CVE-2014-5355 (#1193939) 'krb5: unauthenticated denial of service in recvauth_common() and others'[1.10.3-36]- fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy name crash'[1.10.3-35]- Changelog fixes to make errata subsystem happy.[1.10.3-34]- fix for CVE-2014-5352 (#1179856) 'gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)'- fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)'- fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)'\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2015-0794\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2015-0794.html\");\nscript_cve_id(\"CVE-2014-5352\",\"CVE-2014-5353\",\"CVE-2014-9421\",\"CVE-2014-9422\",\"CVE-2014-5355\");\nscript_tag(name:\"cvss_base\", value:\"9.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.10.3~37.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.10.3~37.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.10.3~37.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.10.3~37.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.10.3~37.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.10.3~37.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:04", "references": ["http://www.debian.org/security/2015/dsa-3153.html"], "pluginID": "1361412562310703153", "description": "Multiple vulnerabilities have\nbeen found in krb5, the MIT implementation of Kerberos:\n\nCVE-2014-5352\nIncorrect memory management in the libgssapi_krb5 library might\nresult in denial of service or the execution of arbitrary code.\n\nCVE-2014-9421\nIncorrect memory management in kadmind", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-02-03T00:00:00", "title": "Debian Security Advisory DSA 3153-1 (krb5 - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703153", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3153.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3153-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703153\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n script_name(\"Debian Security Advisory DSA 3153-1 (krb5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-02-03 00:00:00 +0100 (Tue, 03 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3153.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"krb5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Kerberos is a system for authenticating\nusers and services on a network. Kerberos is a trusted third-party service.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.10.1+dfsg-5+deb7u3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+dfsg-17.\n\nWe recommend that you upgrade your krb5 packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have\nbeen found in krb5, the MIT implementation of Kerberos:\n\nCVE-2014-5352\nIncorrect memory management in the libgssapi_krb5 library might\nresult in denial of service or the execution of arbitrary code.\n\nCVE-2014-9421\nIncorrect memory management in kadmind's processing of XDR data\nmight result in denial of service or the execution of arbitrary code.\n\nCVE-2014-9422\nIncorrect processing of two-component server principals might result\nin impersonation attacks.\n\nCVE-2014-9423\nAn information leak in the libgssrpc library.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-gss-samples\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-locales\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-multidev\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgssrpc4\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libk5crypto3\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit8\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm5srv-mit8\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkdb5-6\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-3\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5support0\", ver:\"1.10.1+dfsg-5+deb7u3\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:53:17", "references": ["https://alas.aws.amazon.com/ALAS-2015-518.html"], "pluginID": "1361412562310120539", "description": "Amazon Linux Local Security Checks", "edition": 4, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2015-518", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310120539", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120539", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2015-518.nasl 6575 2017-07-06 13:42:08Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120539\");\nscript_version(\"$Revision: 6575 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:29:00 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:42:08 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: ALAS-2015-518\");\nscript_tag(name: \"insight\", value: \"A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352 )If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353 )It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. (CVE-2014-5355 )A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421 )It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as kad/x) could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update krb5 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2015-518.html\");\nscript_cve_id(\"CVE-2014-5353\", \"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-5355\", \"CVE-2014-9422\");\nscript_tag(name:\"cvss_base\", value:\"9.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.10.3~37.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.10.3~37.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.10.3~37.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.10.3~37.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.10.3~37.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.10.3~37.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.10.3~37.29.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:49", "references": ["2015:0257_1"], "pluginID": "1361412562310850837", "description": "Check the version of krb5", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-13T00:00:00", "title": "SuSE Update for krb5 SUSE-SU-2015:0257-1 (krb5)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310850837", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850837", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0257_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for krb5 SUSE-SU-2015:0257-1 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850837\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:01 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for krb5 SUSE-SU-2015:0257-1 (krb5)\");\n script_tag(name: \"summary\", value: \"Check the version of krb5\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n krb5 has been updated to fix four security issues:\n\n * CVE-2014-5352: gss_process_context_token() incorrectly frees context\n (bsc#912002)\n * CVE-2014-9421: kadmind doubly frees partial deserialization results\n (bsc#912002)\n * CVE-2014-9422: kadmind incorrectly validates server principal name\n (bsc#912002)\n * CVE-2014-9423: libgssrpc server applications leak uninitialized\n bytes (bsc#912002)\n\n Additionally, these non-security issues have been fixed:\n\n * Winbind process hangs indefinitely without DC. (bsc#872912)\n * Hanging winbind processes. (bsc#906557)\n\n Security Issues:\n\n * CVE-2014-5352\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352 \n * CVE-2014-9421\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421 \n * CVE-2014-9422\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422 \n * CVE-2014-9423\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423\");\n script_tag(name: \"affected\", value: \"krb5 on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:0257_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-apps-clients\", rpm:\"krb5-apps-clients~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-kdb-ldap\", rpm:\"krb5-plugin-kdb-ldap~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-preauth-pkinit\", rpm:\"krb5-plugin-preauth-pkinit~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-doc\", rpm:\"krb5-doc~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-x86\", rpm:\"krb5-x86~1.6.3~133.49.66.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:14", "references": ["2015:0290_2"], "pluginID": "1361412562310851052", "description": "Check the version of krb5", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "title": "SuSE Update for krb5 SUSE-SU-2015:0290-2 (krb5)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310851052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851052", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0290_2.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for krb5 SUSE-SU-2015:0290-2 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851052\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 18:59:37 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-5351\", \"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for krb5 SUSE-SU-2015:0290-2 (krb5)\");\n script_tag(name: \"summary\", value: \"Check the version of krb5\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n MIT kerberos krb5 was updated to fix several security issues and bugs.\n\n Security issues fixed: CVE-2014-5351: The kadm5_randkey_principal_3\n function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5\n (aka krb5) sent old keys in a response to a -randkey -keepold request,\n which allowed remote authenticated users to forge tickets by leveraging\n administrative access.\n\n CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after\n gss_process_context_token() is used to process a valid context deletion\n token, the caller was left with a security context handle containing a\n dangling pointer. Further uses of this handle would have resulted in\n use-after-free and double-free memory access violations. libgssrpc server\n applications such as kadmind were vulnerable as they can be instructed to\n call gss_process_context_token().\n\n CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR data\n from an authenticated user, it may have performed use-after-free and\n double-free memory access violations while cleaning up the partial\n deserialization results. Other libgssrpc server applications might also\n been vulnerable if they contain insufficiently defensive XDR functions.\n\n CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted\n authentications to two-component server principals whose first component\n is a left substring of 'kadmin' or whose realm is a left prefix of the\n default realm.\n\n CVE-2014-9423: libgssrpc applications including kadmind output four or\n eight bytes of uninitialized memory to the network as part of an unused\n 'handle' field in replies to clients.\n\n Bugs fixed:\n - Work around replay cache creation race (bnc#898439).\");\n script_tag(name: \"affected\", value: \"krb5 on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:0290_2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.12.1~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.12.1~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.12.1~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-client-debuginfo\", rpm:\"krb5-client-debuginfo~1.12.1~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.12.1~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo-32bit\", rpm:\"krb5-debuginfo-32bit~1.12.1~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debugsource\", rpm:\"krb5-debugsource~1.12.1~9.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-client\", rpm:\"krb5-client~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-client-debuginfo\", rpm:\"krb5-client-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo-32bit\", rpm:\"krb5-debuginfo-32bit~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debugsource\", rpm:\"krb5-debugsource~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-doc\", rpm:\"krb5-doc~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-kdb-ldap\", rpm:\"krb5-plugin-kdb-ldap~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-kdb-ldap-debuginfo\", rpm:\"krb5-plugin-kdb-ldap-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-preauth-otp\", rpm:\"krb5-plugin-preauth-otp~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-preauth-otp-debuginfo\", rpm:\"krb5-plugin-preauth-otp-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-preauth-pkinit\", rpm:\"krb5-plugin-preauth-pkinit~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-plugin-preauth-pkinit-debuginfo\", rpm:\"krb5-plugin-preauth-pkinit-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-debuginfo\", rpm:\"krb5-server-debuginfo~1.12.1~9.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:36", "references": ["2015-2347", "https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"], "pluginID": "1361412562310869079", "description": "Check the version of krb5", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-13T00:00:00", "title": "Fedora Update for krb5 FEDORA-2015-2347", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9422", "CVE-2014-5354", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869079", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869079", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2015-2347\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869079\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-13 05:12:40 +0100 (Fri, 13 Mar 2015)\");\n script_cve_id(\"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\",\n \"CVE-2014-5354\", \"CVE-2014-5353\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for krb5 FEDORA-2015-2347\");\n script_tag(name: \"summary\", value: \"Check the version of krb5\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Kerberos V5 is a trusted-third-party\nnetwork authentication system, which can improve your network's security by\neliminating the insecure practice of sending passwords over the network in\nunencrypted form.\n\");\n script_tag(name: \"affected\", value: \"krb5 on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-2347\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.12.2~14.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31707"], "description": "Information leakage, double free.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-02-11T00:00:00", "title": "MIT Kerberos 5 multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:59", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "krb5", "version": "1.13", "operator": "eq"}], "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-11T00:00:00", "id": "SECURITYVULNS:VULN:14257", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14257", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nMITKRB5-SA-2015-001\r\n\r\nMIT krb5 Security Advisory 2015-001\r\nOriginal release: 2015-02-03\r\nLast update: 2015-02-03\r\n\r\nTopic: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token\r\nVU#540092\r\n\r\nCVE-2014-5352: gss_process_context_token() incorrectly frees context\r\n\r\nCVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C\r\n\r\nCVSSv2 Base Score: 9.0\r\n\r\nAccess Vector: Network\r\nAccess Complexity: Low\r\nAuthentication: Single\r\nConfidentiality Impact: Complete\r\nIntegrity Impact: Complete\r\nAvailability Impact: Complete\r\n\r\nCVSSv2 Temporal Score: 7.0\r\n\r\nExploitability: Proof-of-Concept\r\nRemediation Level: Official Fix\r\nReport Confidence: Confirmed\r\n\r\nCVE-2014-9421: kadmind doubly frees partial deserialization results\r\n\r\nCVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C\r\nCVSSv2 Base Score: 9.0\r\nCVSSv2 Temporal Score: 7.0\r\n\r\nCVE-2014-9422: kadmind incorrectly validates server principal name\r\n\r\nCVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:C/E:POC/RL:OF/RC:C\r\nCVSSv2 Base Score: 6.1\r\nCVSSv2 Temporal Score: 4.8\r\n\r\nCVE-2014-9423: libgssrpc server applications leak uninitialized bytes\r\n\r\nCVSSv2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C\r\nCVSSv2 Base Score: 5.0\r\nCVSSv2 Temporal Score: 4.4\r\n\r\nSUMMARY\r\n=======\r\n\r\nThe MIT krb5 team has discovered four vulnerabilities affecting\r\nkadmind. Some of these vulnerabilities may also affect server\r\napplications which use the gssrpc library or the\r\ngss_process_context_token() function. These are implementation\r\nvulnerabilities, not vulnerabilities in the Kerberos protocol.\r\n\r\nCVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after\r\ngss_process_context_token() is used to process a valid context\r\ndeletion token, the caller is left with a security context handle\r\ncontaining a dangling pointer. Further uses of this handle will\r\nresult in use-after-free and double-free memory access violations.\r\nlibgssrpc server applications such as kadmind are vulnerable as they\r\ncan be instructed to call gss_process_context_token().\r\n\r\nCVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR\r\ndata from an authenticated user, it may perform use-after-free and\r\ndouble-free memory access violations while cleaning up the partial\r\ndeserialization results. Other libgssrpc server applications may also\r\nbe vulnerable if they contain insufficiently defensive XDR functions.\r\n\r\nCVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepts\r\nauthentications to two-component server principals whose first\r\ncomponent is a left substring of "kadmin" or whose realm is a left\r\nprefix of the default realm.\r\n\r\nCVE-2014-9423: libgssrpc applications including kadmind output four or\r\neight bytes of uninitialized memory to the network as part of an\r\nunused "handle" field in replies to clients.\r\n\r\nIMPACT\r\n======\r\n\r\nCVE-2014-5352: An authenticated attacker could cause a vulnerable\r\napplication (including kadmind) to crash or to execute arbitrary code.\r\nExploiting a double-free event to execute arbitrary code is believed\r\nto be difficult.\r\n\r\nCVE-2014-9421: An authenticated attacker could cause kadmind or other\r\nvulnerable server application to crash or to execute arbitrary code.\r\nExploiting a double-free event to execute arbitrary code is believed\r\nto be difficult.\r\n\r\nCVE-2014-9422: An attacker who possess the key of a particularly named\r\nprincipal (such as "kad/root") could impersonate any user to kadmind\r\nand perform administrative actions as that user.\r\n\r\nCVE-2014-9423: An attacker could attempt to glean sensitive\r\ninformation from the four or eight bytes of uninitialized data output\r\nby kadmind or other libgssrpc server application. Because MIT krb5\r\ngenerally sanitizes memory containing krb5 keys before freeing it, it\r\nis unlikely that kadmind would leak Kerberos key information, but it\r\nis not impossible.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\nCVE-2014-5352: kadmind in all released versions of MIT krb5 is\r\nvulnerable. Third-party server applications using libgssrpc from all\r\nreleases of MIT krb5 are vulnerable if they enable the AUTH_GSSAPI\r\nauthentication flavor. Third-party client and server applications\r\nusing GSS-API libraries from all releases of MIT krb5 are vulnerable\r\nif they directly call gss_process_context_token(). Such applications\r\nare believed to be rare. Releases krb5-1.9 and prior may be less\r\nvulnerable due to pointer validation code within the krb5 GSS-API\r\nmechanism; applications using those releases may instead only\r\nexperience a memory leak.\r\n\r\nCVE-2014-9421: kadmind is vulnerable in all released versions of MIT\r\nkrb5. Third-party server applications using libgssrpc are vulnerable\r\nif they enable the AUTH_GSSAPI authentication flavor and contain\r\ninsufficiently defensive XDR functions.\r\n\r\nCVE-2014-9422: kadmind is vulnerable in all released versions of MIT\r\nkrb5.\r\n\r\nCVE-2014-9423: Server software (including third-party applications)\r\nusing libgssrpc from release krb5-1.11 and later are vulnerable.\r\n\r\nFIXES\r\n=====\r\n\r\n* Upcoming releases in the krb5-1.11, krb5-1.12, and krb5-1.13 series\r\n will contain fixes for these issues.\r\n\r\n* The patch for krb5-1.13.x is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt.asc\r\n\r\n* The patch for krb5-1.12.x is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2015-001-patch-r112.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2015-001-patch-r112.txt.asc\r\n\r\n* The patch for krb5-1.11.x is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2015-001-patch-r111.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2015-001-patch-r111.txt.asc\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement is posted at:\r\n\r\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVSSv2:\r\n\r\n http://www.first.org/cvss/cvss-guide.html\r\n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\r\n\r\nCVE:\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Nico Williams for helping with analysis of CVE-2014-5352.\r\n\r\nCONTACT\r\n=======\r\n\r\nThe MIT Kerberos Team security contact address is\r\n<krbcore-security@mit.edu>. When sending sensitive information,\r\nplease PGP-encrypt it using the following key:\r\n\r\npub 3072R/760FCCD9 2015-01-06 [expires: 2016-02-01]\r\n Key fingerprint = 00D9 5731 89FA AC2D D72E 6319 BD1E A606 760F CCD9\r\nuid MIT Kerberos Team Security Contact <krbcore-security@mit.edu>\r\n\r\nDETAILS\r\n=======\r\n\r\nCVE-2014-5352: gss_process_context_token() incorrectly frees context\r\n\r\nThe krb5 mechanism implementation of gss_process_context_token(), upon\r\nsuccessfully validating a deletion token, frees the security context\r\nstructure. This behavior is incorrect as the API has no way to alert\r\nthe caller that the security context was deleted. The application is\r\nleft with a valid pointer to a mechglue security context structure,\r\ncontaining a dangling pointer to a freed krb5 security context\r\nstructure. Any further use of this handle will result in a\r\nuse-after-free violation and eventually a double-free when the handle\r\nis deleted with gss_delete_sec_context(). This vulnerability could\r\ntheoretically lead to the execution of malicious code, but that is\r\nbelieved to be difficult.\r\n\r\nApplications which call gss_process_context_token() are believed to be\r\nrare, but the server code in the old flavor of libgssrpc GSS-API\r\nauthentication can be induced to call gss_process_context_token().\r\n\r\nIn release krb5-1.9 and earlier, the krb5 GSS mechanism contained\r\npointer validation code which should prevent subsequent dereferences\r\nof the freed pointer. In these earlier releases, the vulnerability is\r\nbelieved to be limited to a memory leak because\r\ngss_delete_sec_context() will not free the mechglue security context\r\nstructure.\r\n\r\nCVE-2014-9421: kadmind doubly frees partial deserialization results\r\n\r\nlibgssrpc applications use the XDR serialization format. XDR data is\r\nserialized, deserialized, and freed using an application function,\r\noften generated by the rpcgen command. If an application receives\r\nincorrectly serialized data from the client, the XDR function will\r\nreturn false to report a deserialization failure, perhaps leaving\r\nbehind partial deserialization results. To avoid a memory leak, these\r\npartial results must be freed with another invocation of the XDR\r\nfunction.\r\n\r\nIn a server application, this cleanup is performed automatically by\r\nsvc_getargs(). If the AUTH_GSSAPI authentication flavor is used, the\r\ncleanup is also erroneously performed by the internal unwrap function,\r\nso the XDR function is invoked twice to clean up the partial results.\r\n\r\nXDR functions can be defensive about being invoked twice for cleanup\r\nby assigning pointer values to NULL after freeing them. Most XDR\r\nfunctions do this, but the XDR functions within libkadm5 for principal\r\nnames and tag-length data do not. When these functions are invoked\r\ntwice by libgssrpc to clean up a value, the second invocations perform\r\nuse-after-free and double-free memory access violations. These XDR\r\nfunctions are only exposed to an authenticated attacker. This\r\nvulnerability could theoretically lead to the execution of malicious\r\ncode, but that is believed to be difficult.\r\n\r\nClient applications are not believed to be vulnerable because\r\nclnt_call() and client stub functions do not free partial\r\ndeserialization results.\r\n\r\nCVE-2014-9422: kadmind incorrectly validates server principal\r\n\r\nWhen kadmind receives a request using the RPCSEC_GSS authentication\r\nflavor, it queries the GSS-API security context for the server\r\nprincipal name and attempts to verify that it is a two-component\r\nprincipal name where the first component is "kadmin", the second\r\ncomponent is not "history", and the realm is the default realm.\r\n\r\nThe validation function incorrectly uses strcmp() to compare the\r\nlength-counted principal name components against null-terminated C\r\nstrings for "kadmin", "history", and the default realm. These\r\ncomparisons erroneously succeed for left substrings of the of the\r\ndesired C strings, so for example a first principal name component of\r\n"ka" would be accepted.\r\n\r\nkadmind can receive authentications to any server principal entry in\r\nthe Kerberos database (excluding entries with either the DISALLOW_SVR\r\nor DISALLOW_ALL_TIX flags set). If the database contains an\r\nerroneously matching principal entry such as "ka/x", and an attacker\r\nknows the key for that entry, the attacker can conduct an escalation\r\nof privilege attack by forging tickets from any client principal name\r\nto that server principal. By picking a client principal name with\r\nadministrative privileges, the attacker could perform arbitrary\r\nadministrative operations on the Kerberos database.\r\n\r\nCVE-2014-9423: libgssrpc servers output uninitialized bytes\r\n\r\nRFC 2203 defines structures for the RPCSEC_GSS authentication flavor.\r\nThe rpc_gss_init_res structure which conveys responses to the client\r\ncontains an opaque "handle" field which is supposed to be used to\r\nidentify the GSS-API security context. The client mirrors this field\r\nback to the server in the "handle" field of rpc_gss_cred_vers_1_t in\r\nsubsequent requests.\r\n\r\nThe MIT krb5 implementation of RPCSEC_GSS does not use the handle to\r\nfind the GSS-API context, but it still provides a handle value to the\r\nclient. To provide this value, it copies the first eight or sixteen\r\nbytes out of the GSS-API security context handle. (The number of\r\nbytes depends on the platform's pointer size; it is eight bytes on a\r\n32-bit platform and sixteen bytes on a 64-bit platform.)\r\n\r\nIn release krb5-1.11, an unused "interposer" field was added to the\r\nmechglue GSS security context structure as the second pointer field.\r\nBecause this field is unused, it remains uninitialized, so the second\r\nhalf of the bytes copied from the GSS security context handle are\r\nuninitialized.\r\n\r\nThe contents of the uninitialized bytes could contain any heap data\r\npreviously freed by the application or any library it uses. The MIT\r\nKerberos libraries and kadmind are generally careful to zero out\r\nsensitive data such as Kerberos key data before freeing it, but there\r\nis nevertheless a risk of leakage of a small amount of sensitive data\r\nto the network.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2015-02-03 original release\r\n\r\nCopyright (C) 2015 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIVAwUBVNEaFQy6CFdfg3LfAQK72A/+JtpygNYT6rHCncSiWpK9fPu6LCZ0IQdr\r\nGFb+PCo7QRk967yaXdiujYWyUExcVdT8HGoFwHn7u3pYIuNGUrmVrV6H5Q1alV6S\r\nnhMRSgEmF5wRqJ7iuy4KWsuxHLx1+I1t5KWIukdCme9hGWSjMxwHn1s1tkWARWY2\r\nGDdCbfwVvf5W98ohwz0GNxvlR62oERFk8YzfWvTHGUs6kGCnqX1gFUNFZdqlMHvl\r\nx4VuAMpUl7ORAx/SUtxYsufXsZ/n4Zms6T/GkVeUDryp6NEY9ylZk/ZJ2SxzmlK6\r\n9Cg/bNcOxjA33pyvrn/rOr8OM3BWzXfmOYJVi2aHTZKpx7lnvyZkWxArfX1evxlJ\r\njsbtM1BEXGbxoMPdCLlR3PWI9+EO+X79xUA/WDoQfgCL8wtZr9xJkNiN1TGXjfN1\r\n9Q7dOwurSCJ5eVMynM3vuhGrJB6ivI8xs0HRpbUuM2lScCr6SJOSYlmfEwxwfPMO\r\nl6lw/msWn24s60hX5vw3dEA4lMgR9rNt+otLp8q1UIqe4but/pYXlMCNc3U+Hwwc\r\nqISMllUvC9mty/0SOEqyBZhxdOu+6+snz0dEb8Ti8Ti2Kik7vjlNdb7vj6t2rZBa\r\nku70qQsRvK8e1zZfPnoF9q5wa42kjqlYjO6N1qDOKIC8oznYwlbG9Zp4gbqai+v9\r\nq5dcHtQeLDk=\r\n=vKP0\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-02-11T00:00:00", "title": "MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:57", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-11T00:00:00", "id": "SECURITYVULNS:DOC:31707", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31707", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:40:30", "references": ["https://bugzilla.suse.com/912002", "https://bugzilla.suse.com/898439", "https://bugzilla.suse.com/897874"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-32bit", "packageFilename": "krb5-32bit-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debugsource", "packageFilename": "krb5-debugsource-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-client-debuginfo", "packageFilename": "krb5-client-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-32bit", "packageFilename": "krb5-32bit-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5", "packageFilename": "krb5-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5", "packageFilename": "krb5-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini-debugsource", "packageFilename": "krb5-mini-debugsource-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-otp", "packageFilename": "krb5-plugin-preauth-otp-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-server-debuginfo", "packageFilename": "krb5-server-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini-devel", "packageFilename": "krb5-mini-devel-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-doc", "packageFilename": "krb5-doc-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo-32bit", "packageFilename": "krb5-debuginfo-32bit-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini", "packageFilename": "krb5-mini-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini-debuginfo", "packageFilename": "krb5-mini-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-kdb-ldap-debuginfo", "packageFilename": "krb5-plugin-kdb-ldap-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debugsource", "packageFilename": "krb5-debugsource-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-otp-debuginfo", "packageFilename": "krb5-plugin-preauth-otp-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debugsource", "packageFilename": "krb5-debugsource-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-client-debuginfo", "packageFilename": "krb5-client-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo-32bit", "packageFilename": "krb5-debuginfo-32bit-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-pkinit-debuginfo", "packageFilename": "krb5-plugin-preauth-pkinit-debuginfo-1.12.1-9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "MIT kerberos krb5 was updated to fix several security issues and bugs.\n\n Security issues fixed: CVE-2014-5351: The kadm5_randkey_principal_3\n function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5\n (aka krb5) sent old keys in a response to a -randkey -keepold request,\n which allowed remote authenticated users to forge tickets by leveraging\n administrative access.\n\n CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after\n gss_process_context_token() is used to process a valid context deletion\n token, the caller was left with a security context handle containing a\n dangling pointer. Further uses of this handle would have resulted in\n use-after-free and double-free memory access violations. libgssrpc server\n applications such as kadmind were vulnerable as they can be instructed to\n call gss_process_context_token().\n\n CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR data\n from an authenticated user, it may have performed use-after-free and\n double-free memory access violations while cleaning up the partial\n deserialization results. Other libgssrpc server applications might also\n been vulnerable if they contain insufficiently defensive XDR functions.\n\n CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted\n authentications to two-component server principals whose first component\n is a left substring of "kadmin" or whose realm is a left prefix of the\n default realm.\n\n CVE-2014-9423: libgssrpc applications including kadmind output four or\n eight bytes of uninitialized memory to the network as part of an unused\n "handle" field in replies to clients.\n\n Bugs fixed:\n - Work around replay cache creation race; (bnc#898439).\n\n", "edition": 1, "reporter": "Suse", "published": "2015-02-16T15:04:57", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for krb5 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-16T15:04:57", "id": "SUSE-SU-2015:0290-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00017.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:49:45", "references": ["https://bugzilla.suse.com/912002", "https://bugzilla.suse.com/898439", "https://bugzilla.suse.com/897874"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5", "packageFilename": "krb5-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5", "packageFilename": "krb5-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-kdb-ldap-debuginfo", "packageFilename": "krb5-plugin-kdb-ldap-debuginfo-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini-debugsource", "packageFilename": "krb5-mini-debugsource-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-client-debuginfo", "packageFilename": "krb5-client-debuginfo-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-server-debuginfo", "packageFilename": "krb5-server-debuginfo-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-otp", "packageFilename": "krb5-plugin-preauth-otp-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini-devel", "packageFilename": "krb5-mini-devel-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini-debuginfo", "packageFilename": "krb5-mini-debuginfo-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini-debuginfo", "packageFilename": "krb5-mini-debuginfo-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-doc", "packageFilename": "krb5-doc-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debugsource", "packageFilename": "krb5-debugsource-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-otp", "packageFilename": "krb5-plugin-preauth-otp-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini-devel", "packageFilename": "krb5-mini-devel-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-client-debuginfo", "packageFilename": "krb5-client-debuginfo-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini-debugsource", "packageFilename": "krb5-mini-debugsource-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-server-debuginfo", "packageFilename": "krb5-server-debuginfo-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-kdb-ldap-debuginfo", "packageFilename": "krb5-plugin-kdb-ldap-debuginfo-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-pkinit-debuginfo", "packageFilename": "krb5-plugin-preauth-pkinit-debuginfo-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debugsource", "packageFilename": "krb5-debugsource-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debugsource", "packageFilename": "krb5-debugsource-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini", "packageFilename": "krb5-mini-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-doc", "packageFilename": "krb5-doc-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-otp-debuginfo", "packageFilename": "krb5-plugin-preauth-otp-debuginfo-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-otp-debuginfo", "packageFilename": "krb5-plugin-preauth-otp-debuginfo-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debuginfo-32bit", "packageFilename": "krb5-debuginfo-32bit-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-debugsource", "packageFilename": "krb5-debugsource-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-32bit", "packageFilename": "krb5-32bit-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.12.1-9.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-plugin-preauth-pkinit-debuginfo", "packageFilename": "krb5-plugin-preauth-pkinit-debuginfo-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Build System Kit", "OSVersion": "12", "packageVersion": "1.12.1-9.1", "packageName": "krb5-mini", "packageFilename": "krb5-mini-1.12.1-9.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}], "description": "MIT kerberos krb5 was updated to fix several security issues and bugs.\n\n Security issues fixed: CVE-2014-5351: The kadm5_randkey_principal_3\n function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5\n (aka krb5) sent old keys in a response to a -randkey -keepold request,\n which allowed remote authenticated users to forge tickets by leveraging\n administrative access.\n\n CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after\n gss_process_context_token() is used to process a valid context deletion\n token, the caller was left with a security context handle containing a\n dangling pointer. Further uses of this handle would have resulted in\n use-after-free and double-free memory access violations. libgssrpc server\n applications such as kadmind were vulnerable as they can be instructed to\n call gss_process_context_token().\n\n CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR data\n from an authenticated user, it may have performed use-after-free and\n double-free memory access violations while cleaning up the partial\n deserialization results. Other libgssrpc server applications might also\n been vulnerable if they contain insufficiently defensive XDR functions.\n\n CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted\n authentications to two-component server principals whose first component\n is a left substring of "kadmin" or whose realm is a left prefix of the\n default realm.\n\n CVE-2014-9423: libgssrpc applications including kadmind output four or\n eight bytes of uninitialized memory to the network as part of an unused\n "handle" field in replies to clients.\n\n Bugs fixed:\n - Work around replay cache creation race; (bnc#898439).\n\n", "edition": 1, "reporter": "Suse", "published": "2015-02-16T14:05:49", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for krb5 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-16T14:05:49", "id": "SUSE-SU-2015:0290-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:30:16", "references": ["http://download.suse.com/patch/finder/?keywords=127e426050f20989c3c73bc3d3cfcd23", "https://bugzilla.suse.com/show_bug.cgi?id=872912", "https://bugzilla.suse.com/show_bug.cgi?id=912002", "https://bugzilla.suse.com/show_bug.cgi?id=906557"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-x86", "packageFilename": "krb5-x86-1.6.3-133.49.66.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5", "packageFilename": "krb5-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-clients", "packageFilename": "krb5-apps-clients-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-devel-32bit", "packageFilename": "krb5-devel-32bit-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-doc", "packageFilename": "krb5-doc-1.6.3-133.49.66.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.3-133.49.66.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-servers", "packageFilename": "krb5-apps-servers-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-servers", "packageFilename": "krb5-apps-servers-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-32bit", "packageFilename": "krb5-32bit-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-clients", "packageFilename": "krb5-apps-clients-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5", "packageFilename": "krb5-1.6.3-133.49.66.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.6.3-133.49.66.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5", "packageFilename": "krb5-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-servers", "packageFilename": "krb5-apps-servers-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5", "packageFilename": "krb5-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-clients", "packageFilename": "krb5-apps-clients-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-servers", "packageFilename": "krb5-apps-servers-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-clients", "packageFilename": "krb5-apps-clients-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-32bit", "packageFilename": "krb5-32bit-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5", "packageFilename": "krb5-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.3-133.49.66.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-32bit", "packageFilename": "krb5-32bit-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-servers", "packageFilename": "krb5-apps-servers-1.6.3-133.49.66.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-doc", "packageFilename": "krb5-doc-1.6.3-133.49.66.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-32bit", "packageFilename": "krb5-32bit-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-servers", "packageFilename": "krb5-apps-servers-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-preauth-pkinit", "packageFilename": "krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5", "packageFilename": "krb5-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5", "packageFilename": "krb5-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-32bit", "packageFilename": "krb5-32bit-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-clients", "packageFilename": "krb5-apps-clients-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5", "packageFilename": "krb5-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-devel-32bit", "packageFilename": "krb5-devel-32bit-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-clients", "packageFilename": "krb5-apps-clients-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-servers", "packageFilename": "krb5-apps-servers-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.6.3-133.49.66.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-devel-32bit", "packageFilename": "krb5-devel-32bit-1.6.3-133.49.66.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-plugin-kdb-ldap", "packageFilename": "krb5-plugin-kdb-ldap-1.6.3-133.49.66.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-server", "packageFilename": "krb5-server-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5", "packageFilename": "krb5-1.6.3-133.49.66.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-client", "packageFilename": "krb5-client-1.6.3-133.49.66.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.3-133.49.66.1", "packageName": "krb5-apps-clients", "packageFilename": "krb5-apps-clients-1.6.3-133.49.66.1.ia64.rpm", "arch": "ia64", "operator": "lt"}], "description": "krb5 has been updated to fix four security issues:\n\n * CVE-2014-5352: gss_process_context_token() incorrectly frees context\n (bsc#912002)\n * CVE-2014-9421: kadmind doubly frees partial deserialization results\n (bsc#912002)\n * CVE-2014-9422: kadmind incorrectly validates server principal name\n (bsc#912002)\n * CVE-2014-9423: libgssrpc server applications leak uninitialized\n bytes (bsc#912002)\n\n Additionally, these non-security issues have been fixed:\n\n * Winbind process hangs indefinitely without DC. (bsc#872912)\n * Hanging winbind processes. (bsc#906557)\n\n Security Issues:\n\n * CVE-2014-5352\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352</a>>\n * CVE-2014-9421\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421</a>>\n * CVE-2014-9422\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422</a>>\n * CVE-2014-9423\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423</a>>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-02-11T18:08:30", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for krb5 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-11T18:08:30", "id": "SUSE-SU-2015:0257-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:23:56", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5-kdc-ldap", "arch": "all", "packageFilename": "krb5-kdc-ldap_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5", "arch": "all", "packageFilename": "krb5_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5-gss-samples", "arch": "all", "packageFilename": "krb5-gss-samples_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libkrb5support0", "arch": "all", "packageFilename": "libkrb5support0_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5-kdc", "arch": "all", "packageFilename": "krb5-kdc_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libk5crypto3", "arch": "all", "packageFilename": "libk5crypto3_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5-multidev", "arch": "all", "packageFilename": "krb5-multidev_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libkrb5-dbg", "arch": "all", "packageFilename": "libkrb5-dbg_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5-pkinit", "arch": "all", "packageFilename": "krb5-pkinit_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5-doc", "arch": "all", "packageFilename": "krb5-doc_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libkrb5-3", "arch": "all", "packageFilename": "libkrb5-3_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libgssrpc4", "arch": "all", "packageFilename": "libgssrpc4_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libkadm5clnt-mit8", "arch": "all", "packageFilename": "libkadm5clnt-mit8_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libkadm5srv-mit8", "arch": "all", "packageFilename": "libkadm5srv-mit8_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5-user", "arch": "all", "packageFilename": "krb5-user_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libkdb5-6", "arch": "all", "packageFilename": "libkdb5-6_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5-locales", "arch": "all", "packageFilename": "krb5-locales_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libgssapi-krb5-2", "arch": "all", "packageFilename": "libgssapi-krb5-2_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "libkrb5-dev", "arch": "all", "packageFilename": "libkrb5-dev_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "1.10.1+dfsg-5+deb7u3", "packageName": "krb5-admin-server", "arch": "all", "packageFilename": "krb5-admin-server_1.10.1+dfsg-5+deb7u3_all.deb", "operator": "lt"}], "edition": 1, "description": "Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos:\n\n * [CVE-2014-5352](<https://security-tracker.debian.org/tracker/CVE-2014-5352>)\n\nIncorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code.\n\n * [CVE-2014-9421](<https://security-tracker.debian.org/tracker/CVE-2014-9421>)\n\nIncorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code.\n\n * [CVE-2014-9422](<https://security-tracker.debian.org/tracker/CVE-2014-9422>)\n\nIncorrect processing of two-component server principals might result in impersonation attacks.\n\n * [CVE-2014-9423](<https://security-tracker.debian.org/tracker/CVE-2014-9423>)\n\nAn information leak in the libgssrpc library.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u3.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-17.\n\nWe recommend that you upgrade your krb5 packages.", "reporter": "Debian", "published": "2015-02-03T00:00:00", "title": "krb5 -- security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-03T00:00:00", "href": "http://www.debian.org/security/dsa-3153", "id": "DSA-3153", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T12:56:45", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "1.8.3+dfsg-4squeeze9", "arch": "all", "packageFilename": "krb5_1.8.3+dfsg-4squeeze9_all.deb", "packageName": "krb5", "operator": "lt"}], "description": "Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos:\n\n * [CVE-2014-5352](<https://security-tracker.debian.org/tracker/CVE-2014-5352>)\n\nIncorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code.\n\n * [CVE-2014-9421](<https://security-tracker.debian.org/tracker/CVE-2014-9421>)\n\nIncorrect memory management in kadmind's processing of XDR data might result in denial of service or the execution of arbitrary code.\n\n * [CVE-2014-9422](<https://security-tracker.debian.org/tracker/CVE-2014-9422>)\n\nIncorrect processing of two-component server principals might result in impersonation attacks.\n\n * [CVE-2014-9423](<https://security-tracker.debian.org/tracker/CVE-2014-9423>)\n\nAn information leak in the libgssrpc library.\n\nFor Debian 6 Squeeze, these issues have been fixed in krb5 version 1.8.3+dfsg-4squeeze9", "edition": 1, "reporter": "Debian", "published": "2015-02-07T00:00:00", "title": "krb5 -- LTS security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-07T00:00:00", "id": "DLA-146", "href": "http://www.debian.org/security/2015/dla-146", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2016-09-28T21:04:10", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0794.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "x86_64", "packageFilename": "krb5-libs-1.10.3-37.29.amzn1.x86_64", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "x86_64", "packageFilename": "krb5-devel-1.10.3-37.29.amzn1.x86_64", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "i686", "packageFilename": "krb5-workstation-1.10.3-37.29.amzn1.i686", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "src", "packageFilename": "krb5-1.10.3-37.29.amzn1.src", "packageName": "krb5", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "i686", "packageFilename": "krb5-debuginfo-1.10.3-37.29.amzn1.i686", "packageName": "krb5-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "i686", "packageFilename": "krb5-libs-1.10.3-37.29.amzn1.i686", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "i686", "packageFilename": "krb5-server-ldap-1.10.3-37.29.amzn1.i686", "packageName": "krb5-server-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "x86_64", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.29.amzn1.x86_64", "packageName": "krb5-pkinit-openssl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "x86_64", "packageFilename": "krb5-debuginfo-1.10.3-37.29.amzn1.x86_64", "packageName": "krb5-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "i686", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.29.amzn1.i686", "packageName": "krb5-pkinit-openssl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "x86_64", "packageFilename": "krb5-server-ldap-1.10.3-37.29.amzn1.x86_64", "packageName": "krb5-server-ldap", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "x86_64", "packageFilename": "krb5-workstation-1.10.3-37.29.amzn1.x86_64", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "i686", "packageFilename": "krb5-devel-1.10.3-37.29.amzn1.i686", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "i686", "packageFilename": "krb5-server-1.10.3-37.29.amzn1.i686", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.10.3-37.29", "arch": "x86_64", "packageFilename": "krb5-server-1.10.3-37.29.amzn1.x86_64", "packageName": "krb5-server", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. ([CVE-2014-5352 __](<https://access.redhat.com/security/cve/CVE-2014-5352>))\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. ([CVE-2014-5353 __](<https://access.redhat.com/security/cve/CVE-2014-5353>))\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. ([CVE-2014-5355 __](<https://access.redhat.com/security/cve/CVE-2014-5355>))\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. ([CVE-2014-9421 __](<https://access.redhat.com/security/cve/CVE-2014-9421>))\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as \"kad/x\") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. ([CVE-2014-9422 __](<https://access.redhat.com/security/cve/CVE-2014-9422>))\n\n \n**Affected Packages:** \n\n\nkrb5\n\n \n**Issue Correction:** \nRun _yum update krb5_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n krb5-devel-1.10.3-37.29.amzn1.i686 \n krb5-pkinit-openssl-1.10.3-37.29.amzn1.i686 \n krb5-server-ldap-1.10.3-37.29.amzn1.i686 \n krb5-debuginfo-1.10.3-37.29.amzn1.i686 \n krb5-libs-1.10.3-37.29.amzn1.i686 \n krb5-workstation-1.10.3-37.29.amzn1.i686 \n krb5-server-1.10.3-37.29.amzn1.i686 \n \n src: \n krb5-1.10.3-37.29.amzn1.src \n \n x86_64: \n krb5-devel-1.10.3-37.29.amzn1.x86_64 \n krb5-server-1.10.3-37.29.amzn1.x86_64 \n krb5-debuginfo-1.10.3-37.29.amzn1.x86_64 \n krb5-server-ldap-1.10.3-37.29.amzn1.x86_64 \n krb5-workstation-1.10.3-37.29.amzn1.x86_64 \n krb5-libs-1.10.3-37.29.amzn1.x86_64 \n krb5-pkinit-openssl-1.10.3-37.29.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2015-05-05T15:44:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "amazon", "title": "Medium: krb5", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2015-05-05T16:14:00", "id": "ALAS-2015-518", "href": "https://alas.aws.amazon.com/ALAS-2015-518.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-06-12T21:10:30", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.10.3-37.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "src", "packageName": "krb5", "packageFilename": "krb5-1.10.3-37.el6_6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.10.3-37.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageName": "krb5-server", "packageFilename": "krb5-server-1.10.3-37.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.10.3-37.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageName": "krb5-server-ldap", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.10.3-37.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageName": "krb5-server-ldap", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.10.3-37.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.10.3-37.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.10.3-37.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageName": "krb5-pkinit-openssl", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.el6_6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.10.3-37.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.10.3-37.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageName": "krb5-pkinit-openssl", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.el6_6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.10.3-37.el6_6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc64", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.10.3-37.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc64", "packageName": "krb5-pkinit-openssl", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc64", "packageName": "krb5-server", "packageFilename": "krb5-server-1.10.3-37.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc64", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.10.3-37.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc64", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.10.3-37.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc64", "packageName": "krb5-server-ldap", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.10.3-37.el6_6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc", "packageName": "krb5-server-ldap", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.10.3-37.el6_6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "ppc64", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.10.3-37.el6_6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390x", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.10.3-37.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390", "packageName": "krb5-debuginfo", "packageFilename": "krb5-debuginfo-1.10.3-37.el6_6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390x", "packageName": "krb5-server", "packageFilename": "krb5-server-1.10.3-37.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390x", "packageName": "krb5-pkinit-openssl", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390x", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.10.3-37.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390x", "packageName": "krb5-server-ldap", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390x", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.10.3-37.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390", "packageName": "krb5-libs", "packageFilename": "krb5-libs-1.10.3-37.el6_6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390x", "packageName": "krb5-workstation", "packageFilename": "krb5-workstation-1.10.3-37.el6_6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390", "packageName": "krb5-devel", "packageFilename": "krb5-devel-1.10.3-37.el6_6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "s390", "packageName": "krb5-server-ldap", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.s390.rpm", "operator": "lt"}], "description": "Kerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC.\n\nThe following security issues are fixed with this release:\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make\nan application using the GSS-API library (libgssapi) could call the\ngss_process_context_token() function and use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker who has the permissions to set the password policy\ncould crash kadmind by attempting to use a named ticket policy object as a\npassword policy for a principal. (CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not\ncorrectly sanitize input, and could create invalid krb5_data objects.\nA remote, unauthenticated attacker could use this flaw to crash a Kerberos\nchild process via a specially crafted request. (CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could use\nthis flaw to crash the MIT Kerberos administration server (kadmind), or\nother applications using Kerberos libraries, via specially crafted XDR\npackets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as \"kad/x\") could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as that\nuser. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project\nacknowledges Nico Williams for assisting with the analysis of\nCVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "reporter": "RedHat", "published": "2015-04-09T04:00:00", "type": "redhat", "title": "(RHSA-2015:0794) Moderate: krb5 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-5352", "CVE-2014-5353", "CVE-2014-5355", "CVE-2014-9421", "CVE-2014-9422"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:12", "id": "RHSA-2015:0794", "href": "https://access.redhat.com/errata/RHSA-2015:0794", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-15T11:09:12", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-debuginfo-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "i686", "packageFilename": "krb5-debuginfo-1.12.2-14.el7.i686.rpm", "packageName": "krb5-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "src", "packageFilename": "krb5-1.12.2-14.el7.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "i686", "packageFilename": "krb5-devel-1.12.2-14.el7.i686.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-server-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-devel-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-server-ldap-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-server-ldap", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-libs-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "i686", "packageFilename": "krb5-libs-1.12.2-14.el7.i686.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-workstation-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-pkinit-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc64", "packageFilename": "krb5-debuginfo-1.12.2-14.el7.ppc64.rpm", "packageName": "krb5-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc", "packageFilename": "krb5-debuginfo-1.12.2-14.el7.ppc.rpm", "packageName": "krb5-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc64", "packageFilename": "krb5-pkinit-1.12.2-14.el7.ppc64.rpm", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc64", "packageFilename": "krb5-devel-1.12.2-14.el7.ppc64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc64", "packageFilename": "krb5-server-1.12.2-14.el7.ppc64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc64", "packageFilename": "krb5-libs-1.12.2-14.el7.ppc64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc64", "packageFilename": "krb5-workstation-1.12.2-14.el7.ppc64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc64", "packageFilename": "krb5-server-ldap-1.12.2-14.el7.ppc64.rpm", "packageName": "krb5-server-ldap", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc", "packageFilename": "krb5-libs-1.12.2-14.el7.ppc.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "ppc", "packageFilename": "krb5-devel-1.12.2-14.el7.ppc.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390x", "packageFilename": "krb5-debuginfo-1.12.2-14.el7.s390x.rpm", "packageName": "krb5-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390", "packageFilename": "krb5-debuginfo-1.12.2-14.el7.s390.rpm", "packageName": "krb5-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390x", "packageFilename": "krb5-pkinit-1.12.2-14.el7.s390x.rpm", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390x", "packageFilename": "krb5-devel-1.12.2-14.el7.s390x.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390x", "packageFilename": "krb5-server-ldap-1.12.2-14.el7.s390x.rpm", "packageName": "krb5-server-ldap", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390", "packageFilename": "krb5-devel-1.12.2-14.el7.s390.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390x", "packageFilename": "krb5-libs-1.12.2-14.el7.s390x.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390x", "packageFilename": "krb5-workstation-1.12.2-14.el7.s390x.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390x", "packageFilename": "krb5-server-1.12.2-14.el7.s390x.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "s390", "packageFilename": "krb5-libs-1.12.2-14.el7.s390.rpm", "packageName": "krb5-libs", "operator": "lt"}], "description": "A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor\nfor continuation tokens. A remote, unauthenticated attacker could use this flaw\nto crash a GSSAPI-enabled server application. (CVE-2014-4344)\n\nA buffer overflow was found in the KADM5 administration server (kadmind) when it\nwas used with an LDAP back end for the KDC database. A remote, authenticated\nattacker could potentially use this flaw to execute arbitrary code on the system\nrunning kadmind. (CVE-2014-4345)\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make an\napplication using the GSS-API library (libgssapi) call the\ngss_process_context_token() function could use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker with the permissions to set the password policy could\ncrash kadmind by attempting to use a named ticket policy object as a password\npolicy for a principal. (CVE-2014-5353)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External\nData Representation (XDR) data. An authenticated user could use this flaw to\ncrash the MIT Kerberos administration server (kadmind), or other applications\nusing Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly\naccepted certain authentication requests for two-component server principal\nnames. A remote attacker able to acquire a key with a particularly named\nprincipal (such as \"kad/x\") could use this flaw to impersonate any user to\nkadmind, and perform administrative actions as that user. (CVE-2014-9422)\n\nAn information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS\nimplementation (libgssrpc) handled certain requests. An attacker could send a\nspecially crafted request to an application using libgssrpc to disclose a\nlimited portion of uninitialized memory used by that application.\n(CVE-2014-9423)\n\nTwo buffer over-read flaws were found in the way MIT Kerberos handled certain\nrequests. A remote, unauthenticated attacker able to inject packets into a\nclient or server application's GSSAPI session could use either of these flaws to\ncrash the application. (CVE-2014-4341, CVE-2014-4342)\n\nA double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker\nable to spoof packets to appear as though they are from an GSSAPI acceptor could\nuse this flaw to crash a client application that uses MIT Kerberos.\n(CVE-2014-4343)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT\nKerberos project acknowledges Nico Williams for helping with the analysis of\nCVE-2014-5352.\n\nThe krb5 packages have been upgraded to upstream version 1.12, which provides a\nnumber of bug fixes and enhancements, including:\n\n* Added plug-in interfaces for principal-to-username mapping and verifying\nauthorization to user accounts.\n\n* When communicating with a KDC over a connected TCP or HTTPS socket, the client\ngives the KDC more time to reply before it transmits the request to another\nserver. (BZ#1049709, BZ#1127995)\n\nThis update also fixes multiple bugs, for example:\n\n* The Kerberos client library did not recognize certain exit statuses that the\nresolver libraries could return when looking up the addresses of servers\nconfigured in the /etc/krb5.conf file or locating Kerberos servers using DNS\nservice location. The library could treat non-fatal return codes as fatal\nerrors. Now, the library interprets the specific return codes correctly.\n(BZ#1084068, BZ#1109102)\n\nIn addition, this update adds various enhancements. Among others:\n\n* Added support for contacting KDCs and kpasswd servers through HTTPS proxies\nimplementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)\n", "reporter": "RedHat", "published": "2015-03-05T05:00:00", "type": "redhat", "title": "(RHSA-2015:0439) Moderate: krb5 security, bug fix and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-4341", "CVE-2014-4342", "CVE-2014-4343", "CVE-2014-4344", "CVE-2014-4345", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2014-9422", "CVE-2014-9423"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:31:39", "id": "RHSA-2015:0439", "href": "https://access.redhat.com/errata/RHSA-2015:0439", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:44", "references": ["http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.13_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.12.2_1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-112", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.11.5_4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-111", "operator": "lt"}], "description": "\nSO-AND-SO reports:\n\nCVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after\n\t gss_process_context_token() is used to process a valid context\n\t deletion token, the caller is left with a security context handle\n\t containing a dangling pointer. Further uses of this handle will\n\t result in use-after-free and double-free memory access violations.\n\t libgssrpc server applications such as kadmind are vulnerable as\n\t they can be instructed to call gss_process_context_token().\nCVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR\n\t data from an authenticated user, it may perform use-after-free and\n\t double-free memory access violations while cleaning up the partial\n\t deserialization results. Other libgssrpc server applications may\n\t also be vulnerable if they contain insufficiently defensive XDR\n\t functions.\nCVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepts\n\t authentications to two-component server principals whose first\n\t component is a left substring of \"kadmin\" or whose realm is a left\n\t prefix of the default realm.\nCVE-2014-9423: libgssrpc applications including kadmind output\n\t four or eight bytes of uninitialized memory to the network as\n\t part of an unused \"handle\" field in replies to clients.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-02-03T00:00:00", "title": "krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-03T00:00:00", "id": "24CE5597-ACAB-11E4-A847-206A8A720317", "href": "https://vuxml.freebsd.org/freebsd/24ce5597-acab-11e4-a847-206a8a720317.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:37:55", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-server-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-server-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageFilename": "krb5-libs-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageFilename": "krb5-devel-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageFilename": "krb5-server-ldap-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-server-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageFilename": "krb5-workstation-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-pkinit-openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "src", "packageFilename": "krb5-1.10.3-37.el6_6.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "src", "packageFilename": "krb5-1.10.3-37.el6_6.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageFilename": "krb5-pkinit-openssl-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-pkinit-openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageFilename": "krb5-devel-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageFilename": "krb5-devel-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageFilename": "krb5-server-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "x86_64", "packageFilename": "krb5-workstation-1.10.3-37.el6_6.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageFilename": "krb5-server-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageFilename": "krb5-libs-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.10.3-37.el6_6", "arch": "i686", "packageFilename": "krb5-libs-1.10.3-37.el6_6.i686.rpm", "packageName": "krb5-libs", "operator": "lt"}], "description": "[1.10.3-37]\n- fix for CVE-2014-5355 (#1193939) 'krb5: unauthenticated\n denial of service in recvauth_common() and others'\n[1.10.3-36]\n- fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy\n name crash'\n[1.10.3-35]\n- Changelog fixes to make errata subsystem happy.\n[1.10.3-34]\n- fix for CVE-2014-5352 (#1179856) 'gss_process_context_token()\n incorrectly frees context (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees partial\n deserialization results (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly\n validates server principal name (MITKRB5-SA-2015-001)'", "edition": 3, "reporter": "Oracle", "published": "2015-04-09T00:00:00", "title": "krb5 security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "modified": "2015-04-09T00:00:00", "id": "ELSA-2015-0794", "href": "http://linux.oracle.com/errata/ELSA-2015-0794.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:48:06", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-server-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-server-ldap-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-server-ldap", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-libs-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "i686", "packageFilename": "krb5-libs-1.12.2-14.el7.i686.rpm", "packageName": "krb5-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-pkinit-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "src", "packageFilename": "krb5-1.12.2-14.el7.src.rpm", "packageName": "krb5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "i686", "packageFilename": "krb5-devel-1.12.2-14.el7.i686.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-devel-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.12.2-14.el7", "arch": "x86_64", "packageFilename": "krb5-workstation-1.12.2-14.el7.x86_64.rpm", "packageName": "krb5-workstation", "operator": "lt"}], "description": "[1.12.2-14]\n- fix for kinit -C loops (#1184629, MIT/krb5 issue 243, 'Do not\n loop on principal unknown errors').\n[1.12.2-13]\n- fix for CVE-2014-5352 (#1179856) 'gss_process_context_token()\n incorrectly frees context (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees partial\n deserialization results (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly\n validates server principal name (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9423 (#1179863) 'libgssrpc server applications\n leak uninitialized bytes (MITKRB5-SA-2015-001)'\n[1.12.2-12]\n- fix for CVE-2014-5354 (#1174546) 'krb5: NULL pointer\n dereference when using keyless entries'\n[1.12.2-11]\n- fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy\n name crash'\n[1.12.2-10]\n- In ksu, without the -e flag, also check .k5users (#1105489)\n When ksu was explicitly told to spawn a shell, a line in .k5users which\n listed '*' as the allowed command would cause the principal named on the\n line to be considered as a candidate for authentication.\n When ksu was not passed a command to run, which implicitly meant that\n the invoking user wanted to run the target user's login shell, knowledge\n that the principal was a valid candidate was ignored, which could cause\n a less optimal choice of the default target principal.\n This doesn't impact the authorization checks which we perform later.\n Patch by Nalin Dahyabhai \n[1.12.2-9]\n- Undo libkadmclnt SONAME change (from 8 to 9) which originally\n happened in the krb5 1.12 rebase (#1166012) but broke\n rubygem-rkerberos (sort of ruby language bindings for\n libkadmclnt&co.) dependicies, as side effect of\n rubygem-rkerberos using private interfaces in libkadmclnt.\n[1.12.2-8]\n- fix the problem where the %license file has been a dangling symlink\n- ksu: pull in fix from pull #206 to avoid breakage when the\n default_ccache_name doesn't include a cache type as a prefix\n- ksu: pull in a proposed fix for pull #207 to avoid breakage when the\n invoking user doesn't already have a ccache\n[1.12.2-7]\n- pull in patch from master to load plugins with RTLD_NODELETE, when\n defined (RT#7947)\n[1.12.2-6]\n- backport patch to make the client skip checking the server's reply\n address when processing responses to password-change requests, which\n between NAT and upcoming HTTPS support, can cause us to erroneously\n report an error to the user when the server actually reported success\n (RT#7886)\n- backport support for accessing KDCs and kpasswd services via HTTPS\n proxies (marked by being specified as https URIs instead as hostnames\n or hostname-and-port), such as the one implemented in python-kdcproxy\n (RT#7929, #109919), and pick up a subsequent patch to build HTTPS\n as a plugin\n[1.12.2-5]\n- backport fix for trying all compatible keys when not being strict about\n acceptor names while reading AP-REQs (RT#7883, #1078888)\n- define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that\n it's declared (#1059730,#1084068,#1109102)\n[1.12.2-4]\n- kpropd hasn't bothered with -S since 1.11; stop trying to use that flag\n in the systemd unit file\n[1.12.2-3]\n- pull in upstream fix for an incorrect check on the value returned by a\n strdup() call (#1132062)\n[1.12.1-15]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[1.12.2-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[1.12.2-1]\n- update to 1.12.2\n - drop patch for RT#7820, fixed in 1.12.2\n - drop patch for #231147, fixed as RT#3277 in 1.12.2\n - drop patch for RT#7818, fixed in 1.12.2\n - drop patch for RT#7836, fixed in 1.12.2\n - drop patch for RT#7858, fixed in 1.12.2\n - drop patch for RT#7924, fixed in 1.12.2\n - drop patch for RT#7926, fixed in 1.12.2\n - drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2\n - drop patch for CVE-2014-4343, included in 1.12.2\n - drop patch for CVE-2014-4344, included in 1.12.2\n - drop patch for CVE-2014-4345, included in 1.12.2\n- replace older proposed changes for ksu with backports of the changes\n after review and merging upstream (#1015559, #1026099, #1118347)\n[1.12.1-14]\n- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)\n[1.12.1-13]\n- gssapi: pull in upstream fix for a possible NULL dereference\n in spnego (CVE-2014-4344)\n[1.12.1-12]\n- gssapi: pull in proposed fix for a double free in initiators (David\n Woodhouse, CVE-2014-4343, #1117963)\n[1.12.1-11]\n- fix license handling\n[1.12.1-10]\n- pull in fix for denial of service by injection of malformed GSSAPI tokens\n (CVE-2014-4341, CVE-2014-4342, #1116181)\n[1.12.1-9]\n- pull in changes from upstream which add processing of the contents of\n /etc/gss/mech.d/*.conf when loading GSS modules (#1102839)\n[1.12.1-8]\n- pull in fix for building against tcl 8.6 (#1107061)\n[1.12.1-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[1.12.1-6]\n- Backport fix for change password requests when using FAST (RT#7868)\n[1.12.1-5]\n- spnego: pull in patch from master to restore preserving the OID of the\n mechanism the initiator requested when we have multiple OIDs for the same\n mechanism, so that we reply using the same mechanism OID and the initiator\n doesn't get confused (#1066000, RT#7858)\n[1.12.1-4]\n- pull in patch from master to move the default directory which the KDC uses\n when computing the socket path for a local OTP daemon from the database\n directory (/var/kerberos/krb5kdc) to the newly-added run directory\n (/run/krb5kdc), in line with what we're expecting in 1.13 (RT#7859, more\n of #1040056 as #1063905)\n- add a tmpfiles.d configuration file to have /run/krb5kdc created at\n boot-time\n- own /var/run/krb5kdc\n[1.12.1-3]\n- refresh nss_wrapper and add socket_wrapper to the %check environment\n* Fri Jan 31 2014 Nalin Dahyabhai \n- add currently-proposed changes to teach ksu about credential cache\n collections and the default_ccache_name setting (#1015559,#1026099)\n[1.12.1-2]\n- pull in multiple changes to allow replay caches to be added to a GSS\n credential store as 'rcache'-type credentials (RT#7818/#7819/#7836,\n[1.12.1-1]\n- update to 1.12.1\n - drop patch for RT#7794, included now\n - drop patch for RT#7797, included now\n - drop patch for RT#7803, included now\n - drop patch for RT#7805, included now\n - drop patch for RT#7807, included now\n - drop patch for RT#7045, included now\n - drop patches for RT#7813 and RT#7815, included now\n - add patch to always retrieve the KDC time offsets from keyring caches,\n so that we don't mistakenly interpret creds as expired before their\n time when our clock is ahead of the KDC's (RT#7820, #1030607)\n[1.12-11]\n- update the PIC patch for iaesx86.s to not use ELF relocations to the version\n that landed upstream (RT#7815, #1045699)\n* Thu Jan 09 2014 Nalin Dahyabhai \n- pass -Wl,--warn-shared-textrel to the compiler when we're creating shared\n libraries\n[1.12-10]\n- amend the PIC patch for iaesx86.s to also save/restore ebx in the\n functions where we modify it, because the ELF spec says we need to\n[1.12-9]\n- grab a more-commented version of the most recent patch from upstream\n master\n- make a guess at making the 32-bit AES-NI implementation sufficiently\n position-independent to not require execmod permissions for libk5crypto\n (more of #1045699)\n[1.12-8]\n- add patch from Dhiru Kholia for the AES-NI implementations to allow\n libk5crypto to be properly marked as not needing an executable stack\n on arches where they're used (#1045699, and so many others)\n[1.12-7]\n- revert that last change for a bit while sorting out execstack when we\n use AES-NI (#1045699)\n[1.12-6]\n- add yasm as a build requirement for AES-NI support, on arches that have\n yasm and AES-NI\n[1.12-5]\n- pull in fix from master to make reporting of errors encountered by\n the SPNEGO mechanism work better (RT#7045, part of #1043962)\n* Thu Dec 19 2013 Nalin Dahyabhai \n- update a test wrapper to properly handle things that the new libkrad does,\n and add python-pyrad as a build requirement so that we can run its tests\n[1.12-4]\n- revise previous patch to initialize one more element\n[1.12-3]\n- backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739)\n[1.12-2]\n- pull in fix from master to return a NULL pointer rather than allocating\n zero bytes of memory if we read a zero-length input token (RT#7794, part of\n - pull in fix from master to ignore an empty token from an acceptor if\n we've already finished authenticating (RT#7797, part of #1043962)\n- pull in fix from master to avoid a memory leak when a mechanism's\n init_sec_context function fails (RT#7803, part of #1043962)\n- pull in fix from master to avoid a memory leak in a couple of error\n cases which could occur while obtaining acceptor credentials (RT#7805, part\n of #1043962)\n[1.12-1]\n- update to 1.12 final\n[1.12-beta2.0]\n- update to beta2\n - drop obsolete backports for storing KDC time offsets and expiration times\n in keyring credential caches\n[1.12-beta1.0]\n- rebase to master\n- update to beta1\n - drop obsolete backport of fix for RT#7706\n[1.11.4-2]\n- pull in fix to store KDC time offsets in keyring credential caches (RT#7768,\n - pull in fix to set expiration times on credentials stored in keyring\n credential caches (RT#7769, #1031724)\n[1.11.4-1]\n- update to 1.11.4\n - drop patch for RT#7650, obsoleted\n - drop patch for RT#7706, obsoleted as RT#7723\n - drop patch for CVE-2013-1418/CVE-2013-6800, included in 1.11.4", "edition": 3, "reporter": "Oracle", "published": "2015-03-11T00:00:00", "title": "krb5 security, bug fix and enhancement update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5354", "CVE-2014-4342", "CVE-2014-5352", "CVE-2014-4343", "CVE-2014-5353", "CVE-2014-4344", "CVE-2014-9421", "CVE-2014-4345", "CVE-2014-4341", "CVE-2013-1418", "CVE-2014-9423", "CVE-2013-6800"], "modified": "2015-03-11T00:00:00", "id": "ELSA-2015-0439", "href": "http://linux.oracle.com/errata/ELSA-2015-0439.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "aix": [{"lastseen": "2018-08-31T00:08:36", "aixFileset": [{"productVersions": ["any"], "versionGte": "1.4.0.8", "fileset": "krb5.client.rte", "versionLte": "1.6.0.2", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "1.4.0.8", "fileset": "krb5.server.rte", "versionLte": "1.6.0.2", "productName": "aix"}], "references": [], "description": "IBM SECURITY ADVISORY\n\nFirst Issued : Thu May 21 05:06:05 CDT 2015\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/nas_advisory3.asc\nhttps://aix.software.ibm.com/aix/efixes/security/nas_advisory3.asc\nftp://aix.software.ibm.com/aix/efixes/security/nas_advisory3.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: \tAIX NAS denial of service vulnerability\n\n PLATFORMS:\t\tAIX 5.3, 6.1 and 7.1\n\t\t\tVIOS 2.2.*\n\n SOLUTION:\t\tApply the fix as described below.\n\n THREAT:\t\tSee below\n\n CVE Numbers:\tCVE-2014-5352\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY:\tAIX NAS Denial of Service via a zero-byte version string\n\t\t\tor by omitting the '\\0' character\n\n PLATFORMS:\t\tAIX 5.3, 6.1 and 7.1\n\t\t\tVIOS 2.2.*\n\n SOLUTION:\t\tApply the fix as described below.\n\n THREAT:\t\tSee below\n\n CVE Numbers:\tCVE-2014-5355\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY:\tAIX NAS Denial of Service via malformed XDR data\n\n PLATFORMS:\t\tAIX 5.3, 6.1 and 7.1\n\t\t\tVIOS 2.2.*\n\n SOLUTION:\t\tApply the fix as described below.\n\n THREAT:\t\tSee below\n\n CVE Numbers:\tCVE-2014-9421\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY:\tAIX NAS allows remote users to obtain administrative \n\t\t\taccess by leveraging access to a two-component principal\n\n PLATFORMS:\t\tAIX 5.3, 6.1 and 7.1\n\t\t\tVIOS 2.2.*\n\n SOLUTION:\t\tApply the fix as described below.\n\n THREAT:\t\tSee below\n\n CVE Numbers:\tCVE-2014-9422\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY:\tAIX NAS allows remote users to obtain sensitive information \n\t\t\tfrom process heap memory\n\n PLATFORMS:\t\tAIX 5.3, 6.1 and 7.1\n\t\t\tVIOS 2.2.*\n\n SOLUTION:\t\tApply the fix as described below.\n\n THREAT:\t\tSee below\n\n CVE Numbers:\tCVE-2014-9423\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-5352\n\tSecurity context handles are not properly maintained, which allows \n\tremote authenticated users to cause a denial of service(use-after-free \n\tand double free, and daemon crash) or possibly execute arbitrary code \n\tvia crafted GSSAPI traffic.\n\n 2. CVE-2014-5355\n\tA remote attackers can cause a denial of service (NULL pointer dereference) \n\tvia a zero-byte version string or cause a denial of service(out-of-bounds \n\tread) by omitting the '\\0' character. \n\n 3. CVE-2014-9421\n\tRemote authenticated users can cause a denial of service (use-after-free \n\tand double free, and daemon crash) or possibly execute arbitrary code via \n\tmalformed XDR data. \n\n 4. CVE-2014-9422\n\tA remote authenticated users can obtain administrative access by leveraging \n\taccess to a two-component principal with an initial \"kadmind\" substring. \n\n 5. CVE-2014-9423\n\tA remote attackers can obtain sensitive information from process heap memory \n\tby sniffing the network for data in a handle field \n\nII. CVSS\n\n 1. CVE-2014-5352\n CVSS Base Score: 9.0\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/100842\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C)\n\n 2. CVE-2014-5355\n CVSS Base Score: 5.0\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/100972\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n 3. CVE-2014-9421\n CVSS Base Score: 9.0\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/100841\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C)\n\n 4. CVE-2014-9422\n CVSS Base Score: 6.1\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/100840\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:C)\n\n 5. CVE-2014-9423\n CVSS Base Score: 5.0\n CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/100839\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command to obtain the NAS fileset level:\n\n lslpp -L krb5.client.rte\n \tlslpp -L krb5.server.rte\n \n The following fileset levels are vulnerable:\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n krb5.client.rte 1.4.0.8\t1.6.0.2\n krb5.server.rte 1.4.0.8\t1.6.0.2\n\n\tNote, 1.4.0.8 is the Lowest NAS version available in aix web download site. \n\tEven NAS version below this are impacted\n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/nas3_fix.tar\n\n The above link is to a tar file containing this signed advisory, \n \tfix packages, and OpenSSL signatures for each package.\n\n The fixes below include prerequisite checking. \n\tThis will enforce the correct mapping between the fixes and AIX\n releases.\n\n\tThe tar file contains Interim fixes that are based on NAS fileset levels.\n\t\n\tAIX Level 5.3, 6.1, 7.1 and VIOS Level 2.2.*\n\t-------------------------------------------- \n\tIf the NAS fileset level is at 1.5.0.7 then apply the ifix -\n\t1507c_fix.150404.epkg.Z if only krb5.client.rte is installed\n\t1507s_fix.150407.epkg.Z if krb5.server.rte is installed\n\n\tIf the NAS fileset level is at 1.6.0.2 then apply the ifix -\n\t1602c_fix.150404.epkg.Z if only krb5.client.rte is installed\n\t1602s_fix.150407.epkg.Z if krb5.server.rte is installed\n\n\tIf the NAS fileset level is at 1.5.0.3/1.5.0.4, then \n\tupgrade to fileset level 1.6.0.2 and apply the ifix -\n\t1602c_fix.150404.epkg.Z if only krb5.client.rte is installed\n\t1602s_fix.150407.epkg.Z if krb5.server.rte is installed\n\n\tFor other fileset level, upgrade to fileset level 1.5.0.7\n\tand apply the ifix -\n\t1507c_fix.150404.epkg.Z if only krb5.client.rte is installed\n\t1507s_fix.150407.epkg.Z if krb5.server.rte is installed\n\n To extract the fix from the tar file:\n\n tar xvf nas3_fix.tar\n cd nas3_fix\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t filename\t \t \n -------------------------------------------------------------------------------------------\n\t4dc9f7af7f281d3b1b679230d7c957a107b0e14e471482ef86fbe2cff9a7672f\t1507c_fix.150404.epkg.Z\n\tfc4a7c777630380294c1835cca32b438882bb503a94b6ce43761a728ac05152b\t1507s_fix.150407.epkg.Z\n\tdd3356b711e822b5bd4599b4c327d047699cd492eed04d9d5b6c4d3042ef52e9\t1602c_fix.150404.epkg.Z\n\ta3ff287d83f05476ac64b72baebf17b69ffffc530c06ec44fb63b98359f332b6\t1602s_fix.150407.epkg.Z\n\n\tThese sums should match exactly. The OpenSSL signatures in the tar file and on this advisory \n\tcan also be used to verify the integrity of the fixes. \n\tIf the sums or signatures cannot be confirmed, contact IBM AIX Security at\n\tsecurity-alert@austin.ibm.com and describe the discrepancy.\n\n\tPublished advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/nas_advisory3.asc.sig\n \thttps://aix.software.ibm.com/aix/efixes/security/nas_advisory3.asc.sig\n \tftp://aix.software.ibm.com/aix/efixes/security/nas_advisory13.asc.sig\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n CVE-2014-5352 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352\n CVE-2014-5355 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355\n CVE-2014-9421 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421\n CVE-2014-9422 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422\n CVE-2014-9423 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "edition": 3, "reporter": "CentOS Project", "published": "2015-05-21T05:06:05", "title": "Multiple Security vulnerabilities in IBM NAS(kerberos)", "type": "aix", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "aix": {"apars": []}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-05-21T05:06:05", "id": "NAS_ADVISORY3.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/nas_advisory3.asc", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:42", "references": ["https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5353", "https://access.redhat.com/security/cve/CVE-2014-5352", "https://access.redhat.com/security/cve/CVE-2014-9421", "https://access.redhat.com/security/cve/CVE-2014-9423", "https://access.redhat.com/security/cve/CVE-2014-9422", "http://www.openwall.com/lists/oss-security/2014/12/16/1", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5354", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "1.13.1-1", "packageFilename": "UNKNOWN", "packageName": "krb5", "arch": "any", "operator": "lt"}], "edition": 1, "description": "- CVE-2014-5352 (authenticated remote code execution):\n\nIn the MIT krb5 libgssapi_krb5 library, after\ngss_process_context_token() is used to process a valid context deletion\ntoken, the caller is left with a security context handle containing a\ndangling pointer. Further uses of this handle will result in\nuse-after-free and double-free memory access violations. libgssrpc\nserver applications such as kadmind are vulnerable as they can be\ninstructed to call gss_process_context_token().\n\n- CVE-2014-5353 (authenticated remote denial of service):\n\nIn MIT krb5, when kadmind is configured to use LDAP for the KDC\ndatabase, an authenticated remote attacker can cause a NULL dereference\nby attempting to use a named ticket policy object as a password policy\nfor a principal. The attacker needs to be authenticated as a user who\nhas the elevated privilege for setting password policy by adding or\nmodifying principals.\n\n- CVE-2014-5354 (authenticated remote denial of service):\n\nIn MIT krb5, when kadmind is configured to use LDAP for the KDC\ndatabase, an authenticated remote attacker can cause a NULL dereference\nby inserting into the database a principal entry which contains no\nlong-term keys.\n\n- CVE-2014-9421 (authenticated remote code execution):\n\nIf the MIT krb5 kadmind daemon receives invalid XDR data from an\nauthenticated user, it may perform use-after-free and double-free memory\naccess violations while cleaning up the partial deserialization results.\n Other libgssrpc server applications may also be vulnerable if they\ncontain insufficiently defensive XDR functions.\n\n- CVE-2014-9422 (privilege escalation):\n\nThe MIT krb5 kadmind daemon incorrectly accepts authentications to\ntwo-component server principals whose first component is a left\nsubstring of "kadmin" or whose realm is a left prefix of the default realm.\n\n- CVE-2014-9423 (unauthenticated remote information leak):\n\nlibgssrpc applications including kadmind output four or eight bytes of\nuninitialized memory to the network as part of an unused "handle" field\nin replies to clients.", "reporter": "Arch Linux", "published": "2015-02-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "krb5: multiple issues", "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5354", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html", "id": "ASA-201502-12", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:27", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-5354", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9423", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-5353", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-5352", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-5351", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9422", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9421"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libk5crypto3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb53", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkdb5-6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-otp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libk5crypto3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkdb5-4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libk5crypto3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb5-3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkadm5srv-mit9", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkadm5clnt-mit9", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libk5crypto3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgssrpc4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb5-3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgssapi-krb5-2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkdb5-7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgssapi-krb5-2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgssapi-krb5-2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc-ldap", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgssrpc4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgssrpc4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkadm5srv-mit9", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb5support0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkadm5srv-mit8", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb5support0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkadm5clnt-mit7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb5-3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb5support0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgssrpc4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkdb5-7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkadm5srv-mit7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkadm5clnt-mit9", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrad0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrad0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkadm5clnt-mit8", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-otp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb5support0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.10+dfsg~beta1-2ubuntu0.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkadm5srv-mit8", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-user", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.8.1+dfsg-2ubuntu0.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-admin-server", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-pkinit", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.12+dfsg-2ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libgssapi-krb5-2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libkrb5-3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "1.12.1+dfsg-10ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "krb5-kdc", "operator": "lt"}], "description": "It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5351)\n\nIt was discovered that the libgssapi_krb5 library incorrectly processed security context handles. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-5352)\n\nPatrik Kis discovered that Kerberos incorrectly handled LDAP queries with no results. An authenticated remote attacker could use this issue to cause the KDC to crash, resulting in a denial of service. (CVE-2014-5353)\n\nIt was discovered that Kerberos incorrectly handled creating database entries for a keyless principal when using LDAP. An authenticated remote attacker could use this issue to cause the KDC to crash, resulting in a denial of service. (CVE-2014-5354)\n\nIt was discovered that Kerberos incorrectly handled memory when processing XDR data. A remote attacker could use this issue to cause kadmind to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9421)\n\nIt was discovered that Kerberos incorrectly handled two-component server principals. A remote attacker could use this issue to perform impersonation attacks. (CVE-2014-9422)\n\nIt was discovered that the libgssrpc library leaked uninitialized bytes. A remote attacker could use this issue to possibly obtain sensitive information. (CVE-2014-9423)", "edition": 3, "reporter": "Ubuntu", "published": "2015-02-10T00:00:00", "title": "Kerberos vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-5354", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2014-9423"], "modified": "2015-02-10T00:00:00", "id": "USN-2498-1", "href": "https://usn.ubuntu.com/2498-1/", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
