krb5 -- requires_preauth bypass in PKINIT-enabled KDC
2015-05-25T00:00:00
ID 406636FE-055D-11E5-AAB1-D050996490D0 Type freebsd Reporter FreeBSD Modified 2015-05-25T00:00:00
Description
MIT reports:
In MIT krb5 1.12 and later, when the KDC is configured
with PKINIT support, an unauthenticated remote attacker
can bypass the requires_preauth flag on a client principal
and obtain a ciphertext encrypted in the principal's
long-term key. This ciphertext could be used to conduct
an off-line dictionary attack against the user's password.
{"nessus": [{"lastseen": "2021-08-19T12:45:45", "description": "Security fix for CVE-2015-2694\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-12T00:00:00", "type": "nessus", "title": "Fedora 22 : krb5-1.13.1-3.fc22 (2015-7866)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2694"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:krb5", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-7866.NASL", "href": "https://www.tenable.com/plugins/nessus/83340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-7866.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83340);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-2694\");\n script_xref(name:\"FEDORA\", value:\"2015-7866\");\n\n script_name(english:\"Fedora 22 : krb5-1.13.1-3.fc22 (2015-7866)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-2694\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1216133\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157787.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb3b0f39\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"krb5-1.13.1-3.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:45:39", "description": "MIT reports :\n\nIn MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-29T00:00:00", "type": "nessus", "title": "FreeBSD : krb5 -- requires_preauth bypass in PKINIT-enabled KDC (406636fe-055d-11e5-aab1-d050996490d0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2694"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:krb5", "p-cpe:/a:freebsd:freebsd:krb5-112", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_406636FE055D11E5AAB1D050996490D0.NASL", "href": "https://www.tenable.com/plugins/nessus/83901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83901);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-2694\");\n\n script_name(english:\"FreeBSD : krb5 -- requires_preauth bypass in PKINIT-enabled KDC (406636fe-055d-11e5-aab1-d050996490d0)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MIT reports :\n\nIn MIT krb5 1.12 and later, when the KDC is configured with PKINIT\nsupport, an unauthenticated remote attacker can bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be\nused to conduct an off-line dictionary attack against the user's\npassword.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160\"\n );\n # https://vuxml.freebsd.org/freebsd/406636fe-055d-11e5-aab1-d050996490d0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52da1a12\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:krb5-112\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"krb5<1.13.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"krb5-112<1.12.3_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:43:57", "description": "Updated krb5 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos. An unauthenticated remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password. (CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#1203889)\n\nNotably, this update fixes the following bugs :\n\n* Previously, the RADIUS support (libkrad) in krb5 was sending krb5 authentication for Transmission Control Protocol (TCP) transports multiple times, accidentally using a code path intended to be used only for unreliable transport types, for example User Datagram Protocol (UDP) transports. A patch that fixes the problem by disabling manual retries for reliable transports, such as TCP, has been applied, and the correct code path is now used in this situation. (BZ#1251586)\n\n* Attempts to use Kerberos single sign-on (SSO) to access SAP NetWeaver systems sometimes failed. The SAP NetWeaver developer trace displayed the following error message :\n\nNo credentials were supplied, or the credentials were unavailable or inaccessible Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger credential acquisition, thus preventing the error from occurring. Now, the user can successfully use Kerberos SSO for accessing SAP NetWeaver systems. (BZ#1252454)\n\nAll krb5 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2015-12-02T00:00:00", "type": "nessus", "title": "CentOS 7 : krb5 (CESA-2015:2154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-devel", "p-cpe:/a:centos:centos:krb5-libs", "p-cpe:/a:centos:centos:krb5-pkinit", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-server-ldap", "p-cpe:/a:centos:centos:krb5-workstation", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-2154.NASL", "href": "https://www.tenable.com/plugins/nessus/87136", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2154 and \n# CentOS Errata and Security Advisory 2015:2154 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87136);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-5355\", \"CVE-2015-2694\");\n script_xref(name:\"RHSA\", value:\"2015:2154\");\n\n script_name(english:\"CentOS 7 : krb5 (CESA-2015:2154)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system, which can improve the\nsecurity of your network by eliminating the insecure practice of\nsending passwords over the network in unencrypted form. It allows\nclients and servers to authenticate to each other with the help of a\ntrusted third party, the Kerberos key distribution center (KDC).\n\nIt was found that the krb5_read_message() function of MIT Kerberos did\nnot correctly sanitize input, and could create invalid krb5_data\nobjects. A remote, unauthenticated attacker could use this flaw to\ncrash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos. An\nunauthenticated remote attacker could use this flaw to bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be\nused to conduct an off-line dictionary attack against the user's\npassword. (CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#1203889)\n\nNotably, this update fixes the following bugs :\n\n* Previously, the RADIUS support (libkrad) in krb5 was sending krb5\nauthentication for Transmission Control Protocol (TCP) transports\nmultiple times, accidentally using a code path intended to be used\nonly for unreliable transport types, for example User Datagram\nProtocol (UDP) transports. A patch that fixes the problem by disabling\nmanual retries for reliable transports, such as TCP, has been applied,\nand the correct code path is now used in this situation. (BZ#1251586)\n\n* Attempts to use Kerberos single sign-on (SSO) to access SAP\nNetWeaver systems sometimes failed. The SAP NetWeaver developer trace\ndisplayed the following error message :\n\nNo credentials were supplied, or the credentials were unavailable or\ninaccessible Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger\ncredential acquisition, thus preventing the error from occurring. Now,\nthe user can successfully use Kerberos SSO for accessing SAP NetWeaver\nsystems. (BZ#1252454)\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002350.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88c2fe05\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2694\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"krb5-devel-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"krb5-libs-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"krb5-pkinit-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"krb5-server-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"krb5-server-ldap-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"krb5-workstation-1.13.2-10.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:43:54", "description": "From Red Hat Security Advisory 2015:2154 :\n\nUpdated krb5 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos. An unauthenticated remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password. (CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#1203889)\n\nNotably, this update fixes the following bugs :\n\n* Previously, the RADIUS support (libkrad) in krb5 was sending krb5 authentication for Transmission Control Protocol (TCP) transports multiple times, accidentally using a code path intended to be used only for unreliable transport types, for example User Datagram Protocol (UDP) transports. A patch that fixes the problem by disabling manual retries for reliable transports, such as TCP, has been applied, and the correct code path is now used in this situation. (BZ#1251586)\n\n* Attempts to use Kerberos single sign-on (SSO) to access SAP NetWeaver systems sometimes failed. The SAP NetWeaver developer trace displayed the following error message :\n\nNo credentials were supplied, or the credentials were unavailable or inaccessible Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger credential acquisition, thus preventing the error from occurring. Now, the user can successfully use Kerberos SSO for accessing SAP NetWeaver systems. (BZ#1252454)\n\nAll krb5 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : krb5 (ELSA-2015-2154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-pkinit", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-2154.NASL", "href": "https://www.tenable.com/plugins/nessus/87026", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2154 and \n# Oracle Linux Security Advisory ELSA-2015-2154 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87026);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-5355\", \"CVE-2015-2694\");\n script_xref(name:\"RHSA\", value:\"2015:2154\");\n\n script_name(english:\"Oracle Linux 7 : krb5 (ELSA-2015-2154)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2154 :\n\nUpdated krb5 packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system, which can improve the\nsecurity of your network by eliminating the insecure practice of\nsending passwords over the network in unencrypted form. It allows\nclients and servers to authenticate to each other with the help of a\ntrusted third party, the Kerberos key distribution center (KDC).\n\nIt was found that the krb5_read_message() function of MIT Kerberos did\nnot correctly sanitize input, and could create invalid krb5_data\nobjects. A remote, unauthenticated attacker could use this flaw to\ncrash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos. An\nunauthenticated remote attacker could use this flaw to bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be\nused to conduct an off-line dictionary attack against the user's\npassword. (CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#1203889)\n\nNotably, this update fixes the following bugs :\n\n* Previously, the RADIUS support (libkrad) in krb5 was sending krb5\nauthentication for Transmission Control Protocol (TCP) transports\nmultiple times, accidentally using a code path intended to be used\nonly for unreliable transport types, for example User Datagram\nProtocol (UDP) transports. A patch that fixes the problem by disabling\nmanual retries for reliable transports, such as TCP, has been applied,\nand the correct code path is now used in this situation. (BZ#1251586)\n\n* Attempts to use Kerberos single sign-on (SSO) to access SAP\nNetWeaver systems sometimes failed. The SAP NetWeaver developer trace\ndisplayed the following error message :\n\nNo credentials were supplied, or the credentials were unavailable or\ninaccessible Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger\ncredential acquisition, thus preventing the error from occurring. Now,\nthe user can successfully use Kerberos SSO for accessing SAP NetWeaver\nsystems. (BZ#1252454)\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005557.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"krb5-devel-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"krb5-libs-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"krb5-pkinit-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"krb5-server-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"krb5-server-ldap-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"krb5-workstation-1.13.2-10.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:44:00", "description": "Updated krb5 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos. An unauthenticated remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password. (CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#1203889)\n\nNotably, this update fixes the following bugs :\n\n* Previously, the RADIUS support (libkrad) in krb5 was sending krb5 authentication for Transmission Control Protocol (TCP) transports multiple times, accidentally using a code path intended to be used only for unreliable transport types, for example User Datagram Protocol (UDP) transports. A patch that fixes the problem by disabling manual retries for reliable transports, such as TCP, has been applied, and the correct code path is now used in this situation. (BZ#1251586)\n\n* Attempts to use Kerberos single sign-on (SSO) to access SAP NetWeaver systems sometimes failed. The SAP NetWeaver developer trace displayed the following error message :\n\nNo credentials were supplied, or the credentials were unavailable or inaccessible Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger credential acquisition, thus preventing the error from occurring. Now, the user can successfully use Kerberos SSO for accessing SAP NetWeaver systems. (BZ#1252454)\n\nAll krb5 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-19T00:00:00", "type": "nessus", "title": "RHEL 7 : krb5 (RHSA-2015:2154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo", "p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-pkinit", "p-cpe:/a:redhat:enterprise_linux:krb5-server", "p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-2154.NASL", "href": "https://www.tenable.com/plugins/nessus/86933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2154. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86933);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2014-5355\", \"CVE-2015-2694\");\n script_xref(name:\"RHSA\", value:\"2015:2154\");\n\n script_name(english:\"RHEL 7 : krb5 (RHSA-2015:2154)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system, which can improve the\nsecurity of your network by eliminating the insecure practice of\nsending passwords over the network in unencrypted form. It allows\nclients and servers to authenticate to each other with the help of a\ntrusted third party, the Kerberos key distribution center (KDC).\n\nIt was found that the krb5_read_message() function of MIT Kerberos did\nnot correctly sanitize input, and could create invalid krb5_data\nobjects. A remote, unauthenticated attacker could use this flaw to\ncrash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos. An\nunauthenticated remote attacker could use this flaw to bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be\nused to conduct an off-line dictionary attack against the user's\npassword. (CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#1203889)\n\nNotably, this update fixes the following bugs :\n\n* Previously, the RADIUS support (libkrad) in krb5 was sending krb5\nauthentication for Transmission Control Protocol (TCP) transports\nmultiple times, accidentally using a code path intended to be used\nonly for unreliable transport types, for example User Datagram\nProtocol (UDP) transports. A patch that fixes the problem by disabling\nmanual retries for reliable transports, such as TCP, has been applied,\nand the correct code path is now used in this situation. (BZ#1251586)\n\n* Attempts to use Kerberos single sign-on (SSO) to access SAP\nNetWeaver systems sometimes failed. The SAP NetWeaver developer trace\ndisplayed the following error message :\n\nNo credentials were supplied, or the credentials were unavailable or\ninaccessible Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger\ncredential acquisition, thus preventing the error from occurring. Now,\nthe user can successfully use Kerberos SSO for accessing SAP NetWeaver\nsystems. (BZ#1252454)\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-5355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2694\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2154\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"krb5-debuginfo-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"krb5-devel-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"krb5-libs-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"krb5-pkinit-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"krb5-pkinit-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"krb5-server-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"krb5-server-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"krb5-server-ldap-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"krb5-server-ldap-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"krb5-workstation-1.13.2-10.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"krb5-workstation-1.13.2-10.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:43:39", "description": "A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.", "cvss3": {"score": null, "vector": null}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : krb5 (ALAS-2015-624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:krb5-debuginfo", "p-cpe:/a:amazon:linux:krb5-devel", "p-cpe:/a:amazon:linux:krb5-libs", "p-cpe:/a:amazon:linux:krb5-pkinit-openssl", "p-cpe:/a:amazon:linux:krb5-server", "p-cpe:/a:amazon:linux:krb5-server-ldap", "p-cpe:/a:amazon:linux:krb5-workstation", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-624.NASL", "href": "https://www.tenable.com/plugins/nessus/87350", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-624.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87350);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-5355\", \"CVE-2015-2694\");\n script_xref(name:\"ALAS\", value:\"2015-624\");\n\n script_name(english:\"Amazon Linux AMI : krb5 (ALAS-2015-624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A\nremote attacker could use this flaw to bypass the requires_preauth\nflag on a client principal and obtain a ciphertext encrypted in the\nprincipal's long-term key. This ciphertext could be used to conduct an\noff-line dictionary attack against the user's password.\n\nIt was found that the krb5_read_message() function of MIT Kerberos did\nnot correctly sanitize input, and could create invalid krb5_data\nobjects. A remote, unauthenticated attacker could use this flaw to\ncrash a Kerberos child process via a specially crafted request.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-624.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update krb5' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"krb5-debuginfo-1.13.2-10.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-devel-1.13.2-10.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-libs-1.13.2-10.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-pkinit-openssl-1.13.2-10.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-server-1.13.2-10.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-server-ldap-1.13.2-10.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-workstation-1.13.2-10.39.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit-openssl / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:43:46", "description": "It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos. An unauthenticated remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password. (CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which provides a number of bug fixes and enhancements over the previous version.\n\nNotably, this update fixes the following bugs :\n\n - Previously, the RADIUS support (libkrad) in krb5 was sending krb5 authentication for Transmission Control Protocol (TCP) transports multiple times, accidentally using a code path intended to be used only for unreliable transport types, for example User Datagram Protocol (UDP) transports. A patch that fixes the problem by disabling manual retries for reliable transports, such as TCP, has been applied, and the correct code path is now used in this situation.\n\n - Attempts to use Kerberos single sign-on (SSO) to access SAP NetWeaver systems sometimes failed. The SAP NetWeaver developer trace displayed the following error message :\n\nNo credentials were supplied, or the credentials were unavailable or inaccessible Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger credential acquisition, thus preventing the error from occurring. Now, the user can successfully use Kerberos SSO for accessing SAP NetWeaver systems.", "cvss3": {"score": null, "vector": null}, "published": "2015-12-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : krb5 on SL7.x x86_64 (20151119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:krb5-debuginfo", "p-cpe:/a:fermilab:scientific_linux:krb5-devel", "p-cpe:/a:fermilab:scientific_linux:krb5-libs", "p-cpe:/a:fermilab:scientific_linux:krb5-pkinit", "p-cpe:/a:fermilab:scientific_linux:krb5-server", "p-cpe:/a:fermilab:scientific_linux:krb5-server-ldap", "p-cpe:/a:fermilab:scientific_linux:krb5-workstation", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151119_KRB5_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87560", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87560);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-5355\", \"CVE-2015-2694\");\n\n script_name(english:\"Scientific Linux Security Update : krb5 on SL7.x x86_64 (20151119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the krb5_read_message() function of MIT Kerberos did\nnot correctly sanitize input, and could create invalid krb5_data\nobjects. A remote, unauthenticated attacker could use this flaw to\ncrash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos. An\nunauthenticated remote attacker could use this flaw to bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be\nused to conduct an off-line dictionary attack against the user's\npassword. (CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which\nprovides a number of bug fixes and enhancements over the previous\nversion.\n\nNotably, this update fixes the following bugs :\n\n - Previously, the RADIUS support (libkrad) in krb5 was\n sending krb5 authentication for Transmission Control\n Protocol (TCP) transports multiple times, accidentally\n using a code path intended to be used only for\n unreliable transport types, for example User Datagram\n Protocol (UDP) transports. A patch that fixes the\n problem by disabling manual retries for reliable\n transports, such as TCP, has been applied, and the\n correct code path is now used in this situation.\n\n - Attempts to use Kerberos single sign-on (SSO) to access\n SAP NetWeaver systems sometimes failed. The SAP\n NetWeaver developer trace displayed the following error\n message :\n\nNo credentials were supplied, or the credentials were unavailable or\ninaccessible Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger\ncredential acquisition, thus preventing the error from occurring. Now,\nthe user can successfully use Kerberos SSO for accessing SAP NetWeaver\nsystems.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=12350\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8a48acc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"krb5-debuginfo-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"krb5-devel-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"krb5-libs-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"krb5-pkinit-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"krb5-server-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"krb5-server-ldap-1.13.2-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"krb5-workstation-1.13.2-10.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:45:25", "description": "Security fix for CVE-2015-2694 Security fix for CVE-2014-5353 (this was fixed in an older build but the announcement was lost)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "Fedora 21 : krb5-1.12.2-17.fc21 (2015-7878)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5353", "CVE-2015-2694"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:krb5", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-7878.NASL", "href": "https://www.tenable.com/plugins/nessus/84305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-7878.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84305);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5353\", \"CVE-2015-2694\");\n script_xref(name:\"FEDORA\", value:\"2015-7878\");\n\n script_name(english:\"Fedora 21 : krb5-1.12.2-17.fc21 (2015-7878)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-2694 Security fix for CVE-2014-5353 (this\nwas fixed in an older build but the announcement was lost)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1174543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1216133\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160546.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a22b643\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"krb5-1.12.2-17.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:45:03", "description": "krb5 was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457).\n\n - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458).\n\n - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595).\n\n - CVE-2015-2694: OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass (bsc#928978).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : krb5 (SUSE-SU-2015:1276-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5353", "CVE-2014-5354", "CVE-2014-5355", "CVE-2015-2694"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:krb5", "p-cpe:/a:novell:suse_linux:krb5-client", "p-cpe:/a:novell:suse_linux:krb5-client-debuginfo", "p-cpe:/a:novell:suse_linux:krb5-debuginfo", "p-cpe:/a:novell:suse_linux:krb5-debugsource", "p-cpe:/a:novell:suse_linux:krb5-doc", "p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp-debuginfo", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit-debuginfo", "p-cpe:/a:novell:suse_linux:krb5-server", "p-cpe:/a:novell:suse_linux:krb5-server-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1276-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1276-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84914);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-5353\", \"CVE-2014-5354\", \"CVE-2014-5355\", \"CVE-2015-2694\");\n script_bugtraq_id(71679, 71680, 74042, 74824);\n\n script_name(english:\"SUSE SLES12 Security Update : krb5 (SUSE-SU-2015:1276-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"krb5 was updated to fix four security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-5353: NULL pointer dereference when using a\n ticket policy name as password name (bsc#910457).\n\n - CVE-2014-5354: NULL pointer dereference when using\n keyless entries (bsc#910458).\n\n - CVE-2014-5355: Denial of service in krb5_read_message\n (bsc#918595).\n\n - CVE-2015-2694: OTP and PKINIT kdcpreauth modules leading\n to requires_preauth bypass (bsc#928978).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5354/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5355/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2694/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151276-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e834cd3a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-335=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-335=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-client-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-client-debuginfo-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-debuginfo-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-debugsource-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-doc-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-plugin-kdb-ldap-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-plugin-kdb-ldap-debuginfo-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-plugin-preauth-otp-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-plugin-preauth-otp-debuginfo-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-plugin-preauth-pkinit-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-plugin-preauth-pkinit-debuginfo-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-server-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-server-debuginfo-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-32bit-1.12.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"krb5-debuginfo-32bit-1.12.1-16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:44:05", "description": "It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443)\n\nIt was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5355)\n\nIt was discovered that the Kerberos kdcpreauth modules incorrectly tracked certain client requests. A remote attacker could possibly use this issue to bypass intended preauthentication requirements. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694)\n\nIt was discovered that Kerberos incorrectly handled certain SPNEGO packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2695)\n\nIt was discovered that Kerberos incorrectly handled certain IAKERB packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2696, CVE-2015-2698)\n\nIt was discovered that Kerberos incorrectly handled certain TGS requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2697).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-13T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : krb5 vulnerabilities (USN-2810-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-2443", "CVE-2014-5355", "CVE-2015-2694", "CVE-2015-2695", "CVE-2015-2696", "CVE-2015-2697", "CVE-2015-2698"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-k5tls", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap", "p-cpe:/a:canonical:ubuntu_linux:krb5-otp", "p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2", "p-cpe:/a:canonical:ubuntu_linux:libgssrpc4", "p-cpe:/a:canonical:ubuntu_linux:libk5crypto3", "p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit8", "p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit9", "p-cpe:/a:canonical:ubuntu_linux:libkdb5-6", "p-cpe:/a:canonical:ubuntu_linux:libkdb5-7", "p-cpe:/a:canonical:ubuntu_linux:libkdb5-8", "p-cpe:/a:canonical:ubuntu_linux:libkrad0", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-3", "p-cpe:/a:canonical:ubuntu_linux:libkrb53", "p-cpe:/a:canonical:ubuntu_linux:libkrb5support0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2810-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2810-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86872);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2002-2443\", \"CVE-2014-5355\", \"CVE-2015-2694\", \"CVE-2015-2695\", \"CVE-2015-2696\", \"CVE-2015-2697\", \"CVE-2015-2698\");\n script_xref(name:\"USN\", value:\"2810-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : krb5 vulnerabilities (USN-2810-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Kerberos kpasswd service incorrectly\nhandled certain UDP packets. A remote attacker could possibly use this\nissue to cause resource consumption, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443)\n\nIt was discovered that Kerberos incorrectly handled null bytes in\ncertain data fields. A remote attacker could possibly use this issue\nto cause a denial of service. This issue only affected Ubuntu 12.04\nLTS and Ubuntu 14.04 LTS. (CVE-2014-5355)\n\nIt was discovered that the Kerberos kdcpreauth modules incorrectly\ntracked certain client requests. A remote attacker could possibly use\nthis issue to bypass intended preauthentication requirements. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694)\n\nIt was discovered that Kerberos incorrectly handled certain SPNEGO\npackets. A remote attacker could possibly use this issue to cause a\ndenial of service. (CVE-2015-2695)\n\nIt was discovered that Kerberos incorrectly handled certain IAKERB\npackets. A remote attacker could possibly use this issue to cause a\ndenial of service. (CVE-2015-2696, CVE-2015-2698)\n\nIt was discovered that Kerberos incorrectly handled certain TGS\nrequests. A remote attacker could possibly use this issue to cause a\ndenial of service. (CVE-2015-2697).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2810-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-k5tls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssrpc4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libk5crypto3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdb5-6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdb5-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdb5-8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrad0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5support0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"krb5-kdc\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"krb5-user\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libgssapi-krb5-2\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libgssrpc4\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libk5crypto3\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libkadm5clnt-mit8\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libkdb5-6\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libkrb5-3\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libkrb53\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libkrb5support0\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"krb5-kdc\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"krb5-otp\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"krb5-user\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libgssapi-krb5-2\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libgssrpc4\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libk5crypto3\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libkadm5clnt-mit9\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libkdb5-7\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libkrad0\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libkrb5-3\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libkrb5support0\", pkgver:\"1.12+dfsg-2ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"krb5-kdc\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"krb5-otp\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"krb5-user\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libgssapi-krb5-2\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libgssrpc4\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libk5crypto3\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libkadm5clnt-mit9\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libkdb5-7\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libkrad0\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libkrb5-3\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libkrb5support0\", pkgver:\"1.12.1+dfsg-18ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"krb5-k5tls\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"krb5-kdc\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"krb5-otp\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"krb5-pkinit\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"krb5-user\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libgssapi-krb5-2\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libgssrpc4\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libk5crypto3\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libkadm5clnt-mit9\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libkdb5-8\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libkrad0\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libkrb5-3\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libkrb5support0\", pkgver:\"1.13.2+dfsg-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-k5tls / krb5-kdc / krb5-kdc-ldap / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:54:41", "description": "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x\nbefore 1.13.2 do not properly track whether a client's request has been\nvalidated, which allows remote attackers to bypass an intended\npreauthentication requirement by providing (1) zero bytes of data or (2) an\narbitrary realm name, related to plugins/preauth/otp/main.c and\nplugins/preauth/pkinit/pkinit_srv.c.\n\n#### Bugs\n\n * <http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | affects 1.12 and later\n", "cvss3": {}, "published": "2015-05-25T00:00:00", "type": "ubuntucve", "title": "CVE-2015-2694", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2694"], "modified": "2015-05-25T00:00:00", "id": "UB:CVE-2015-2694", "href": "https://ubuntu.com/security/CVE-2015-2694", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. ", "edition": 2, "cvss3": {}, "published": "2015-05-11T19:02:55", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: krb5-1.13.1-3.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2694"], "modified": "2015-05-11T19:02:55", "id": "FEDORA:AE3846087866", "href": "", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. ", "edition": 2, "cvss3": {}, "published": "2015-06-21T00:28:50", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: krb5-1.12.2-17.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5352", "CVE-2014-5353", "CVE-2014-5354", "CVE-2014-5355", "CVE-2014-9421", "CVE-2014-9422", "CVE-2014-9423", "CVE-2015-2694"], "modified": "2015-06-21T00:28:50", "id": "FEDORA:31B116271E2A", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-07T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2015-7866", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869488", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2015-7866\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869488\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:20:00 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-2694\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for krb5 FEDORA-2015-7866\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'krb5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"krb5 on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-7866\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157787.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.13.1~3.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:01", "description": "Oracle Linux Local Security Checks ELSA-2015-2154", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2154", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122742", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2154.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122742\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:19 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2154\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2154 - krb5 security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2154\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2154.html\");\n script_cve_id(\"CVE-2014-5355\", \"CVE-2015-2694\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.13.2~10.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.13.2~10.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-pkinit\", rpm:\"krb5-pkinit~1.13.2~10.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.13.2~10.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.13.2~10.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.13.2~10.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-20T00:00:00", "type": "openvas", "title": "RedHat Update for krb5 RHSA-2015:2154-07", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871493", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for krb5 RHSA-2015:2154-07\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871493\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:22:41 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2014-5355\", \"CVE-2015-2694\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for krb5 RHSA-2015:2154-07\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'krb5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kerberos is a network authentication system,\nwhich can improve the security of your network by eliminating the insecure practice\nof sending passwords over the network in unencrypted form. It allows clients and\nservers to authenticate to each other with the help of a trusted third party, the\nKerberos key distribution center (KDC).\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not\ncorrectly sanitize input, and could create invalid krb5_data objects.\nA remote, unauthenticated attacker could use this flaw to crash a Kerberos\nchild process via a specially crafted request. (CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos.\nAn unauthenticated remote attacker could use this flaw to bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be used\nto conduct an off-line dictionary attack against the user's password.\n(CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#1203889)\n\nNotably, this update fixes the following bugs:\n\n * Previously, the RADIUS support (libkrad) in krb5 was sending krb5\nauthentication for Transmission Control Protocol (TCP) transports multiple\ntimes, accidentally using a code path intended to be used only for\nunreliable transport types, for example User Datagram Protocol (UDP)\ntransports. A patch that fixes the problem by disabling manual retries for\nreliable transports, such as TCP, has been applied, and the correct code\npath is now used in this situation. (BZ#1251586)\n\n * Attempts to use Kerberos single sign-on (SSO) to access SAP NetWeaver\nsystems sometimes failed. The SAP NetWeaver developer trace displayed the\nfollowing error message:\n\n No credentials were supplied, or the credentials were\n unavailable or inaccessible\n Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger credential\nacquisition, thus preventing the error from occurring. Now, the user can\nsuccessfully use Kerberos SSO for accessing SAP NetWeaver systems.\n(BZ#1252454)\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.\");\n script_tag(name:\"affected\", value:\"krb5 on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2154-07\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00026.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.13.2~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.13.2~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.13.2~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit\", rpm:\"krb5-pkinit~1.13.2~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.13.2~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.13.2~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.13.2~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-03-17T22:58:39", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120614", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120614", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120614\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:51:26 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-624)\");\n script_tag(name:\"insight\", value:\"A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\");\n script_tag(name:\"solution\", value:\"Run yum update krb5 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-624.html\");\n script_cve_id(\"CVE-2015-2694\", \"CVE-2014-5355\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.13.2~10.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.13.2~10.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.13.2~10.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.13.2~10.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.13.2~10.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.13.2~10.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.13.2~10.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.13.2~10.39.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for krb5 USN-2810-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2696", "CVE-2014-5355", "CVE-2015-2695", "CVE-2015-2697", "CVE-2015-2698", "CVE-2015-2694", "CVE-2002-2443"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842532", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for krb5 USN-2810-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842532\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-13 06:30:22 +0100 (Fri, 13 Nov 2015)\");\n script_cve_id(\"CVE-2002-2443\", \"CVE-2014-5355\", \"CVE-2015-2694\", \"CVE-2015-2695\",\n \"CVE-2015-2696\", \"CVE-2015-2698\", \"CVE-2015-2697\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for krb5 USN-2810-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'krb5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Kerberos kpasswd\nservice incorrectly handled certain UDP packets. A remote attacker could possibly\nuse this issue to cause resource consumption, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443)\n\nIt was discovered that Kerberos incorrectly handled null bytes in certain\ndata fields. A remote attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2014-5355)\n\nIt was discovered that the Kerberos kdcpreauth modules incorrectly tracked\ncertain client requests. A remote attacker could possibly use this issue\nto bypass intended preauthentication requirements. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694)\n\nIt was discovered that Kerberos incorrectly handled certain SPNEGO packets.\nA remote attacker could possibly use this issue to cause a denial of\nservice. (CVE-2015-2695)\n\nIt was discovered that Kerberos incorrectly handled certain IAKERB packets.\nA remote attacker could possibly use this issue to cause a denial of\nservice. (CVE-2015-2696, CVE-2015-2698)\n\nIt was discovered that Kerberos incorrectly handled certain TGS requests. A\nremote attacker could possibly use this issue to cause a denial of service.\n(CVE-2015-2697)\");\n script_tag(name:\"affected\", value:\"krb5 on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2810-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2810-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-otp:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-otp:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit9:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit9:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-7:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-7:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrad0:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrad0:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0:amd64\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0:i386\", ver:\"1.12.1+dfsg-18ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-otp:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-otp:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit9:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit9:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-7:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-7:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrad0:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrad0:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0:amd64\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0:i386\", ver:\"1.12+dfsg-2ubuntu5.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit8\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-6\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0\", ver:\"1.10+dfsg~beta1-2ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-k5tls\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-otp:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-otp:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit9:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit9:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-8:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-8:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrad0:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrad0:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0:amd64\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0:i386\", ver:\"1.13.2+dfsg-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-06-21T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2015-7878", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5354", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2015-2694", "CVE-2014-9423"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869458", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869458", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2015-7878\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869458\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-21 05:55:12 +0200 (Sun, 21 Jun 2015)\");\n script_cve_id(\"CVE-2015-2694\", \"CVE-2014-5353\", \"CVE-2014-5355\", \"CVE-2014-5352\", \"CVE-2014-9421\", \"CVE-2014-9422\", \"CVE-2014-9423\", \"CVE-2014-5354\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for krb5 FEDORA-2015-7878\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'krb5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"krb5 on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-7878\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160546.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.12.2~17.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-02-25T00:40:42", "description": "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", "cvss3": {}, "published": "2015-05-25T19:59:00", "type": "debiancve", "title": "CVE-2015-2694", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2694"], "modified": "2015-05-25T19:59:00", "id": "DEBIANCVE:CVE-2015-2694", "href": "https://security-tracker.debian.org/tracker/CVE-2015-2694", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:18:28", "description": "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", "cvss3": {}, "published": "2015-05-25T19:59:00", "type": "cve", "title": "CVE-2015-2694", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2694"], "modified": "2020-01-21T15:46:00", "cpe": ["cpe:/a:mit:kerberos_5:1.12.2", "cpe:/a:mit:kerberos_5:1.13.1", "cpe:/a:mit:kerberos_5:1.12.3", "cpe:/a:mit:kerberos_5:1.12.1", "cpe:/a:mit:kerberos_5:1.12", "cpe:/a:mit:kerberos_5:1.13"], "id": "CVE-2015-2694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2694", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*"]}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "description": "- CVE-2014-5355 (denial of service)\n\nWhen a server process uses the krb5_recvauth function, an\nunauthenticated remote attacker can cause a NULL dereference by sending\na zero-byte version string, or a read beyond the end of allocated\nstorage by sending a non-null-terminated version string. The example\nuser-to-user server application (uuserver) is similarly vulnerable to a\nzero-length or non-null-terminated principal name string.\n\nThe krb5_recvauth function reads two version strings from the client\nusing krb5_read_message(), which produces a krb5_data structure\ncontaining a length and a pointer to an octet sequence. krb5_recvaut\nassumes that the data pointer is a valid C string and passes it to\nstrcmp() to verify the versions. If the client sends an empty octet\nsequence, the data pointer will be NULL and strcmp() will dereference a\nNULL pointer, causing the process to crash. If the client sends a\nnon-null-terminated octet sequence, strcmp() will read beyond the end of\nthe allocated storage, possibly causing the process to crash.\n\n- CVE-2015-2694 (preauthentication requirement bypass)\n\nIt has been discovered that, when the KDC is configured with PKINIT\nsupport, an unauthenticated remote attacker can bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be\nused to conduct an off-line dictionary attack against the user's password.", "edition": 2, "cvss3": {}, "published": "2015-07-12T00:00:00", "type": "archlinux", "title": "krb5: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2015-07-12T00:00:00", "id": "ASA-201507-10", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-02T18:44:36", "description": "- CVE-2014-5355 (denial of service)\n\nWhen a server process uses the krb5_recvauth function, an\nunauthenticated remote attacker can cause a NULL dereference by sending\na zero-byte version string, or a read beyond the end of allocated\nstorage by sending a non-null-terminated version string. The example\nuser-to-user server application (uuserver) is similarly vulnerable to a\nzero-length or non-null-terminated principal name string.\n\nThe krb5_recvauth function reads two version strings from the client\nusing krb5_read_message(), which produces a krb5_data structure\ncontaining a length and a pointer to an octet sequence. krb5_recvaut\nassumes that the data pointer is a valid C string and passes it to\nstrcmp() to verify the versions. If the client sends an empty octet\nsequence, the data pointer will be NULL and strcmp() will dereference a\nNULL pointer, causing the process to crash. If the client sends a\nnon-null-terminated octet sequence, strcmp() will read beyond the end of\nthe allocated storage, possibly causing the process to crash.\n\n- CVE-2015-2694 (preauthentication requirement bypass)\n\nIt has been discovered that, when the KDC is configured with PKINIT\nsupport, an unauthenticated remote attacker can bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be\nused to conduct an off-line dictionary attack against the user's password.", "edition": 2, "cvss3": {}, "published": "2015-07-12T00:00:00", "type": "archlinux", "title": "lib32-krb5: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2015-07-12T00:00:00", "id": "ASA-201507-11", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "amazon": [{"lastseen": "2021-07-25T19:29:02", "description": "**Issue Overview:**\n\nA flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n\n \n**Affected Packages:** \n\n\nkrb5\n\n \n**Issue Correction:** \nRun _yum update krb5_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 krb5-server-1.13.2-10.39.amzn1.i686 \n \u00a0\u00a0\u00a0 krb5-libs-1.13.2-10.39.amzn1.i686 \n \u00a0\u00a0\u00a0 krb5-debuginfo-1.13.2-10.39.amzn1.i686 \n \u00a0\u00a0\u00a0 krb5-workstation-1.13.2-10.39.amzn1.i686 \n \u00a0\u00a0\u00a0 krb5-server-ldap-1.13.2-10.39.amzn1.i686 \n \u00a0\u00a0\u00a0 krb5-devel-1.13.2-10.39.amzn1.i686 \n \u00a0\u00a0\u00a0 krb5-pkinit-openssl-1.13.2-10.39.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 krb5-1.13.2-10.39.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 krb5-devel-1.13.2-10.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 krb5-pkinit-openssl-1.13.2-10.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 krb5-debuginfo-1.13.2-10.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 krb5-server-1.13.2-10.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 krb5-workstation-1.13.2-10.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 krb5-libs-1.13.2-10.39.amzn1.x86_64 \n \u00a0\u00a0\u00a0 krb5-server-ldap-1.13.2-10.39.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {}, "published": "2015-12-14T10:00:00", "type": "amazon", "title": "Medium: krb5", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2015-12-13T14:23:00", "id": "ALAS-2015-624", "href": "https://alas.aws.amazon.com/ALAS-2015-624.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2021-10-21T04:45:07", "description": "Kerberos is a network authentication system, which can improve the security\nof your network by eliminating the insecure practice of sending passwords\nover the network in unencrypted form. It allows clients and servers to\nauthenticate to each other with the help of a trusted third party, the\nKerberos key distribution center (KDC).\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not\ncorrectly sanitize input, and could create invalid krb5_data objects.\nA remote, unauthenticated attacker could use this flaw to crash a Kerberos\nchild process via a specially crafted request. (CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos.\nAn unauthenticated remote attacker could use this flaw to bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be used\nto conduct an off-line dictionary attack against the user's password.\n(CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#1203889)\n\nNotably, this update fixes the following bugs:\n\n* Previously, the RADIUS support (libkrad) in krb5 was sending krb5\nauthentication for Transmission Control Protocol (TCP) transports multiple\ntimes, accidentally using a code path intended to be used only for\nunreliable transport types, for example User Datagram Protocol (UDP)\ntransports. A patch that fixes the problem by disabling manual retries for\nreliable transports, such as TCP, has been applied, and the correct code\npath is now used in this situation. (BZ#1251586)\n\n* Attempts to use Kerberos single sign-on (SSO) to access SAP NetWeaver\nsystems sometimes failed. The SAP NetWeaver developer trace displayed the\nfollowing error message:\n\n No credentials were supplied, or the credentials were\n unavailable or inaccessible\n Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger credential\nacquisition, thus preventing the error from occurring. Now, the user can\nsuccessfully use Kerberos SSO for accessing SAP NetWeaver systems.\n(BZ#1252454)\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.", "cvss3": {}, "published": "2015-11-19T14:40:51", "type": "redhat", "title": "(RHSA-2015:2154) Moderate: krb5 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2018-04-11T23:31:31", "id": "RHSA-2015:2154", "href": "https://access.redhat.com/errata/RHSA-2015:2154", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:20:49", "description": "[1.13.2-9]\n- Add patch and test case for 'KDC does not return proper\n client principal for client referrals'\n- Resolves: #1259846\n[1.13.2-9]\n- Ammend patch for RedHat bug #1252454 ('testsuite complains\n 'Lifetime has increased by 32436 sec while 0 sec passed!',\n while rhel5-libkrb5 passes') to handle the newly introduced\n valgrind hits.\n[1.13.2-8]\n- Add a patch to fix RH Bug #1250154 ('[s390x, ppc64, ppc64le]:\n kadmind does not accept ACL if kadm5.acl does not end with EOL')\n The code 'accidently' works on x86/AMD64 because declaring a\n variable |char| results in an |unsigned char| by default while\n most other platforms (e.g. { s390x, ppc64, ppc64le, ...})\n default to |signed char| (still have to use lint(1) to clean\n up 38 more instances of this kind of bug).\n[1.13.2-7]\n- Obsolete multilib versions of server packages to fix RH\n bug #1251913 ('krb5 should obsolete the multilib versions\n of krb5-server and krb5-server-ldap').\n The following packages are declared obsolete:\n - krb5-server-1.11.3-49.el7.i686\n - krb5-server-1.11.3-49.el7.ppc\n - krb5-server-1.11.3-49.el7.s390\n - krb5-server-ldap-1.11.3-49.el7.i686\n - krb5-server-ldap-1.11.3-49.el7.ppc\n - krb5-server-ldap-1.11.3-49.el7.s390\n[1.13.2-6]\n- Add a patch to fix RedHat bug #1252454 ('testsuite complains\n 'Lifetime has increased by 32436 sec while 0 sec passed!',\n while rhel5-libkrb5 passes') so that krb5 resolves GSS creds\n if |time_rec| is requested.\n[1.13.2-5]\n- Add a patch to fix RedHat bug #1251586 ('KDC sends multiple\n requests to ipa-otpd for the same authentication') which causes\n the KDC to send multiple retries to ipa-otpd for TCP transports\n while it should only be done for UDP.\n[1.13.2-4]\n- the rebase to krb5 1.13.2 in vers 1.13.2-0 also fixed:\n - Redhat Bug #1247761 ('RFE: Minor krb5 spec file cleanup and sync\n with recent Fedora 22/23 changes')\n - Redhat Bug #1247751 ('krb5-config returns wrong -specs path')\n - Redhat Bug #1247608 ('Add support for multi-hop preauth mechs\n via |KDC_ERR_MORE_PREAUTH_DATA_REQUIRED| for RFC 6113 ('A\n Generalized Framework for Kerberos Pre-Authentication')')\n- Removed 'krb5-1.10-kprop-mktemp.patch' and\n 'krb5-1.3.4-send-pr-tempfile.patch', both are no longer used since\n the rebase to krb5 1.13.1\n[1.13.2-3]\n- Add patch to fix Redhat Bug #1222903 ('[SELinux] AVC denials may appear\n when kadmind starts'). The issue was caused by an unneeded |htons()|\n which triggered SELinux AVC denials due to the 'random' port usage.\n[1.13.2-2]\n- Add fix for RedHat Bug #1164304 ('Upstream unit tests loads\n the installed shared libraries instead the ones from the build')\n[1.13.2-1]\n- the rebase to krb5 1.13.1 in vers 1.13.1-0 also fixed:\n - Bug 1144498 ('Fix the race condition in the libkrb5 replay cache')\n - Bug 1163402 ('kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64')\n - Bug 1185770 ('Missing upstream test in krb5-1.12.2: src/tests/gssapi/t_invalid.c')\n - Bug 1204211 ('CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and other')\n[1.13.2-0]\n- Update to krb5-1.13.2\n - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2\n - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2\n[1.13.1-2]\n- the rebase to krb5 1.13.1 in vers 1.13.1-0 also fixed RH\n bug #1156144 ('krb5 upstream test t_kdb.py failure')\n[1.13.1-1]\n- fix for CVE-2015-2694 (#1218020) 'requires_preauth bypass\n in PKINIT-enabled KDC'.\n In MIT krb5 1.12 and later, when the KDC is configured with\n PKINIT support, an unauthenticated remote attacker can\n bypass the requires_preauth flag on a client principal and\n obtain a ciphertext encrypted in the principal's long-term\n key. This ciphertext could be used to conduct an off-line\n dictionary attack against the user's password.\n[1.13.1-0]\n- Update to krb5-1.13.1\n - patch krb5-1.12-selinux-label was updated and renamed to krb5-1.13-selinux-label\n - patch krb5-1.11-dirsrv-accountlock was updated and renamed to krb5-1.13-dirsrv-accountlock\n - drop patch for krb5-1.12-pwdch-fast, fixed in krb5-1.13\n - drop patch for krb5-1.12ish-kpasswd_tcp, fixed in krb5-1.13\n - drop patch for krb5-master-rcache-internal-const, no longer needed\n - drop patch for krb5-master-rcache-acquirecred-cleanup, no longer needed\n - drop patch for krb5-master-rcache-acquirecred-source, no longer needed\n - drop patch for krb5-master-rcache-acquirecred-test, no longer needed\n - drop patch for krb5-master-move-otp-sockets, no longer needed\n - drop patch for krb5-master-mechd, no longer needed\n - drop patch for krb5-master-strdupcheck, no longer needed\n - drop patch for krb5-master-compatible-keys, no longer needed\n - drop patch for krb5-1.12-system-exts, fixed in krb5-1.13\n - drop patch for 0001-In-ksu-merge-krb5_ccache_copy-and-_restricted, no longer needed\n - drop patch for 0002-In-ksu-don-t-stat-not-on-disk-ccache-residuals, no longer needed\n - drop patch for 0003-Use-an-intermediate-memory-cache-in-ksu, no longer needed\n - drop patch for 0004-Make-ksu-respect-the-default_ccache_name-setting, no longer needed\n - drop patch for 0005-Copy-config-entries-to-the-ksu-target-ccache, no longer needed\n - drop patch for 0006-Use-more-randomness-for-ksu-secondary-cache-names, no longer needed\n - drop patch for 0007-Make-krb5_cc_new_unique-create-DIR-directories, no longer needed\n - drop patch for krb5-1.12-kpasswd-skip-address-check, fixed in krb5-1.13\n - drop patch for 0000-Refactor-cm-functions-in-sendto_kdc.c, no longer needed\n - drop patch for 0001-Simplify-sendto_kdc.c, no longer needed\n - drop patch for 0002-Add-helper-to-determine-if-a-KDC-is-the-master, no longer needed\n - drop patch for 0003-Use-k5_transport-_strategy-enums-for-k5_sendto, no longer needed\n - drop patch for 0004-Build-support-for-TLS-used-by-HTTPS-proxy-support, no longer needed\n - drop patch for 0005-Add-ASN.1-codec-for-KKDCP-s-KDC-PROXY-MESSAGE, no longer needed\n - drop patch for 0006-Dispatch-style-protocol-switching-for-transport, no longer needed\n - drop patch for 0007-HTTPS-transport-Microsoft-KKDCPP-implementation, no longer needed\n - drop patch for 0008-Load-custom-anchors-when-using-KKDCP, no longer needed\n - drop patch for 0009-Check-names-in-the-server-s-cert-when-using-KKDCP, no longer needed\n - drop patch for 0010-Add-some-longer-form-docs-for-HTTPS, no longer needed\n - drop patch for 0011-Have-k5test.py-provide-runenv-to-python-tests, no longer needed\n - drop patch for 0012-Add-a-simple-KDC-proxy-test-server, no longer needed\n - drop patch for 0013-Add-tests-for-MS-KKDCP-client-support, no longer needed\n - drop patch for krb5-1.12ish-tls-plugins, fixed in krb5-1.13.1\n - drop patch for krb5-1.12-nodelete-plugins, fixed in krb5-1.13.1\n - drop patch for krb5-1.12-ksu-untyped-default-ccache-name, fixed in krb5-1.13.1\n - drop patch for krb5-1.12-ksu-no-ccache, fixed in krb5-1.13.1\n - drop patch for krb5-ksu_not_working_with_default_principal, fixed in krb5-1.13.1\n - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1\n - drop patch for CVE_2014_5354_support_keyless_principals_in_ldap, fixed in krb5-1.13.1\n - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1\n - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1\n - added patch krb5-1.14-Support-KDC_ERR_MORE_PREAUTH_DATA_REQUIRED\n - added patch krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling\n- Minor spec cleanup", "cvss3": {}, "published": "2015-11-23T00:00:00", "type": "oraclelinux", "title": "krb5 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2015-11-23T00:00:00", "id": "ELSA-2015-2154", "href": "http://linux.oracle.com/errata/ELSA-2015-2154.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "centos": [{"lastseen": "2022-02-27T16:06:34", "description": "**CentOS Errata and Security Advisory** CESA-2015:2154\n\n\nKerberos is a network authentication system, which can improve the security\nof your network by eliminating the insecure practice of sending passwords\nover the network in unencrypted form. It allows clients and servers to\nauthenticate to each other with the help of a trusted third party, the\nKerberos key distribution center (KDC).\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not\ncorrectly sanitize input, and could create invalid krb5_data objects.\nA remote, unauthenticated attacker could use this flaw to crash a Kerberos\nchild process via a specially crafted request. (CVE-2014-5355)\n\nA flaw was found in the OTP kdcpreauth module of MIT kerberos.\nAn unauthenticated remote attacker could use this flaw to bypass the\nrequires_preauth flag on a client principal and obtain a ciphertext\nencrypted in the principal's long-term key. This ciphertext could be used\nto conduct an off-line dictionary attack against the user's password.\n(CVE-2015-2694)\n\nThe krb5 packages have been upgraded to upstream version 1.13.2, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#1203889)\n\nNotably, this update fixes the following bugs:\n\n* Previously, the RADIUS support (libkrad) in krb5 was sending krb5\nauthentication for Transmission Control Protocol (TCP) transports multiple\ntimes, accidentally using a code path intended to be used only for\nunreliable transport types, for example User Datagram Protocol (UDP)\ntransports. A patch that fixes the problem by disabling manual retries for\nreliable transports, such as TCP, has been applied, and the correct code\npath is now used in this situation. (BZ#1251586)\n\n* Attempts to use Kerberos single sign-on (SSO) to access SAP NetWeaver\nsystems sometimes failed. The SAP NetWeaver developer trace displayed the\nfollowing error message:\n\n No credentials were supplied, or the credentials were\n unavailable or inaccessible\n Unable to establish the security context\n\nQuerying SSO credential lifetime has been modified to trigger credential\nacquisition, thus preventing the error from occurring. Now, the user can\nsuccessfully use Kerberos SSO for accessing SAP NetWeaver systems.\n(BZ#1252454)\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2015-November/015240.html\n\n**Affected packages:**\nkrb5-devel\nkrb5-libs\nkrb5-pkinit\nkrb5-server\nkrb5-server-ldap\nkrb5-workstation\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:2154", "cvss3": {}, "published": "2015-11-30T19:36:32", "type": "centos", "title": "krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5355", "CVE-2015-2694"], "modified": "2015-11-30T19:36:32", "id": "CESA-2015:2154", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2015-November/015240.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "ubuntu": [{"lastseen": "2022-01-04T12:33:19", "description": "It was discovered that the Kerberos kpasswd service incorrectly handled \ncertain UDP packets. A remote attacker could possibly use this issue to \ncause resource consumption, resulting in a denial of service. This issue \nonly affected Ubuntu 12.04 LTS. (CVE-2002-2443)\n\nIt was discovered that Kerberos incorrectly handled null bytes in certain \ndata fields. A remote attacker could possibly use this issue to cause a \ndenial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu \n14.04 LTS. (CVE-2014-5355)\n\nIt was discovered that the Kerberos kdcpreauth modules incorrectly tracked \ncertain client requests. A remote attacker could possibly use this issue \nto bypass intended preauthentication requirements. This issue only affected \nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694)\n\nIt was discovered that Kerberos incorrectly handled certain SPNEGO packets. \nA remote attacker could possibly use this issue to cause a denial of \nservice. (CVE-2015-2695)\n\nIt was discovered that Kerberos incorrectly handled certain IAKERB packets. \nA remote attacker could possibly use this issue to cause a denial of \nservice. (CVE-2015-2696, CVE-2015-2698)\n\nIt was discovered that Kerberos incorrectly handled certain TGS requests. A \nremote attacker could possibly use this issue to cause a denial of service. \n(CVE-2015-2697)\n", "cvss3": {}, "published": "2015-11-12T00:00:00", "type": "ubuntu", "title": "Kerberos vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2696", "CVE-2014-5355", "CVE-2002-2443", "CVE-2015-2695", "CVE-2015-2694", "CVE-2015-2697", "CVE-2015-2698"], "modified": "2015-11-12T00:00:00", "id": "USN-2810-1", "href": "https://ubuntu.com/security/notices/USN-2810-1", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}]}