Lucene search

K

Debian DLA-2166-1 : libpam-krb5 security update

Debian libpam-krb5 buffer overflow fix for remote code executio

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2020-10595
31 Mar 202012:36
cvelist
Tenable Nessus
Ubuntu 16.04 LTS / 18.04 LTS : pam-krb5 vulnerability (USN-4314-1)
2 Apr 202000:00
nessus
Tenable Nessus
Debian DSA-4648-1 : libpam-krb5 - security update
2 Apr 202000:00
nessus
RedhatCVE
CVE-2020-10595
6 Apr 202014:05
redhatcve
OSV
libpam-krb5 - security update
1 Apr 202000:00
osv
OSV
CVE-2020-10595
31 Mar 202013:15
osv
OSV
libpam-krb5 - security update
31 Mar 202000:00
osv
ArchLinux
[ASA-202004-5] pam-krb5: arbitrary code execution
1 Apr 202000:00
archlinux
NVD
CVE-2020-10595
31 Mar 202013:15
nvd
OpenVAS
Debian: Security Advisory (DLA-2166-1)
2 Apr 202000:00
openvas
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2166-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(135101);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/20");

  script_cve_id("CVE-2020-10595");

  script_name(english:"Debian DLA-2166-1 : libpam-krb5 security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The krb5 PAM module (pam_krb5.so) had a buffer overflow that might
have caused remote code execution in situations involving supplemental
prompting by a Kerberos library. It might have overflown a buffer
provided by the underlying Kerberos library by a single '\0' byte if
an attacker responded to a prompt with an answer of a carefully chosen
length. The effect may have ranged from heap corruption to stack
corruption depending on the structure of the underlying Kerberos
library, with unknown effects but possibly including code execution.
This code path had not been used for normal authentication, but only
when the Kerberos library did supplemental prompting, such as with
PKINIT or when using the non-standard no_prompt PAM configuration
option.

For Debian 8 'Jessie', this problem has been fixed in version
4.6-3+deb8u1. The fix was prepared by Mike Gabriel.

We recommend that you upgrade your libpam-krb5 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/04/msg00000.html");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/libpam-krb5");
  script_set_attribute(attribute:"solution", value:
"Upgrade the affected libpam-heimdal, and libpam-krb5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10595");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-heimdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-krb5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libpam-heimdal", reference:"4.6-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libpam-krb5", reference:"4.6-3+deb8u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 Apr 2020 00:00Current
10High risk
Vulners AI Score10
CVSS39.8
EPSS0.046
16
.json
Report