Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2518.NASLHistoryAug 01, 2012 - 12:00 a.m.
Debian DSA-2518-1 : krb5 - denial of service and remote code execution
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol.
- CVE-2012-1014 By sending specially crafted AS-REQ (Authentication Service Request) to a KDC (Key Distribution Center), an attacker could make it free an uninitialized pointer, corrupting the heap. This can lead to process crash or even arbitrary code execution.
This CVE only affects testing (wheezy) and unstable (sid) distributions.
- CVE-2012-1015 By sending specially crafted AS-REQ to a KDC, an attacker could make it dereference an uninitialized pointer, leading to process crash or even arbitrary code execution
In both cases, arbitrary code execution is believed to be difficult to achieve, but might not be impossible.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2518. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(61374);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2012-1014", "CVE-2012-1015");
script_xref(name:"DSA", value:"2518");
script_name(english:"Debian DSA-2518-1 : krb5 - denial of service and remote code execution");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities
in MIT Kerberos, a daemon implementing the network authentication
protocol.
- CVE-2012-1014
By sending specially crafted AS-REQ (Authentication
Service Request) to a KDC (Key Distribution Center), an
attacker could make it free an uninitialized pointer,
corrupting the heap. This can lead to process crash or
even arbitrary code execution.
This CVE only affects testing (wheezy) and unstable (sid)
distributions.
- CVE-2012-1015
By sending specially crafted AS-REQ to a KDC, an
attacker could make it dereference an uninitialized
pointer, leading to process crash or even arbitrary code
execution
In both cases, arbitrary code execution is believed to be difficult to
achieve, but might not be impossible."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2012-1014"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2012-1015"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/squeeze/krb5"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2012/dsa-2518"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the krb5 packages.
For the stable distribution (squeeze), this problem has been fixed in
version 1.8.3+dfsg-4squeeze6."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
script_set_attribute(attribute:"patch_publication_date", value:"2012/07/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"6.0", prefix:"krb5-admin-server", reference:"1.8.3+dfsg-4squeeze6")) flag++;
if (deb_check(release:"6.0", prefix:"krb5-doc", reference:"1.8.3+dfsg-4squeeze6")) flag++;
if (deb_check(release:"6.0", prefix:"krb5-kdc", reference:"1.8.3+dfsg-4squeeze6")) flag++;
if (deb_check(release:"6.0", prefix:"krb5-kdc-ldap", reference:"1.8.3+dfsg-4squeeze6")) flag++;
if (deb_check(release:"6.0", prefix:"krb5-multidev", reference:"1.8.3+dfsg-4squeeze6")) flag++;
if (deb_check(release:"6.0", prefix:"krb5-pkinit", reference:"1.8.3+dfsg-4squeeze6")) flag++;
if (deb_check(release:"6.0", prefix:"krb5-user", reference:"1.8.3+dfsg-4squeeze6")) flag++;
if (deb_check(release:"6.0", prefix:"libkrb5-dev", reference:"1.8.3+dfsg-4squeeze6")) flag++;
if (deb_check(release:"6.0", prefix:"libkrb53", reference:"1.8.3+dfsg-4squeeze6")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | krb5 | p-cpe:/a:debian:debian_linux:krb5 |
| debian | debian_linux | 6.0 | cpe:/o:debian:debian_linux:6.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015
bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429
packages.debian.org/source/squeeze/krb5
security-tracker.debian.org/tracker/CVE-2012-1014
security-tracker.debian.org/tracker/CVE-2012-1015
www.debian.org/security/2012/dsa-2518
Related
nessus
nessus
openSUSE Security Update : krb5 (openSUSE-SU-2012:0967-1)
2014-06-13 00:00:00
Fedora 17 : krb5-1.10.2-6.fc17 (2012-11388)
2012-08-06 00:00:00
osv
osv
krb5 - denial of service
2012-07-31 00:00:00
openvas
openvas
Debian Security Advisory DSA 2518-1 (krb5)
2012-08-10 00:00:00
Debian: Security Advisory (DSA-2518-1)
2012-08-10 00:00:00
Fedora Update for krb5 FEDORA-2012-11388
2012-08-30 00:00:00
securityvulns
securityvulns
MIT Kerberos 5 security vulnerabilities
2012-08-06 00:00:00
debian
debian
[SECURITY] [DSA 2518-1] krb5 security update
2012-07-31 19:56:05
fedora
fedora
[SECURITY] Fedora 17 Update: krb5-1.10.2-6.fc17
2012-08-05 21:22:40
[SECURITY] Fedora 16 Update: krb5-1.9.4-3.fc16
2012-08-09 23:10:41
[SECURITY] Fedora 17 Update: krb5-1.10.2-9.fc17
2013-03-16 01:31:43
ubuntu
ubuntu
Kerberos vulnerabilities
2012-07-31 00:00:00
prion
prion
Cross site request forgery (csrf)
2012-08-06 16:55:00
Design/Logic Flaw
2012-08-06 16:55:00
cve
cve
CVE-2012-1014
2012-08-06 16:55:00
CVE-2012-1015
2012-08-06 16:55:00
ubuntucve
ubuntucve
CVE-2012-1014
2012-07-31 00:00:00
CVE-2012-1015
2012-07-31 00:00:00
debiancve
debiancve
CVE-2012-1014
2012-08-06 16:55:00
CVE-2012-1015
2012-08-06 16:55:00
altlinux
altlinux
Security fix for the ALT Linux 7 package krb5 version 1.10.2-alt2
2012-08-07 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.10.2-alt2
2012-08-07 00:00:00
Security fix for the ALT Linux 8 package krb5 version 1.10.2-alt2
2012-08-07 00:00:00
gentoo
gentoo
MIT Kerberos 5: Multiple vulnerabilities
2013-12-16 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:42:39
redhat
redhat
(RHSA-2012:1131) Important: krb5 security update
2012-07-31 00:00:00
(RHSA-2012:1200) Moderate: rhev-hypervisor6 security and bug fix update
2012-08-23 00:00:00
amazon
amazon
Important: krb5
2012-08-03 15:55:00
centos
centos
krb5 security update
2012-07-31 23:18:36
oraclelinux
oraclelinux
krb5 security update
2012-07-31 00:00:00
Related for DEBIAN_DSA-2518.NASL