Description
This is pam_krb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV ticke ts. The included pam_krb5afs module also gets AFS tokens if so configured.
Affected Package
Related
{"id": "FEDORA:6BB90208DE5", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 9 Update: pam_krb5-2.3.0-2.fc9", "description": "This is pam_krb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV ticke ts. The included pam_krb5afs module also gets AFS tokens if so configured. ", "published": "2008-10-03T22:36:12", "modified": "2008-10-03T22:36:12", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K4L5NYWQT7VVGHZ23ZCWQFMLN7OFSSLZ/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2008-3825"], "immutableFields": [], "lastseen": "2020-12-21T08:17:49", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2008:0907"]}, {"type": "cve", "idList": ["CVE-2008-3825"]}, {"type": "fedora", "idList": ["FEDORA:B2A4F10F808", "FEDORA:ED0DC208DA0"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-ELSA-2008-0907/", "MSF:ILITIES/SUSE-CVE-2008-3825/", "MSF:ILITIES/VMSA-2011-0003-CVE-2008-3825/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2008-0907.NASL", "FEDORA_2008-8605.NASL", "FEDORA_2008-8618.NASL", "MANDRIVA_MDVSA-2008-209.NASL", "ORACLELINUX_ELSA-2008-0907.NASL", "REDHAT-RHSA-2008-0907.NASL", "SL_20081002_PAM_KRB5_KRB5_ON_SL5_X.NASL", "SUSE_11_0_PAM_KRB5-080919.NASL", "SUSE_PAM_KRB5-5616.NASL", "SUSE_PAM_KRB5-5624.NASL", "VMWARE_VMSA-2011-0003.NASL", "VMWARE_VMSA-2011-0003_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103454", "OPENVAS:1361412562310103454", "OPENVAS:1361412562310122551", "OPENVAS:136141256231064308", "OPENVAS:136141256231065952", "OPENVAS:1361412562310830583", "OPENVAS:1361412562310870121", "OPENVAS:64165", "OPENVAS:64308", "OPENVAS:65952", "OPENVAS:830583", "OPENVAS:860408", "OPENVAS:860732", "OPENVAS:870121"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0907"]}, {"type": "redhat", "idList": ["RHSA-2008:0907"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20658", "SECURITYVULNS:VULN:9334"]}], "rev": 4}, "score": {"value": 5.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2008:0907"]}, {"type": "fedora", "idList": ["FEDORA:B2A4F10F808"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-ELSA-2008-0907/"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2008-209.NASL", "SUSE_PAM_KRB5-5616.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:830583"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0907"]}, {"type": "redhat", "idList": ["RHSA-2008:0907"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20658"]}]}, "exploitation": null, "vulnersScore": 5.5}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "9", "arch": "any", "packageName": "pam_krb5", "packageVersion": "2.3.0", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"nessus": [{"lastseen": "2021-08-19T13:07:07", "description": "Insufficient file access permissions checks allowed users to read Kerberos tickes of other users if pam_krb5 was configured with the option 'existing_ticket' (CVE-2008-3825).", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pam_krb5 (pam_krb5-218)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pam_krb5", "p-cpe:/a:novell:opensuse:pam_krb5-32bit", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_PAM_KRB5-080919.NASL", "href": "https://www.tenable.com/plugins/nessus/40098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update pam_krb5-218.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40098);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3825\");\n\n script_name(english:\"openSUSE Security Update : pam_krb5 (pam_krb5-218)\");\n script_summary(english:\"Check for the pam_krb5-218 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Insufficient file access permissions checks allowed users to read\nKerberos tickes of other users if pam_krb5 was configured with the\noption 'existing_ticket' (CVE-2008-3825).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=425861\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam_krb5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam_krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pam_krb5-2.2.22-35.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"pam_krb5-32bit-2.2.22-35.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam_krb5 / pam_krb5-32bit\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:11", "description": "Insufficient file access permissions checks allowed users to read Kerberos tickes of other users if pam_krb5 was configured with the option 'existing_ticket'. (CVE-2008-3825)", "cvss3": {"score": null, "vector": null}, "published": "2008-12-02T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : pam_krb5 (ZYPP Patch Number 5616)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PAM_KRB5-5616.NASL", "href": "https://www.tenable.com/plugins/nessus/35006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35006);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3825\");\n\n script_name(english:\"SuSE 10 Security Update : pam_krb5 (ZYPP Patch Number 5616)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Insufficient file access permissions checks allowed users to read\nKerberos tickes of other users if pam_krb5 was configured with the\noption 'existing_ticket'. (CVE-2008-3825)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3825.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5616.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"pam_krb5-2.2.3-18.5.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"pam_krb5-32bit-2.2.3-18.5.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"pam_krb5-2.2.3-18.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"pam_krb5-32bit-2.2.3-18.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"pam_krb5-2.2.3-18.5.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"pam_krb5-32bit-2.2.3-18.5.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"pam_krb5-2.2.3-18.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"pam_krb5-32bit-2.2.3-18.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:30", "description": "An updated pam_krb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time.\n\nA flaw was found in the pam_krb5 'existing_ticket' configuration option. If a system is configured to use an existing credential cache via the 'existing_ticket' option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825)\n\nRed Hat would like to thank Stephane Bertin for responsibly disclosing this issue.\n\nUsers of pam_krb5 should upgrade to this updated package, which contains a backported patch to resolve this issue.", "cvss3": {"score": null, "vector": null}, "published": "2008-10-03T00:00:00", "type": "nessus", "title": "RHEL 5 : pam_krb5 (RHSA-2008:0907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pam_krb5", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.2"], "id": "REDHAT-RHSA-2008-0907.NASL", "href": "https://www.tenable.com/plugins/nessus/34333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0907. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34333);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3825\");\n script_xref(name:\"RHSA\", value:\"2008:0907\");\n\n script_name(english:\"RHEL 5 : pam_krb5 (RHSA-2008:0907)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated pam_krb5 package that fixes a security issue is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe pam_krb5 module allows Pluggable Authentication Modules (PAM)\naware applications to use Kerberos to verify user identities by\nobtaining user credentials at log in time.\n\nA flaw was found in the pam_krb5 'existing_ticket' configuration\noption. If a system is configured to use an existing credential cache\nvia the 'existing_ticket' option, it may be possible for a local user\nto gain elevated privileges by using a different, local user's\ncredential cache. (CVE-2008-3825)\n\nRed Hat would like to thank Stephane Bertin for responsibly\ndisclosing this issue.\n\nUsers of pam_krb5 should upgrade to this updated package, which\ncontains a backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0907\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam_krb5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0907\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"pam_krb5-2.2.14-1.el5_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam_krb5\");\n }\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:05", "description": "From Red Hat Security Advisory 2008:0907 :\n\nAn updated pam_krb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time.\n\nA flaw was found in the pam_krb5 'existing_ticket' configuration option. If a system is configured to use an existing credential cache via the 'existing_ticket' option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825)\n\nRed Hat would like to thank Stephane Bertin for responsibly disclosing this issue.\n\nUsers of pam_krb5 should upgrade to this updated package, which contains a backported patch to resolve this issue.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : pam_krb5 (ELSA-2008-0907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:pam_krb5", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2008-0907.NASL", "href": "https://www.tenable.com/plugins/nessus/67753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0907 and \n# Oracle Linux Security Advisory ELSA-2008-0907 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67753);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3825\");\n script_xref(name:\"RHSA\", value:\"2008:0907\");\n\n script_name(english:\"Oracle Linux 5 : pam_krb5 (ELSA-2008-0907)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0907 :\n\nAn updated pam_krb5 package that fixes a security issue is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe pam_krb5 module allows Pluggable Authentication Modules (PAM)\naware applications to use Kerberos to verify user identities by\nobtaining user credentials at log in time.\n\nA flaw was found in the pam_krb5 'existing_ticket' configuration\noption. If a system is configured to use an existing credential cache\nvia the 'existing_ticket' option, it may be possible for a local user\nto gain elevated privileges by using a different, local user's\ncredential cache. (CVE-2008-3825)\n\nRed Hat would like to thank Stephane Bertin for responsibly\ndisclosing this issue.\n\nUsers of pam_krb5 should upgrade to this updated package, which\ncontains a backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-October/000752.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam_krb5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"pam_krb5-2.2.14-1.el5_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam_krb5\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:08:19", "description": "Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user's credential cache (CVE-2008-3825).\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nAn updated package for Mandriva Linux 2009.0 is now available.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : pam_krb5 (MDVSA-2008:209-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:pam_krb5", "cpe:/o:mandriva:linux:2009.0"], "id": "MANDRIVA_MDVSA-2008-209.NASL", "href": "https://www.tenable.com/plugins/nessus/36566", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:209. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36566);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-3825\");\n script_bugtraq_id(31534);\n script_xref(name:\"MDVSA\", value:\"2008:209-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : pam_krb5 (MDVSA-2008:209-1)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stéphane Bertin discovered a flaw in the pam_krb5\nexisting_ticket configuration option where, if enabled and using an\nexisting credential cache, it was possible for a local user to gain\nelevated privileges by using a different, local user's credential\ncache (CVE-2008-3825).\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nAn updated package for Mandriva Linux 2009.0 is now available.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam_krb5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pam_krb5-2.3.1-4.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:51", "description": "pam_krb5 address the following security issue :\n\nA flaw was found in the pam_krb5 'existing_ticket' configuration option. If a system is configured to use an existing credential cache via the 'existing_ticket' option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825)\n\nkrb5 address the following bug :\n\n - In cases where a server application began to sequentially iterate through the contents of a keytab file, if it paused to call certain functions such as krb5_rd_req() which encountered errors, a subsequent call to the krb5_kt_next_entry() function could cause the calling application to crash. The issue has been rectified and updated within these packages so that a call to the krb5_kt_next_entry() function will not crash the calling application.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : pam_krb5/krb5 on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20081002_PAM_KRB5_KRB5_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60481", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60481);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3825\");\n\n script_name(english:\"Scientific Linux Security Update : pam_krb5/krb5 on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"pam_krb5 address the following security issue :\n\nA flaw was found in the pam_krb5 'existing_ticket' configuration\noption. If a system is configured to use an existing credential cache\nvia the 'existing_ticket' option, it may be possible for a local user\nto gain elevated privileges by using a different, local user's\ncredential cache. (CVE-2008-3825)\n\nkrb5 address the following bug :\n\n - In cases where a server application began to\n sequentially iterate through the contents of a keytab\n file, if it paused to call certain functions such as\n krb5_rd_req() which encountered errors, a subsequent\n call to the krb5_kt_next_entry() function could cause\n the calling application to crash. The issue has been\n rectified and updated within these packages so that a\n call to the krb5_kt_next_entry() function will not crash\n the calling application.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0810&L=scientific-linux-errata&T=0&P=643\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c670000\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"krb5-devel-1.6.1-25.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"krb5-libs-1.6.1-25.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"krb5-server-1.6.1-25.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"krb5-workstation-1.6.1-25.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pam_krb5-2.2.14-1.el5_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:10", "description": "Insufficient file access permissions checks allowed users to read Kerberos tickes of other users if pam_krb5 was configured with the option 'existing_ticket' (CVE-2008-3825).", "cvss3": {"score": null, "vector": null}, "published": "2008-12-02T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : pam_krb5 (pam_krb5-5624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pam_krb5", "p-cpe:/a:novell:opensuse:pam_krb5-32bit", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_PAM_KRB5-5624.NASL", "href": "https://www.tenable.com/plugins/nessus/35007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update pam_krb5-5624.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35007);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3825\");\n\n script_name(english:\"openSUSE 10 Security Update : pam_krb5 (pam_krb5-5624)\");\n script_summary(english:\"Check for the pam_krb5-5624 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Insufficient file access permissions checks allowed users to read\nKerberos tickes of other users if pam_krb5 was configured with the\noption 'existing_ticket' (CVE-2008-3825).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam_krb5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam_krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"pam_krb5-2.2.11-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"pam_krb5-32bit-2.2.11-19\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"pam_krb5-2.2.17-14.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"pam_krb5-32bit-2.2.17-14.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam_krb5 / pam_krb5-32bit\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:35", "description": "This update adds a backported fix for CVE-2008-3825, a credential cache permission bypass which becomes possible when the 'existing_ticket' option is enabled.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-10-06T00:00:00", "type": "nessus", "title": "Fedora 8 : pam_krb5-2.2.18-2.fc8 (2008-8605)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pam_krb5", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-8605.NASL", "href": "https://www.tenable.com/plugins/nessus/34343", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8605.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34343);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-3825\");\n script_bugtraq_id(31534);\n script_xref(name:\"FEDORA\", value:\"2008-8605\");\n\n script_name(english:\"Fedora 8 : pam_krb5-2.2.18-2.fc8 (2008-8605)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update adds a backported fix for CVE-2008-3825, a credential\ncache permission bypass which becomes possible when the\n'existing_ticket' option is enabled.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461960\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015090.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0908f877\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam_krb5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"pam_krb5-2.2.18-2.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam_krb5\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:31", "description": "This update adds a backported fix for CVE-2008-3825, a credential cache permission bypass which becomes possible when the 'existing_ticket' option is enabled.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-10-06T00:00:00", "type": "nessus", "title": "Fedora 9 : pam_krb5-2.3.0-2.fc9 (2008-8618)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pam_krb5", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-8618.NASL", "href": "https://www.tenable.com/plugins/nessus/34344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8618.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34344);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-3825\");\n script_bugtraq_id(31534);\n script_xref(name:\"FEDORA\", value:\"2008-8618\");\n\n script_name(english:\"Fedora 9 : pam_krb5-2.3.0-2.fc9 (2008-8618)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update adds a backported fix for CVE-2008-3825, a credential\ncache permission bypass which becomes possible when the\n'existing_ticket' option is enabled.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461960\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec73b354\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam_krb5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"pam_krb5-2.3.0-2.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam_krb5\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:05:25", "description": "An updated pam_krb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time.\n\nA flaw was found in the pam_krb5 'existing_ticket' configuration option. If a system is configured to use an existing credential cache via the 'existing_ticket' option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825)\n\nRed Hat would like to thank Stephane Bertin for responsibly disclosing this issue.\n\nUsers of pam_krb5 should upgrade to this updated package, which contains a backported patch to resolve this issue.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : pam_krb5 (CESA-2008:0907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:pam_krb5", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0907.NASL", "href": "https://www.tenable.com/plugins/nessus/43712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0907 and \n# CentOS Errata and Security Advisory 2008:0907 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43712);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3825\");\n script_xref(name:\"RHSA\", value:\"2008:0907\");\n\n script_name(english:\"CentOS 5 : pam_krb5 (CESA-2008:0907)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated pam_krb5 package that fixes a security issue is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe pam_krb5 module allows Pluggable Authentication Modules (PAM)\naware applications to use Kerberos to verify user identities by\nobtaining user credentials at log in time.\n\nA flaw was found in the pam_krb5 'existing_ticket' configuration\noption. If a system is configured to use an existing credential cache\nvia the 'existing_ticket' option, it may be possible for a local user\nto gain elevated privileges by using a different, local user's\ncredential cache. (CVE-2008-3825)\n\nRed Hat would like to thank Stephane Bertin for responsibly\ndisclosing this issue.\n\nUsers of pam_krb5 should upgrade to this updated package, which\ncontains a backported patch to resolve this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015305.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8225e1e7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-October/015306.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c7a0b40\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam_krb5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"pam_krb5-2.2.14-1.el5_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam_krb5\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T17:31:15", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :\n\n - Apache Tomcat \n - Apache Tomcat Manager\n - cURL \n - Java Runtime Environment (JRE)\n - Kernel \n - Microsoft SQL Express\n - OpenSSL\n - pam_krb5", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0085", "CVE-2008-0086", "CVE-2008-0106", "CVE-2008-0107", "CVE-2008-3825", "CVE-2008-5416", "CVE-2009-1384", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548", "CVE-2009-3555", "CVE-2009-4308", "CVE-2010-0003", "CVE-2010-0007", "CVE-2010-0008", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0291", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0415", "CVE-2010-0433", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0730", "CVE-2010-0734", "CVE-2010-0740", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849", "CVE-2010-0850", "CVE-2010-0886", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1157", "CVE-2010-1173", "CVE-2010-1187", "CVE-2010-1321", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2227", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2928", "CVE-2010-2939", "CVE-2010-3081", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3559", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3864"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2011-0003_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89674);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2008-0085\",\n \"CVE-2008-0086\",\n \"CVE-2008-0106\",\n \"CVE-2008-0107\",\n \"CVE-2008-3825\",\n \"CVE-2008-5416\",\n \"CVE-2009-1384\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-3548\",\n \"CVE-2009-3555\",\n \"CVE-2009-4308\",\n \"CVE-2010-0003\",\n \"CVE-2010-0007\",\n \"CVE-2010-0008\",\n \"CVE-2010-0082\",\n \"CVE-2010-0084\",\n \"CVE-2010-0085\",\n \"CVE-2010-0087\",\n \"CVE-2010-0088\",\n \"CVE-2010-0089\",\n \"CVE-2010-0090\",\n \"CVE-2010-0091\",\n \"CVE-2010-0092\",\n \"CVE-2010-0093\",\n \"CVE-2010-0094\",\n \"CVE-2010-0095\",\n \"CVE-2010-0291\",\n \"CVE-2010-0307\",\n \"CVE-2010-0410\",\n \"CVE-2010-0415\",\n \"CVE-2010-0433\",\n \"CVE-2010-0437\",\n \"CVE-2010-0622\",\n \"CVE-2010-0730\",\n \"CVE-2010-0734\",\n \"CVE-2010-0740\",\n \"CVE-2010-0837\",\n \"CVE-2010-0838\",\n \"CVE-2010-0839\",\n \"CVE-2010-0840\",\n \"CVE-2010-0841\",\n \"CVE-2010-0842\",\n \"CVE-2010-0843\",\n \"CVE-2010-0844\",\n \"CVE-2010-0845\",\n \"CVE-2010-0846\",\n \"CVE-2010-0847\",\n \"CVE-2010-0848\",\n \"CVE-2010-0849\",\n \"CVE-2010-0850\",\n \"CVE-2010-0886\",\n \"CVE-2010-1084\",\n \"CVE-2010-1085\",\n \"CVE-2010-1086\",\n \"CVE-2010-1087\",\n \"CVE-2010-1088\",\n \"CVE-2010-1157\",\n \"CVE-2010-1173\",\n \"CVE-2010-1187\",\n \"CVE-2010-1321\",\n \"CVE-2010-1436\",\n \"CVE-2010-1437\",\n \"CVE-2010-1641\",\n \"CVE-2010-2066\",\n \"CVE-2010-2070\",\n \"CVE-2010-2226\",\n \"CVE-2010-2227\",\n \"CVE-2010-2240\",\n \"CVE-2010-2248\",\n \"CVE-2010-2521\",\n \"CVE-2010-2524\",\n \"CVE-2010-2928\",\n \"CVE-2010-2939\",\n \"CVE-2010-3081\",\n \"CVE-2010-3541\",\n \"CVE-2010-3548\",\n \"CVE-2010-3549\",\n \"CVE-2010-3550\",\n \"CVE-2010-3551\",\n \"CVE-2010-3553\",\n \"CVE-2010-3554\",\n \"CVE-2010-3556\",\n \"CVE-2010-3557\",\n \"CVE-2010-3559\",\n \"CVE-2010-3561\",\n \"CVE-2010-3562\",\n \"CVE-2010-3565\",\n \"CVE-2010-3566\",\n \"CVE-2010-3567\",\n \"CVE-2010-3568\",\n \"CVE-2010-3569\",\n \"CVE-2010-3571\",\n \"CVE-2010-3572\",\n \"CVE-2010-3573\",\n \"CVE-2010-3574\",\n \"CVE-2010-3864\"\n );\n script_bugtraq_id(\n 30082,\n 30083,\n 30118,\n 30119,\n 31534,\n 32710,\n 35112,\n 36935,\n 36954,\n 37724,\n 37762,\n 37906,\n 37942,\n 37944,\n 37945,\n 38027,\n 38058,\n 38144,\n 38162,\n 38165,\n 38185,\n 38348,\n 38479,\n 38533,\n 38857,\n 38898,\n 39013,\n 39044,\n 39062,\n 39067,\n 39068,\n 39069,\n 39070,\n 39071,\n 39072,\n 39073,\n 39075,\n 39077,\n 39078,\n 39081,\n 39082,\n 39083,\n 39084,\n 39085,\n 39086,\n 39088,\n 39089,\n 39090,\n 39091,\n 39093,\n 39094,\n 39095,\n 39096,\n 39120,\n 39492,\n 39569,\n 39635,\n 39715,\n 39719,\n 39794,\n 39979,\n 40235,\n 40356,\n 40776,\n 40920,\n 41466,\n 41544,\n 41904,\n 42242,\n 42249,\n 42306,\n 43239,\n 43965,\n 43971,\n 43979,\n 43985,\n 43988,\n 43992,\n 43994,\n 44009,\n 44011,\n 44012,\n 44013,\n 44014,\n 44016,\n 44017,\n 44026,\n 44027,\n 44028,\n 44030,\n 44032,\n 44035,\n 44040,\n 44884\n );\n script_xref(name:\"VMSA\", value:\"2011-0003\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\ncomponents and libraries :\n\n - Apache Tomcat \n - Apache Tomcat Manager\n - cURL \n - Java Runtime Environment (JRE)\n - Kernel \n - Microsoft SQL Express\n - OpenSSL\n - pam_krb5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2011-0003\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2011/000140.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-3574\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2010-3081\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Plugin Command Line Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(20, 22, 119, 189, 200, 255, 264, 287, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = '';\n\nif (\"ESX\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX/ESXi\");\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"4.0\", \"360236\",\n \"4.1\", \"348481\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n\nif (build < fix)\n{\n\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-31T14:11:06", "description": "a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express.\n\n Customers using other database solutions need not update for these issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users.\n\n The issue is resolved by removing the Manager application in vCenter 4.1 Update 1.\n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\n VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.\n\nf. vCenter Server third-party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL.\n\ng. ESX third-party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update.\n\nh. ESXi third-party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update.\n\ni. ESX third-party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update.\n\nj. ESX third-party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update.\n\n Notes :\n - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.\n - The update also addresses CVE-2010-2240 for ESX 4.0.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0085", "CVE-2008-0086", "CVE-2008-0106", "CVE-2008-0107", "CVE-2008-3825", "CVE-2008-5416", "CVE-2009-1384", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548", "CVE-2009-3555", "CVE-2009-4308", "CVE-2010-0003", "CVE-2010-0007", "CVE-2010-0008", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0291", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0415", "CVE-2010-0433", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0730", "CVE-2010-0734", "CVE-2010-0740", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849", "CVE-2010-0850", "CVE-2010-0886", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1157", "CVE-2010-1173", "CVE-2010-1187", "CVE-2010-1321", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2227", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2928", "CVE-2010-2939", "CVE-2010-3081", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3559", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3864"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1"], "id": "VMWARE_VMSA-2011-0003.NASL", "href": "https://www.tenable.com/plugins/nessus/51971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2011-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51971);\n script_version(\"1.46\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2008-0085\",\n \"CVE-2008-0086\",\n \"CVE-2008-0106\",\n \"CVE-2008-0107\",\n \"CVE-2008-3825\",\n \"CVE-2008-5416\",\n \"CVE-2009-1384\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-3548\",\n \"CVE-2009-3555\",\n \"CVE-2009-4308\",\n \"CVE-2010-0003\",\n \"CVE-2010-0007\",\n \"CVE-2010-0008\",\n \"CVE-2010-0082\",\n \"CVE-2010-0084\",\n \"CVE-2010-0085\",\n \"CVE-2010-0087\",\n \"CVE-2010-0088\",\n \"CVE-2010-0089\",\n \"CVE-2010-0090\",\n \"CVE-2010-0091\",\n \"CVE-2010-0092\",\n \"CVE-2010-0093\",\n \"CVE-2010-0094\",\n \"CVE-2010-0095\",\n \"CVE-2010-0291\",\n \"CVE-2010-0307\",\n \"CVE-2010-0410\",\n \"CVE-2010-0415\",\n \"CVE-2010-0433\",\n \"CVE-2010-0437\",\n \"CVE-2010-0622\",\n \"CVE-2010-0730\",\n \"CVE-2010-0734\",\n \"CVE-2010-0740\",\n \"CVE-2010-0837\",\n \"CVE-2010-0838\",\n \"CVE-2010-0839\",\n \"CVE-2010-0840\",\n \"CVE-2010-0841\",\n \"CVE-2010-0842\",\n \"CVE-2010-0843\",\n \"CVE-2010-0844\",\n \"CVE-2010-0845\",\n \"CVE-2010-0846\",\n \"CVE-2010-0847\",\n \"CVE-2010-0848\",\n \"CVE-2010-0849\",\n \"CVE-2010-0850\",\n \"CVE-2010-0886\",\n \"CVE-2010-1084\",\n \"CVE-2010-1085\",\n \"CVE-2010-1086\",\n \"CVE-2010-1087\",\n \"CVE-2010-1088\",\n \"CVE-2010-1157\",\n \"CVE-2010-1173\",\n \"CVE-2010-1187\",\n \"CVE-2010-1321\",\n \"CVE-2010-1436\",\n \"CVE-2010-1437\",\n \"CVE-2010-1641\",\n \"CVE-2010-2066\",\n \"CVE-2010-2070\",\n \"CVE-2010-2226\",\n \"CVE-2010-2227\",\n \"CVE-2010-2240\",\n \"CVE-2010-2248\",\n \"CVE-2010-2521\",\n \"CVE-2010-2524\",\n \"CVE-2010-2928\",\n \"CVE-2010-2939\",\n \"CVE-2010-3081\",\n \"CVE-2010-3541\",\n \"CVE-2010-3548\",\n \"CVE-2010-3549\",\n \"CVE-2010-3550\",\n \"CVE-2010-3551\",\n \"CVE-2010-3553\",\n \"CVE-2010-3554\",\n \"CVE-2010-3556\",\n \"CVE-2010-3557\",\n \"CVE-2010-3559\",\n \"CVE-2010-3561\",\n \"CVE-2010-3562\",\n \"CVE-2010-3565\",\n \"CVE-2010-3566\",\n \"CVE-2010-3567\",\n \"CVE-2010-3568\",\n \"CVE-2010-3569\",\n \"CVE-2010-3571\",\n \"CVE-2010-3572\",\n \"CVE-2010-3573\",\n \"CVE-2010-3574\",\n \"CVE-2010-3864\"\n );\n script_bugtraq_id(\n 30082,\n 30083,\n 30118,\n 30119,\n 31534,\n 32710,\n 35112,\n 36935,\n 36954,\n 37724,\n 37762,\n 37906,\n 37942,\n 37944,\n 37945,\n 38027,\n 38058,\n 38144,\n 38162,\n 38165,\n 38185,\n 38348,\n 38479,\n 38533,\n 38857,\n 38898,\n 39013,\n 39044,\n 39062,\n 39067,\n 39068,\n 39069,\n 39070,\n 39071,\n 39072,\n 39073,\n 39075,\n 39077,\n 39078,\n 39081,\n 39082,\n 39083,\n 39084,\n 39085,\n 39086,\n 39088,\n 39089,\n 39090,\n 39091,\n 39093,\n 39094,\n 39095,\n 39096,\n 39120,\n 39492,\n 39569,\n 39635,\n 39715,\n 39719,\n 39794,\n 39979,\n 40235,\n 40356,\n 40776,\n 40920,\n 41466,\n 41544,\n 41904,\n 42242,\n 42249,\n 42306,\n 43239,\n 43965,\n 43971,\n 43979,\n 43985,\n 43988,\n 43992,\n 43994,\n 44009,\n 44011,\n 44012,\n 44013,\n 44014,\n 44016,\n 44017,\n 44026,\n 44027,\n 44028,\n 44030,\n 44032,\n 44035,\n 44040,\n 44884\n );\n script_xref(name:\"VMSA\", value:\"2011-0003\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\");\n script_set_attribute(attribute:\"description\", value:\n\"a. vCenter Server and vCenter Update Manager update Microsoft\n SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express)\n distributed with vCenter Server 4.1 Update 1 and vCenter Update\n Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2\n to SQL Express Service Pack 3, to address multiple security\n issues that exist in the earlier releases of Microsoft SQL Express.\n\n Customers using other database solutions need not update for\n these issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,\n CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL\n Express Service Pack 3.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains\n logon credentials that can be read by unprivileged local users.\n\n The issue is resolved by removing the Manager application in\n vCenter 4.1 Update 1.\n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon\n credentials are not present in the configuration file after the\n update.\n\n VMware would like to thank Claudio Criscione of Secure Networking\n for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-2928 to this issue.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version\n 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,\n CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\n CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\n CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\n CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\n CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,\n CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,\n CVE-2010-0850.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following name to the security issue fixed in\n Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version\n 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,\n CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,\n CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555,\n CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,\n CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,\n CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,\n CVE-2010-3574.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple\n security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i\n and CVE-2009-3548.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.\n\nf. vCenter Server third-party component OpenSSL updated to version\n 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to\n 0.9.8n.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-0740 and CVE-2010-0433 to the\n issues addressed in this version of OpenSSL.\n\ng. ESX third-party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-3864 and CVE-2010-2939 to the\n issues addressed in this update.\n\nh. ESXi third-party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-0734 to the issues addressed in\n this update.\n\ni. ESX third-party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3825 and CVE-2009-1384 to the\n issues addressed in the update.\n\nj. ESX third-party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version\n 2.6.18-194.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,\n CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,\n CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,\n CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,\n CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,\n CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,\n CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and\n CVE-2010-3081 to the issues addressed in the update.\n\n Notes :\n - The update also addresses the 64-bit compatibility mode\n stack pointer underflow issue identified by CVE-2010-3081. This\n issue was patched in an ESX 4.1 patch prior to the release of\n ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.\n - The update also addresses CVE-2010-2240 for ESX 4.0.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2011/000140.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Plugin Command Line Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(20, 22, 119, 189, 200, 255, 264, 287, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2011-02-10\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201103401-SG\",\n patch_updates : make_list(\"ESX400-201104401-SG\", \"ESX400-201110401-SG\", \"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201103403-SG\",\n patch_updates : make_list(\"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201101201-SG\",\n patch_updates : make_list(\"ESX40-TO-ESX41UPDATE01\", \"ESX410-201104401-SG\", \"ESX410-201110201-SG\", \"ESX410-201201401-SG\", \"ESX410-201204401-SG\", \"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update01\", \"ESX410-Update02\", \"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0\",\n patch : \"ESXi400-201103401-SG\",\n patch_updates : make_list(\"ESXi400-201104401-SG\", \"ESXi400-201110401-SG\", \"ESXi400-201203401-SG\", \"ESXi400-201205401-SG\", \"ESXi400-201206401-SG\", \"ESXi400-201209401-SG\", \"ESXi400-201302401-SG\", \"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\", \"ESXi400-Update03\", \"ESXi400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201101201-SG\",\n patch_updates : make_list(\"ESXi410-201104401-SG\", \"ESXi410-201110201-SG\", \"ESXi410-201201401-SG\", \"ESXi410-201204401-SG\", \"ESXi410-201205401-SG\", \"ESXi410-201206401-SG\", \"ESXi410-201208101-SG\", \"ESXi410-201211401-SG\", \"ESXi410-201301401-SG\", \"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\", \"ESXi410-Update01\", \"ESXi410-Update02\", \"ESXi410-Update03\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-26T08:55:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3825"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n pam_krb5\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65952", "href": "http://plugins.openvas.org/nasl.php?oid=65952", "type": "openvas", "title": "SLES10: Security update for pam_krb5", "sourceData": "#\n#VID slesp2-pam_krb5-5616\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for pam_krb5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n pam_krb5\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65952);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3825\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for pam_krb5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.3~18.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:17", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n pam_krb5\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for pam_krb5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065952", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065952", "sourceData": "#\n#VID slesp2-pam_krb5-5616\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for pam_krb5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n pam_krb5\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65952\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3825\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for pam_krb5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.3~18.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3825"], "description": "Check for the Version of pam_krb5", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830583", "href": "http://plugins.openvas.org/nasl.php?oid=830583", "type": "openvas", "title": "Mandriva Update for pam_krb5 MDVSA-2008:209 (pam_krb5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pam_krb5 MDVSA-2008:209 (pam_krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket\n configuration option where, if enabled and using an existing credential\n cache, it was possible for a local user to gain elevated privileges\n by using a different, local user's credential cache (CVE-2008-3825).\n\n The updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"pam_krb5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-10/msg00001.php\");\n script_id(830583);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:209\");\n script_cve_id(\"CVE-2008-3825\");\n script_name( \"Mandriva Update for pam_krb5 MDVSA-2008:209 (pam_krb5)\");\n\n script_summary(\"Check for the Version of pam_krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.11~2.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.11~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.11~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3825"], "description": "Oracle Linux Local Security Checks ELSA-2008-0907", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122551", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0907.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122551\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:47:48 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0907\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0907 - pam_krb5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0907\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0907.html\");\n script_cve_id(\"CVE-2008-3825\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.14~1.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-09T11:40:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3825"], "description": "Check for the Version of pam_krb5", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830583", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830583", "type": "openvas", "title": "Mandriva Update for pam_krb5 MDVSA-2008:209 (pam_krb5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pam_krb5 MDVSA-2008:209 (pam_krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket\n configuration option where, if enabled and using an existing credential\n cache, it was possible for a local user to gain elevated privileges\n by using a different, local user's credential cache (CVE-2008-3825).\n\n The updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"pam_krb5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-10/msg00001.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830583\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:209\");\n script_cve_id(\"CVE-2008-3825\");\n script_name( \"Mandriva Update for pam_krb5 MDVSA-2008:209 (pam_krb5)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pam_krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.11~2.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.11~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.11~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3825"], "description": "Check for the Version of pam_krb5", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860732", "href": "http://plugins.openvas.org/nasl.php?oid=860732", "type": "openvas", "title": "Fedora Update for pam_krb5 FEDORA-2008-8605", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pam_krb5 FEDORA-2008-8605\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pam_krb5 on Fedora 8\";\ntag_insight = \"This is pam_krb5, a pluggable authentication module that can be used with\n Linux-PAM and Kerberos 5. This module supports password checking, ticket\n creation, and optional TGT verification and conversion to Kerberos IV tickets.\n The included pam_krb5afs module also gets AFS tokens if so configured.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html\");\n script_id(860732);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-8605\");\n script_cve_id(\"CVE-2008-3825\");\n script_name( \"Fedora Update for pam_krb5 FEDORA-2008-8605\");\n\n script_summary(\"Check for the Version of pam_krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.18~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3825"], "description": "Check for the Version of pam_krb5", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870121", "type": "openvas", "title": "RedHat Update for pam_krb5 RHSA-2008:0907-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pam_krb5 RHSA-2008:0907-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware\n applications to use Kerberos to verify user identities by obtaining user\n credentials at log in time.\n\n A flaw was found in the pam_krb5 "existing_ticket" configuration option. If\n a system is configured to use an existing credential cache via the\n "existing_ticket" option, it may be possible for a local user to gain\n elevated privileges by using a different, local user's credential cache.\n (CVE-2008-3825)\n \n Red Hat would like to thank St\u00e9phane Bertin for responsibly disclosing this\n issue.\n \n Users of pam_krb5 should upgrade to this updated package, which contains a\n backported patch to resolve this issue.\";\n\ntag_affected = \"pam_krb5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-October/msg00005.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870121\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0907-01\");\n script_cve_id(\"CVE-2008-3825\");\n script_name( \"RedHat Update for pam_krb5 RHSA-2008:0907-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pam_krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.14~1.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_krb5-debuginfo\", rpm:\"pam_krb5-debuginfo~2.2.14~1.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3825"], "description": "Check for the Version of pam_krb5", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870121", "href": "http://plugins.openvas.org/nasl.php?oid=870121", "type": "openvas", "title": "RedHat Update for pam_krb5 RHSA-2008:0907-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pam_krb5 RHSA-2008:0907-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware\n applications to use Kerberos to verify user identities by obtaining user\n credentials at log in time.\n\n A flaw was found in the pam_krb5 "existing_ticket" configuration option. If\n a system is configured to use an existing credential cache via the\n "existing_ticket" option, it may be possible for a local user to gain\n elevated privileges by using a different, local user's credential cache.\n (CVE-2008-3825)\n \n Red Hat would like to thank St\u00e9phane Bertin for responsibly disclosing this\n issue.\n \n Users of pam_krb5 should upgrade to this updated package, which contains a\n backported patch to resolve this issue.\";\n\ntag_affected = \"pam_krb5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-October/msg00005.html\");\n script_id(870121);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0907-01\");\n script_cve_id(\"CVE-2008-3825\");\n script_name( \"RedHat Update for pam_krb5 RHSA-2008:0907-01\");\n\n script_summary(\"Check for the Version of pam_krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.2.14~1.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_krb5-debuginfo\", rpm:\"pam_krb5-debuginfo~2.2.14~1.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3825"], "description": "Check for the Version of pam_krb5", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860408", "href": "http://plugins.openvas.org/nasl.php?oid=860408", "type": "openvas", "title": "Fedora Update for pam_krb5 FEDORA-2008-8618", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pam_krb5 FEDORA-2008-8618\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pam_krb5 on Fedora 9\";\ntag_insight = \"This is pam_krb5, a pluggable authentication module that can be used with\n Linux-PAM and Kerberos 5. This module supports password checking, ticket\n creation, and optional TGT verification and conversion to Kerberos IV tickets.\n The included pam_krb5afs module also gets AFS tokens if so configured.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html\");\n script_id(860408);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-8618\");\n script_cve_id(\"CVE-2008-3825\");\n script_name( \"Fedora Update for pam_krb5 FEDORA-2008-8618\");\n\n script_summary(\"Check for the Version of pam_krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.3.0~2.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:37", "description": "The remote host is missing an update to pam_krb5\nannounced via advisory FEDORA-2009-6279.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-6279 (pam_krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825", "CVE-2009-1384"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64308", "href": "http://plugins.openvas.org/nasl.php?oid=64308", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6279.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6279 (pam_krb5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis updates the pam_krb5 package from version 2.3.2 to 2.3.5, fixing\nCVE-2009-1384: in certain configurations, the password prompt could vary\ndepending on whether or not the user account was known to the system or the KDC.\nIt also fixes a bug which prevented password change attempts from working if the\nKDC denied requests for password-changing credentials with settings which would\nbe used for login credentials, and makes the -n option for the afs5log\ncommand work as advertised.\n\nChangeLog:\n\n* Tue May 26 2009 Nalin Dahyabhai - 2.3.5-1\n- catch the case where we pass a NULL initial password into libkrb5 and\nit uses our callback to ask us for the password for the user using a\nprincipal name, and reject that (#502602)\n- always prompt for a password unless we were told not to (#502602,\nCVE-2009-1384)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update pam_krb5' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6279\";\ntag_summary = \"The remote host is missing an update to pam_krb5\nannounced via advisory FEDORA-2009-6279.\";\n\n\n\nif(description)\n{\n script_id(64308);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1384\", \"CVE-2008-3825\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 9 FEDORA-2009-6279 (pam_krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=502602\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.3.5~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pam_krb5-debuginfo\", rpm:\"pam_krb5-debuginfo~2.3.5~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:51", "description": "The remote host is missing an update to pam_krb5\nannounced via advisory FEDORA-2009-6279.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-6279 (pam_krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3825", "CVE-2009-1384"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064308", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064308", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6279.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6279 (pam_krb5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis updates the pam_krb5 package from version 2.3.2 to 2.3.5, fixing\nCVE-2009-1384: in certain configurations, the password prompt could vary\ndepending on whether or not the user account was known to the system or the KDC.\nIt also fixes a bug which prevented password change attempts from working if the\nKDC denied requests for password-changing credentials with settings which would\nbe used for login credentials, and makes the -n option for the afs5log\ncommand work as advertised.\n\nChangeLog:\n\n* Tue May 26 2009 Nalin Dahyabhai - 2.3.5-1\n- catch the case where we pass a NULL initial password into libkrb5 and\nit uses our callback to ask us for the password for the user using a\nprincipal name, and reject that (#502602)\n- always prompt for a password unless we were told not to (#502602,\nCVE-2009-1384)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update pam_krb5' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6279\";\ntag_summary = \"The remote host is missing an update to pam_krb5\nannounced via advisory FEDORA-2009-6279.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64308\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1384\", \"CVE-2008-3825\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 9 FEDORA-2009-6279 (pam_krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=502602\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"pam_krb5\", rpm:\"pam_krb5~2.3.5~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pam_krb5-debuginfo\", rpm:\"pam_krb5-debuginfo~2.3.5~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-04T11:28:01", "description": "The remote host is missing an update to cupsys\nannounced via advisory USN-707-1.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Ubuntu USN-707-1 (cupsys)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4444", "CVE-2008-5516", "CVE-2008-2383", "CVE-2007-4349", "CVE-2008-3818", "CVE-2007-4476", "CVE-2009-0053", "CVE-2008-5377", "CVE-2008-3825", "CVE-2008-2238", "CVE-2009-0021", "CVE-2008-5500", "CVE-2008-3997", "CVE-2008-5449", "CVE-2009-0054", "CVE-2008-4006", "CVE-2008-5077", "CVE-2008-5183", "CVE-2008-5718", "CVE-2008-5262", "CVE-2009-0050", "CVE-2008-5512", "CVE-2008-5286", "CVE-2008-2237", "CVE-2009-0055", "CVE-2008-5503", "CVE-2009-0056", "CVE-2008-3979", "CVE-2008-4314", "CVE-2008-5714", "CVE-2008-5511", "CVE-2008-5517", "CVE-2008-5508", "CVE-2008-2382", "CVE-2008-5184", "CVE-2008-5448", "CVE-2008-3821", "CVE-2008-5507", "CVE-2009-0025", "CVE-2008-5506", "CVE-2008-5256"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64165", "href": "http://plugins.openvas.org/nasl.php?oid=64165", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_707_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_707_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-707-1 (cupsys)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n cupsys 1.2.2-0ubuntu0.6.06.12\n\nUbuntu 7.10:\n cupsys 1.3.2-1ubuntu7.9\n\nUbuntu 8.04 LTS:\n cupsys 1.3.7-1ubuntu3.3\n\nUbuntu 8.10:\n cups 1.3.9-2ubuntu6.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-707-1\";\n\ntag_insight = \"It was discovered that CUPS didn't properly handle adding a large number of RSS\nsubscriptions. A local user could exploit this and cause CUPS to crash, leading\nto a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and\n8.10. (CVE-2008-5183)\n\nIt was discovered that CUPS did not authenticate users when adding and\ncancelling RSS subscriptions. An unprivileged local user could bypass intended\nrestrictions and add a large number of RSS subscriptions. This issue only\napplied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)\n\nIt was discovered that the PNG filter in CUPS did not properly handle certain\nmalformed images. If a user or automated system were tricked into opening a\ncrafted PNG image file, a remote attacker could cause a denial of service or\nexecute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10,\nattackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286)\n\nIt was discovered that the example pstopdf CUPS filter created log files in an\ninsecure way. Local users could exploit a race condition to create or overwrite\nfiles with the privileges of the user invoking the program. This issue only\napplied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377)\";\ntag_summary = \"The remote host is missing an update to cupsys\nannounced via advisory USN-707-1.\";\n\n \n\n\nif(description)\n{\n script_id(64165);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2008-5183\", \"CVE-2008-5184\", \"CVE-2008-5286\", \"CVE-2008-5377\", \"CVE-2009-0050\", \"CVE-2008-2383\", \"CVE-2007-4349\", \"CVE-2008-5077\", \"CVE-2009-0021\", \"CVE-2009-0025\", \"CVE-2008-5262\", \"CVE-2008-2237\", \"CVE-2008-2238\", \"CVE-2008-4314\", \"CVE-2008-5517\", \"CVE-2008-5516\", \"CVE-2008-3825\", \"CVE-2008-3997\", \"CVE-2008-4444\", \"CVE-2008-4006\", \"CVE-2008-5449\", \"CVE-2008-3979\", \"CVE-2008-3821\", \"CVE-2008-2382\", \"CVE-2008-5714\", \"CVE-2008-3818\", \"CVE-2009-0053\", \"CVE-2009-0054\", \"CVE-2009-0055\", \"CVE-2009-0056\", \"CVE-2008-5500\", \"CVE-2008-5503\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5256\", \"CVE-2008-5448\", \"CVE-2008-5718\", \"CVE-2007-4476\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-707-1 (cupsys)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-707-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-lasso\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso-java\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso3-dev\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-lasso\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso3\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7-dbg\", ver:\"0.9.7k-3.1etch2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7k-3.1etch2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-0\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg1\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc0\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc11\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres9\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns22\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-data\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-doc\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-gui\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs-ppds\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-dbg\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-common\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs1\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-gnome-support\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"netatalk\", ver:\"2.0.3-4+etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.15.1-2ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.18-2ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-19T16:08:51", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX Third party component updates (VMSA-2011-0003.2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0307", "CVE-2010-3562", "CVE-2010-0740", "CVE-2010-2066", "CVE-2010-0089", "CVE-2010-0008", "CVE-2010-0886", "CVE-2010-3557", "CVE-2010-1641", "CVE-2008-0106", "CVE-2010-2248", "CVE-2010-0088", "CVE-2010-2226", "CVE-2010-0410", "CVE-2010-3551", "CVE-2010-0730", "CVE-2010-0085", "CVE-2008-3825", "CVE-2010-0007", "CVE-2008-0086", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-2521", "CVE-2010-0087", "CVE-2010-1437", "CVE-2010-3566", "CVE-2010-2939", "CVE-2010-3565", "CVE-2010-0092", "CVE-2010-1187", "CVE-2010-3572", "CVE-2009-2693", "CVE-2010-0848", "CVE-2010-0291", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-3574", "CVE-2010-0415", "CVE-2010-1157", "CVE-2010-1084", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-3541", "CVE-2010-0845", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-2240", "CVE-2010-0837", "CVE-2009-2901", "CVE-2010-3559", "CVE-2010-1321", "CVE-2010-3081", "CVE-2010-3556", "CVE-2010-0734", "CVE-2010-0849", "CVE-2008-0085", "CVE-2010-3561", "CVE-2008-5416", "CVE-2010-2227", "CVE-2010-0091", "CVE-2010-0622", "CVE-2010-3549", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-0090", "CVE-2010-3554", "CVE-2010-0433", "CVE-2010-1436", "CVE-2010-2928", "CVE-2010-1173", "CVE-2010-0437", "CVE-2010-3864", "CVE-2010-0093", "CVE-2009-4308", "CVE-2008-0107", "CVE-2010-1088", "CVE-2009-1384", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-0003", "CVE-2010-1087", "CVE-2009-2902", "CVE-2010-3548", "CVE-2010-0843", "CVE-2010-3568", "CVE-2010-0084", "CVE-2010-0850", "CVE-2010-3569", "CVE-2009-3548"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103454", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103454", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103454\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2009-3548\", \"CVE-2010-2227\", \"CVE-2010-1157\", \"CVE-2010-2928\", \"CVE-2010-0734\", \"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2010-0008\", \"CVE-2010-0415\", \"CVE-2010-0437\", \"CVE-2009-4308\", \"CVE-2010-0003\", \"CVE-2010-0007\", \"CVE-2010-0307\", \"CVE-2010-1086\", \"CVE-2010-0410\", \"CVE-2010-0730\", \"CVE-2010-1085\", \"CVE-2010-0291\", \"CVE-2010-0622\", \"CVE-2010-1087\", \"CVE-2010-1173\", \"CVE-2010-1437\", \"CVE-2010-1088\", \"CVE-2010-1187\", \"CVE-2010-1436\", \"CVE-2010-1641\", \"CVE-2010-3081\", \"CVE-2010-2240\", \"CVE-2008-5416\", \"CVE-2008-0085\", \"CVE-2008-0086\", \"CVE-2008-0107\", \"CVE-2008-0106\", \"CVE-2010-0740\", \"CVE-2010-0433\", \"CVE-2010-3864\", \"CVE-2010-2939\", \"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\", \"CVE-2010-0850\", \"CVE-2010-0886\", \"CVE-2010-3556\", \"CVE-2010-3566\", \"CVE-2010-3567\", \"CVE-2010-3550\", \"CVE-2010-3561\", \"CVE-2010-3573\", \"CVE-2010-3565\", \"CVE-2010-3568\", \"CVE-2010-3569\", \"CVE-2010-1321\", \"CVE-2010-3548\", \"CVE-2010-3551\", \"CVE-2010-3562\", \"CVE-2010-3571\", \"CVE-2010-3554\", \"CVE-2010-3559\", \"CVE-2010-3572\", \"CVE-2010-3553\", \"CVE-2010-3549\", \"CVE-2010-3557\", \"CVE-2010-3541\", \"CVE-2010-3574\", \"CVE-2008-3825\", \"CVE-2009-1384\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX Third party component updates (VMSA-2011-0003.2)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 11:19:42 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2011-0003.html\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.\");\n\n script_tag(name:\"affected\", value:\"ESXi 4.1 without patch ESXi410-201101201-SG\n\n ESXi 4.0 without patch ESXi400-201103401-SG\n\n ESX 4.1 without patch ESX410-201101201-SG\n\n ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103403-SG\");\n\n script_tag(name:\"insight\", value:\"a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter\n Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address\n multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database\n solutions need not update for these issues.\n\n b. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local\n users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter\n 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\n c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache\n Tomcat\n\n f. vCenter Server third party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\n g. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n h. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n i. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n j. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"vmware_esx.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-201101201-SG\",\n \"4.0.0\", \"ESXi400-201103401-SG\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-10-30T10:48:18", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.\n\nSummary\n\nUpdate 1 for vCenter Server 4.x, vCenter Update Manager 4.x, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1,\naddresses several security issues.\n\nRelevant releases\n\nvCenter Server 4.1 without Update 1,\nvCenter Server 4.0 without Update 3,\nvCenter Update Manager 4.1 without Update 1,\nvCenter Update Manager 4.0 without Update 3,\nESXi 4.1 without patch ESXi410-201101201-SG,\nESXi 4.0 without patch ESXi400-201103401-SG.\nESX 4.1 without patch ESX410-201101201-SG.\nESX 4.0 without patches ESX400-201103401-SG, ESX400-201103403-SG.\n \nProblem Description\n\na. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter\n Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address\n multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database\n solutions need not update for these issues.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local\n users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter\n 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache\n Tomcat\n\nf. vCenter Server third party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\ng. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\nh. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\ni. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\nj. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0307", "CVE-2010-3562", "CVE-2010-0740", "CVE-2010-2066", "CVE-2010-0089", "CVE-2010-0008", "CVE-2010-0886", "CVE-2010-3557", "CVE-2010-1641", "CVE-2008-0106", "CVE-2010-2248", "CVE-2010-0088", "CVE-2010-2226", "CVE-2010-0410", "CVE-2010-3551", "CVE-2010-0730", "CVE-2010-0085", "CVE-2008-3825", "CVE-2010-0007", "CVE-2008-0086", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-2521", "CVE-2010-0087", "CVE-2010-1437", "CVE-2010-3566", "CVE-2010-2939", "CVE-2010-3565", "CVE-2010-0092", "CVE-2010-1187", "CVE-2010-3572", "CVE-2009-2693", "CVE-2010-0848", "CVE-2010-0291", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-3574", "CVE-2010-0415", "CVE-2010-1157", "CVE-2010-1084", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-3541", "CVE-2010-0845", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-2240", "CVE-2010-0837", "CVE-2009-2901", "CVE-2010-3559", "CVE-2010-1321", "CVE-2010-3081", "CVE-2010-3556", "CVE-2010-0734", "CVE-2010-0849", "CVE-2008-0085", "CVE-2010-3561", "CVE-2008-5416", "CVE-2010-2227", "CVE-2010-0091", "CVE-2010-0622", "CVE-2010-3549", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-0090", "CVE-2010-3554", "CVE-2010-0433", "CVE-2010-1436", "CVE-2010-2928", "CVE-2010-1173", "CVE-2010-0437", "CVE-2010-3864", "CVE-2010-0093", "CVE-2009-4308", "CVE-2008-0107", "CVE-2010-1088", "CVE-2009-1384", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-0003", "CVE-2010-1087", "CVE-2009-2902", "CVE-2010-3548", "CVE-2010-0843", "CVE-2010-3568", "CVE-2010-0084", "CVE-2010-0850", "CVE-2010-3569", "CVE-2009-3548"], "modified": "2017-10-26T00:00:00", "id": "OPENVAS:103454", "href": "http://plugins.openvas.org/nasl.php?oid=103454", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2011-0003.nasl 7583 2017-10-26 12:07:01Z cfischer $\n#\n# VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Apply the missing patch(es).\n\nSee Also:\nhttp://www.vmware.com/security/advisories/VMSA-2011-0003.html\";\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.\n\nSummary\n\nUpdate 1 for vCenter Server 4.x, vCenter Update Manager 4.x, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1,\naddresses several security issues.\n\nRelevant releases\n\nvCenter Server 4.1 without Update 1,\nvCenter Server 4.0 without Update 3,\nvCenter Update Manager 4.1 without Update 1,\nvCenter Update Manager 4.0 without Update 3,\nESXi 4.1 without patch ESXi410-201101201-SG,\nESXi 4.0 without patch ESXi400-201103401-SG.\nESX 4.1 without patch ESX410-201101201-SG.\nESX 4.0 without patches ESX400-201103401-SG, ESX400-201103403-SG.\n \nProblem Description\n\na. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter\n Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address\n multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database\n solutions need not update for these issues.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local\n users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter\n 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache\n Tomcat\n\nf. vCenter Server third party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\ng. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\nh. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\ni. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\nj. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\";\n\n\nif (description)\n{\n script_id(103454);\n script_cve_id(\"CVE-2009-2693\",\"CVE-2009-2901\",\"CVE-2009-2902\",\"CVE-2009-3548\",\"CVE-2010-2227\",\"CVE-2010-1157\",\"CVE-2010-2928\",\"CVE-2010-0734\",\"CVE-2010-1084\",\"CVE-2010-2066\",\"CVE-2010-2070\",\"CVE-2010-2226\",\"CVE-2010-2248\",\"CVE-2010-2521\",\"CVE-2010-2524\",\"CVE-2010-0008\",\"CVE-2010-0415\",\"CVE-2010-0437\",\"CVE-2009-4308\",\"CVE-2010-0003\",\"CVE-2010-0007\",\"CVE-2010-0307\",\"CVE-2010-1086\",\"CVE-2010-0410\",\"CVE-2010-0730\",\"CVE-2010-1085\",\"CVE-2010-0291\",\"CVE-2010-0622\",\"CVE-2010-1087\",\"CVE-2010-1173\",\"CVE-2010-1437\",\"CVE-2010-1088\",\"CVE-2010-1187\",\"CVE-2010-1436\",\"CVE-2010-1641\",\"CVE-2010-3081\",\"CVE-2010-2240\",\"CVE-2008-5416\",\"CVE-2008-0085\",\"CVE-2008-0086\",\"CVE-2008-0107\",\"CVE-2008-0106\",\"CVE-2010-0740\",\"CVE-2010-0433\",\"CVE-2010-3864\",\"CVE-2010-2939\",\"CVE-2009-3555\",\"CVE-2010-0082\",\"CVE-2010-0084\",\"CVE-2010-0085\",\"CVE-2010-0087\",\"CVE-2010-0088\",\"CVE-2010-0089\",\"CVE-2010-0090\",\"CVE-2010-0091\",\"CVE-2010-0092\",\"CVE-2010-0093\",\"CVE-2010-0094\",\"CVE-2010-0095\",\"CVE-2010-0837\",\"CVE-2010-0838\",\"CVE-2010-0839\",\"CVE-2010-0840\",\"CVE-2010-0841\",\"CVE-2010-0842\",\"CVE-2010-0843\",\"CVE-2010-0844\",\"CVE-2010-0845\",\"CVE-2010-0846\",\"CVE-2010-0847\",\"CVE-2010-0848\",\"CVE-2010-0849\",\"CVE-2010-0850\",\"CVE-2010-0886\",\"CVE-2010-3556\",\"CVE-2010-3566\",\"CVE-2010-3567\",\"CVE-2010-3550\",\"CVE-2010-3561\",\"CVE-2010-3573\",\"CVE-2010-3565\",\"CVE-2010-3568\",\"CVE-2010-3569\",\"CVE-2010-1321\",\"CVE-2010-3548\",\"CVE-2010-3551\",\"CVE-2010-3562\",\"CVE-2010-3571\",\"CVE-2010-3554\",\"CVE-2010-3559\",\"CVE-2010-3572\",\"CVE-2010-3553\",\"CVE-2010-3549\",\"CVE-2010-3557\",\"CVE-2010-3541\",\"CVE-2010-3574\",\"CVE-2008-3825\",\"CVE-2009-1384\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 7583 $\");\n script_name(\"VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 14:07:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 11:19:42 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\"); # Used in _esxi_patch_missing()\ninclude(\"vmware_esx.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.1.0\",\"ESXi410-201101201-SG\",\n \"4.0.0\",\"ESXi400-201103401-SG\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-21T04:42:15", "description": "The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware\napplications to use Kerberos to verify user identities by obtaining user\ncredentials at log in time.\n\nA flaw was found in the pam_krb5 \"existing_ticket\" configuration option. If\na system is configured to use an existing credential cache via the\n\"existing_ticket\" option, it may be possible for a local user to gain\nelevated privileges by using a different, local user's credential cache.\n(CVE-2008-3825)\n\nRed Hat would like to thank Stephane Bertin for responsibly disclosing this\nissue.\n\nUsers of pam_krb5 should upgrade to this updated package, which contains a\nbackported patch to resolve this issue.", "cvss3": {}, "published": "2008-10-02T00:00:00", "type": "redhat", "title": "(RHSA-2008:0907) Moderate: pam_krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3825"], "modified": "2017-09-08T08:19:49", "id": "RHSA-2008:0907", "href": "https://access.redhat.com/errata/RHSA-2008:0907", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:57", "description": "[2.2.14-1.el5_2.1]\n- add backported fix for ccache permissions bypass when the existing_ticket\n option is used (CVE-2008-3825, #462112)", "cvss3": {}, "published": "2008-10-02T00:00:00", "type": "oraclelinux", "title": "pam_krb5 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-3825"], "modified": "2008-10-02T00:00:00", "id": "ELSA-2008-0907", "href": "http://linux.oracle.com/errata/ELSA-2008-0907.html", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "This is pam_krb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV ticke ts. The included pam_krb5afs module also gets AFS tokens if so configured. ", "cvss3": {}, "published": "2008-10-03T22:34:17", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: pam_krb5-2.2.18-2.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3825"], "modified": "2008-10-03T22:34:17", "id": "FEDORA:ED0DC208DA0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TI7TY7QWV4CSPKAZ2DYUPM2MMMAR3VVG/", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "description": "This is pam_krb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV ticke ts. The included pam_krb5afs module also gets AFS tokens if so configured. ", "cvss3": {}, "published": "2009-06-27T03:02:32", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: pam_krb5-2.3.5-1.fc9", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3825", "CVE-2009-1384"], "modified": "2009-06-27T03:02:32", "id": "FEDORA:B2A4F10F808", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WP5YMKXPKK4HNCD3Y7NLOTC5KBZHJNQN/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:42:16", "description": "pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.", "cvss3": {}, "published": "2008-10-03T15:07:00", "type": "cve", "title": "CVE-2008-3825", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3825"], "modified": "2018-10-11T20:49:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux_desktop:5"], "id": "CVE-2008-3825", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3825", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:5:unknown:server:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5:unknown:client:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-3825"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2008:209\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pam_krb5\r\n Date : October 3, 2008\r\n Affected: 2007.1, 2008.0, 2008.1\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n StĂ\u00a9phane Bertin discovered a flaw in the pam_krb5 existing_ticket\r\n configuration option where, if enabled and using an existing credential\r\n cache, it was possible for a local user to gain elevated privileges\r\n by using a different, local user's credential cache (CVE-2008-3825).\r\n \r\n The updated packages have been patched to prevent this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2007.1:\r\n 92901a92d669d10831a2357da8ac3ff8 2007.1/i586/pam_krb5-2.2.11-2.1mdv2007.1.i586.rpm \r\n e8ba90e174669b8b43bf0bbf9c61831f 2007.1/SRPMS/pam_krb5-2.2.11-2.1mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n 63e366f352ed36d5e6b7b87a84d25d33 2007.1/x86_64/pam_krb5-2.2.11-2.1mdv2007.1.x86_64.rpm \r\n e8ba90e174669b8b43bf0bbf9c61831f 2007.1/SRPMS/pam_krb5-2.2.11-2.1mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2008.0:\r\n d5d6796b990f19316ee7a53d87745d63 2008.0/i586/pam_krb5-2.2.11-2.1mdv2008.0.i586.rpm \r\n 8b2d51b298306d43dfde2fe6f9cb0860 2008.0/SRPMS/pam_krb5-2.2.11-2.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 5cb8c3f5768cdc475bfa81e14244856b 2008.0/x86_64/pam_krb5-2.2.11-2.1mdv2008.0.x86_64.rpm \r\n 8b2d51b298306d43dfde2fe6f9cb0860 2008.0/SRPMS/pam_krb5-2.2.11-2.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.1:\r\n 2d30041830c5c3db19a23e096a968426 2008.1/i586/pam_krb5-2.2.11-2.1mdv2008.1.i586.rpm \r\n 2d1f96e821e05ddba6ffe3d1cee2247b 2008.1/SRPMS/pam_krb5-2.2.11-2.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n d07f560edf337af6279a888fd695aa49 2008.1/x86_64/pam_krb5-2.2.11-2.1mdv2008.1.x86_64.rpm \r\n 2d1f96e821e05ddba6ffe3d1cee2247b 2008.1/SRPMS/pam_krb5-2.2.11-2.1mdv2008.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFI5nytmqjQ0CJFipgRAsqfAJ9gUQ/XJ8nhzX294hQulpz0ULJtuwCZAV0K\r\ny4avzIV2yDHQt6qdOPEh7Pc=\r\n=IVkL\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2008-10-06T00:00:00", "published": "2008-10-06T00:00:00", "id": "SECURITYVULNS:DOC:20658", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20658", "title": "[ MDVSA-2008:209 ] pam_krb5", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-3825"], "description": "Privilege escalation is possible if existing_ticket credentials caching option is used.", "edition": 1, "modified": "2008-10-06T00:00:00", "published": "2008-10-06T00:00:00", "id": "SECURITYVULNS:VULN:9334", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9334", "title": "pam_krb5 privilege escalation", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2022-02-27T12:04:00", "description": "**CentOS Errata and Security Advisory** CESA-2008:0907\n\n\nThe pam_krb5 module allows Pluggable Authentication Modules (PAM) aware\napplications to use Kerberos to verify user identities by obtaining user\ncredentials at log in time.\n\nA flaw was found in the pam_krb5 \"existing_ticket\" configuration option. If\na system is configured to use an existing credential cache via the\n\"existing_ticket\" option, it may be possible for a local user to gain\nelevated privileges by using a different, local user's credential cache.\n(CVE-2008-3825)\n\nRed Hat would like to thank Stephane Bertin for responsibly disclosing this\nissue.\n\nUsers of pam_krb5 should upgrade to this updated package, which contains a\nbackported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2008-October/052224.html\nhttps://lists.centos.org/pipermail/centos-announce/2008-October/052225.html\n\n**Affected packages:**\npam_krb5\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2008:0907", "cvss3": {}, "published": "2008-10-05T17:32:46", "type": "centos", "title": "pam_krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3825"], "modified": "2008-10-05T17:32:46", "id": "CESA-2008:0907", "href": "https://lists.centos.org/pipermail/centos-announce/2008-October/052224.html", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}]}
[SECURITY] Fedora 9 Update: pam_krb5-2.3.0-2.fc9
