Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.FEDORA_2007-034.NASL
HistoryJan 17, 2007 - 12:00 a.m.

Fedora Core 5 : krb5-1.4.3-5.3 (2007-034)

2007-01-1700:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

This update incorporates a fix for a recently-announced bug found in the kadmind daemon.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2007-034.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(24190);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2006-3084", "CVE-2006-6143");
  script_xref(name:"FEDORA", value:"2007-034");

  script_name(english:"Fedora Core 5 : krb5-1.4.3-5.3 (2007-034)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora Core host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update incorporates a fix for a recently-announced bug found in
the kadmind daemon.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2007-January/001222.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?54e3631c"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5-workstation");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/01/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC5", reference:"krb5-debuginfo-1.4.3-5.3")) flag++;
if (rpm_check(release:"FC5", reference:"krb5-devel-1.4.3-5.3")) flag++;
if (rpm_check(release:"FC5", reference:"krb5-libs-1.4.3-5.3")) flag++;
if (rpm_check(release:"FC5", reference:"krb5-server-1.4.3-5.3")) flag++;
if (rpm_check(release:"FC5", reference:"krb5-workstation-1.4.3-5.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-debuginfo / krb5-devel / krb5-libs / krb5-server / etc");
}
VendorProductVersionCPE
fedoraprojectfedorakrb5-debuginfop-cpe:/a:fedoraproject:fedora:krb5-debuginfo
fedoraprojectfedorakrb5-develp-cpe:/a:fedoraproject:fedora:krb5-devel
fedoraprojectfedorakrb5-libsp-cpe:/a:fedoraproject:fedora:krb5-libs
fedoraprojectfedorakrb5-serverp-cpe:/a:fedoraproject:fedora:krb5-server
fedoraprojectfedorakrb5-workstationp-cpe:/a:fedoraproject:fedora:krb5-workstation
fedoraprojectfedora_core5cpe:/o:fedoraproject:fedora_core:5

Related

fedora 4
openvas 14
ubuntu 3
debiancve 2
nessus 16
securityvulns 3
ubuntucve 2
cve 2
cert 3
gentoo 3
suse 1
debian 1
oraclelinux 1
fedora
fedora
[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.3
2007-01-09 22:09:07
[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.4
2007-04-03 20:14:48
[SECURITY] Fedora Core 6 Update: krb5-1.5-13
2007-01-09 22:08:27
openvas
openvas
Fedora Update for krb5 FEDORA-2007-034
2009-02-27 00:00:00
Mandriva Update for krb5 MDKSA-2007:008 (krb5)
2009-04-09 00:00:00
Ubuntu Update for krb5 vulnerability USN-408-1
2009-03-23 00:00:00
ubuntu
ubuntu
krb5 vulnerability
2007-01-16 00:00:00
krb5 vulnerabilities
2006-08-16 00:00:00
Thunderbird vulnerabilities
2006-07-29 00:00:00
debiancve
debiancve
CVE-2006-6143
2006-12-31 05:00:00
CVE-2006-3084
2006-08-09 10:04:00
nessus
nessus
Mandrake Linux Security Advisory : krb5 (MDKSA-2007:008)
2007-02-18 00:00:00
Ubuntu 6.06 LTS / 6.10 : krb5 vulnerability (USN-408-1)
2007-11-10 00:00:00
SUSE-SA:2007:004: krb5
2007-02-18 00:00:00
securityvulns
securityvulns
RPC library / MIT Kerberos kadmind uninitialized function pointer
2007-01-09 00:00:00
MITKRB5-SA-2006-002: kadmind &#40;via RPC lib&#41; calls uninitialized function pointer
2007-01-09 00:00:00
MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities
2006-08-09 00:00:00
ubuntucve
ubuntucve
CVE-2006-6143
2006-12-31 00:00:00
CVE-2006-3084
2006-08-09 00:00:00
cve
cve
CVE-2006-6143
2006-12-31 05:00:00
CVE-2006-3084
2006-08-09 10:04:00
cert
cert
Kerberos administration daemon fails to properly initialize function pointers
2007-01-09 00:00:00
MIT Kerberos (krb5) krshd and v4rcp do not properly validate setuid() or seteuid() calls
2006-08-08 00:00:00
MIT Kerberos (krb5) ftpd and ksu do not properly validate seteuid() calls
2006-08-15 00:00:00
gentoo
gentoo
MIT Kerberos 5: Arbitrary Remote Code Execution
2007-01-24 00:00:00
Heimdal: Multiple local privilege escalation vulnerabilities
2006-08-23 00:00:00
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities
2006-08-10 00:00:00
suse
suse
remote denial of service in krb5
2007-01-10 12:52:57
debian
debian
[SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation
2006-08-09 06:10:06
oraclelinux
oraclelinux
Critical: krb5 security update
2007-04-04 00:00:00
JSON
Related for FEDORA_2007-034.NASL
fedora4openvas14ubuntu3debiancve2nessus16securityvulns3ubuntucve2cve2cert3gentoo3suse1debian1oraclelinux1