Search...

Fedora 11 : krb5-1.6.3-23.fc11 (2010-0515)

2010-07-01T00:00:00

ID FEDORA_2010-0515.NASL
Type nessus
Reporter This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2010-07-01T00:00:00

Description

This update incorporates fixes from upstream which correct integer underflow problems in the AES and RC4 decryption routines (CVE-2009-4212).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-0515.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(47188);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2009-4212");
  script_bugtraq_id(37749);
  script_xref(name:"FEDORA", value:"2010-0515");

  script_name(english:"Fedora 11 : krb5-1.6.3-23.fc11 (2010-0515)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update incorporates fixes from upstream which correct integer
underflow problems in the AES and RC4 decryption routines
(CVE-2009-4212).

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=545015"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?bacdcbe0"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected krb5 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" &gt;!&lt; release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC11", reference:"krb5-1.6.3-23.fc11")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5");
}

JSON Vulners Source

Initial Source

{"id": "FEDORA_2010-0515.NASL", "bulletinFamily": "scanner", "title": "Fedora 11 : krb5-1.6.3-23.fc11 (2010-0515)", "description": "This update incorporates fixes from upstream which correct integer\nunderflow problems in the AES and RC4 decryption routines\n(CVE-2009-4212).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2010-07-01T00:00:00", "modified": "2010-07-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/47188", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=545015", "http://www.nessus.org/u?bacdcbe0"], "cvelist": ["CVE-2009-4212"], "type": "nessus", "lastseen": "2021-01-12T10:07:41", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4212"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23044", "SECURITYVULNS:VULN:10517"]}, {"type": "ubuntu", "idList": ["USN-881-1"]}, {"type": "centos", "idList": ["CESA-2010:0029"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0029"]}, {"type": "redhat", "idList": ["RHSA-2010:0029", "RHSA-2010:0095"]}, {"type": "fedora", "idList": ["FEDORA:1447210FB80", "FEDORA:76BED10FB1E", "FEDORA:9AB651114B4", "FEDORA:919C011128A", "FEDORA:431E7111A04", "FEDORA:0038310FBFB", "FEDORA:DA6AE10F8DD", "FEDORA:64EA710FC2C"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1969-1:2A44E"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2010-006.NASL", "FEDORA_2010-0503.NASL", "SL_20100112_KRB5_ON_SL3_X.NASL", "SUSE_KRB5-6776.NASL", "UBUNTU_USN-881-1.NASL", "ORACLELINUX_ELSA-2010-0029.NASL", "REDHAT-RHSA-2010-0029.NASL", "DEBIAN_DSA-1969.NASL", "SUSE_KRB5-6775.NASL", "CENTOS_RHSA-2010-0029.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:840368", "OPENVAS:1361412562310840368", "OPENVAS:830809", "OPENVAS:880344", "OPENVAS:1361412562310880356", "OPENVAS:880571", "OPENVAS:1361412562310122402", "OPENVAS:1361412562310870207", "OPENVAS:1361412562310880571", "OPENVAS:880353"]}, {"type": "suse", "idList": ["SUSE-SA:2010:006"]}, {"type": "vmware", "idList": ["VMSA-2010-0009", "VMSA-2010-0016"]}, {"type": "gentoo", "idList": ["GLSA-201201-13"]}], "modified": "2021-01-12T10:07:41", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-01-12T10:07:41", "rev": 2}, "vulnersScore": 8.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-0515.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47188);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4212\");\n script_bugtraq_id(37749);\n script_xref(name:\"FEDORA\", value:\"2010-0515\");\n\n script_name(english:\"Fedora 11 : krb5-1.6.3-23.fc11 (2010-0515)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates fixes from upstream which correct integer\nunderflow problems in the AES and RC4 decryption routines\n(CVE-2009-4212).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=545015\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bacdcbe0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"krb5-1.6.3-23.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "47188", "cpe": ["p-cpe:/a:fedoraproject:fedora:krb5", "cpe:/o:fedoraproject:fedora:11"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:54:19", "description": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.\nPer: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\r\n\r\n\r\n\"Only releases krb5-1.3 and later are vulnerable, as\r\nearlier releases did not contain the functionality implemented by the\r\nvulnerable code.\r\n\r\nThis is an implementation vulnerability in MIT krb5, and is not a\r\nvulnerability in the Kerberos protocol.\"\nPer: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\r\n\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.7.1 and krb5-1.6.4 releases will contain a fix\r\n for this vulnerability.\r\n\r\n* For the krb5-1.7 release, apply the patch available at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt.asc\r\n\r\n\r\n* For the krb5-1.6 releases, apply the patch available at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt.asc\r\n\r\n* The krb5-1.6.3 patch might apply successfully to older releases.\r\n", "edition": 4, "cvss3": {}, "published": "2010-01-13T19:30:00", "title": "CVE-2009-4212", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4212"], "modified": "2020-01-21T15:45:00", "cpe": ["cpe:/a:mit:kerberos_5:1.4.3", "cpe:/a:mit:kerberos_5:1.3", "cpe:/a:mit:kerberos_5:1.6.2", "cpe:/a:mit:kerberos_5:1.5.3", "cpe:/a:mit:kerberos_5:1.5", "cpe:/a:mit:kerberos_5:1.3.5", "cpe:/a:mit:kerberos_5:1.3.2", "cpe:/a:mit:kerberos_5:1.4.1", "cpe:/a:mit:kerberos_5:1.4.4", "cpe:/a:mit:kerberos:5-1.6.3", "cpe:/a:mit:kerberos_5:1.3.3", "cpe:/a:mit:kerberos_5:1.6", "cpe:/a:mit:kerberos_5:1.3.6", "cpe:/a:mit:kerberos_5:1.7", "cpe:/a:mit:kerberos_5:1.3.4", "cpe:/a:mit:kerberos_5:1.5.1", "cpe:/a:mit:kerberos_5:1.5.2", "cpe:/a:mit:kerberos_5:1.4", "cpe:/a:mit:kerberos_5:1.6.1", "cpe:/a:mit:kerberos_5:1.4.2", "cpe:/a:mit:kerberos_5:1.3.1"], "id": "CVE-2009-4212", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4212", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-4212"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nMITKRB5-SA-2009-004\r\n\r\nMIT krb5 Security Advisory 2009-004\r\nOriginal release: 2010-01-12\r\n\r\nTopic: integer underflow in AES and RC4 decryption\r\n\r\nCVE-2009-4212\r\ninteger underflow in AES and RC4 decryption\r\n\r\nCVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C\r\n\r\nCVSSv2 Base Score: 10\r\n\r\nAccess Vector: Network\r\nAccess Complexity: Low\r\nAuthentication: None\r\nConfidentiality Impact: Complete\r\nIntegrity Impact: Complete\r\nAvailability Impact: Complete\r\n\r\nCVSSv2 Temporal Score: 7.8\r\n\r\nExploitability: Proof-of-Concept\r\nRemediation Level: Official Fix\r\nReport Confidence: Confirmed\r\n\r\nSUMMARY\r\n=======\r\n\r\nInteger underflow bugs in the AES and RC4 decryption operations of the\r\ncrypto library of the MIT Kerberos software can cause crashes, heap\r\ncorruption, or, under extraordinarily unlikely conditions, arbitrary\r\ncode execution. Only releases krb5-1.3 and later are vulnerable, as\r\nearlier releases did not contain the functionality implemented by the\r\nvulnerable code.\r\n\r\nThis is an implementation vulnerability in MIT krb5, and is not a\r\nvulnerability in the Kerberos protocol.\r\n\r\nIMPACT\r\n======\r\n\r\nAn unauthenticated remote attacker can, by inducing the decryption of\r\nan invalid AES or RC4 ciphertext, cause a crash or heap corruption,\r\nor, under extraordinarily unlikely conditions, arbitrary code\r\nexecution. A successful code-execution attack against a KDC can\r\ncompromise all services relying on that KDC for authentication.\r\nHowever, the most probable outcome is a crash due to a memory fault or\r\nabort() call. An attacker with a valid account in the relevant\r\nKerberos realm has a marginally higher chance of success to execute\r\narbitrary code, but the probability is still very low. Therefore, the\r\ngiven Confidentiality Impact and Integrity Impact metrics of\r\n"Complete" represent theoretical worst-case scenarios and are both\r\nmore realistically characterized as "Partial".\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* KDC and application servers in MIT krb5-1.3 and later releases are\r\n vulnerable. Earlier releases did not contain the functionality\r\n implemented by the vulnerable code.\r\n\r\n* Third-party applications linked with the libraries from vulnerable\r\n releases are also vulnerable.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.7.1 and krb5-1.6.4 releases will contain a fix\r\n for this vulnerability.\r\n\r\n* For the krb5-1.7 release, apply the patch available at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt.asc\r\n\r\n\r\n* For the krb5-1.6 releases, apply the patch available at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt.asc\r\n\r\n* The krb5-1.6.3 patch might apply successfully to older releases.\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement is posted at:\r\n\r\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVSSv2:\r\n\r\n http://www.first.org/cvss/cvss-guide.html\r\n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\r\n\r\nCVE: CVE-2009-4212\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212\r\n\r\nCONTACT\r\n=======\r\n\r\nThe MIT Kerberos Team security contact address is\r\n<krbcore-security@mit.edu>. When sending sensitive information,\r\nplease PGP-encrypt it using the following key:\r\n\r\npub 2048R/D9058C24 2009-01-26 [expires: 2010-02-01]\r\nuid MIT Kerberos Team Security Contact <krbcore-security@mit.edu>\r\n\r\nDETAILS\r\n=======\r\n\r\nThe greatest risk is from AES decryption of invalid ciphertexts, which\r\ncan theoretically lead to arbitrary code execution under\r\nextraordinarily unlikely conditions. Other scenarios are more likely\r\nto lead to denial of service.\r\n\r\nThis advisory makes some reasonable assumptions about the platform.\r\nWe assume that attempts to invoke malloc() to allocate nearly SIZE_MAX\r\nbytes will fail, which is reasonable for conventional memory\r\narchitectures. We also assume that the process has less than UINT_MAX\r\ncontiguous bytes of heap address space mapped, which is reasonable\r\ngiven likely hardware and operating system configurations.\r\n\r\nThe Kerberos protocol specifications define the format of valid\r\nciphertexts encrypted with AES (in RFC 3962) or RC4 (in RFC 4757)\r\nciphers. Valid ciphertexts have a minimum length, as they include\r\nHMAC values and random confounders. The implementation of the AES and\r\nRC4 decryption operations does not adequately check that the provided\r\nciphertext meets the minimum length requirements of the ciphertext\r\nformat, and proceeds as if the minimums were already satisfied. The\r\ndecryption operations perform integer subtractions that underflow when\r\nthe minimums are not satisfied.\r\n\r\nThe integer underflows can cause the AES decryption operation to write\r\nto memory located before the caller's output buffer. This behavior\r\nrepresents the highest risk for execution of arbitrary code, but this\r\nrisk is still fairly small. On platforms where malloc(0) (a request\r\nto allocate zero bytes) returns a null pointer, this behavior will not\r\noccur, because this null pointer result triggers adequate error\r\nhandling.\r\n\r\nThe data written during this event is the result of the AES-CTS\r\ndecryption of the 32 bytes preceding the input buffer. The attacker\r\nmight not be able to directly influence the contents of the 32 bytes\r\npreceding the input buffer, and might not know the encryption key that\r\nwill be used. Without knowledge of the encryption key, the attacker\r\nhas effectively no chance to predict which byte values will be\r\nwritten. Due to the strong cryptographic properties of AES, for an\r\nattacker who knows the encryption key but who does not have perfect\r\nknowledge of the bytes to be decrypted, the probability of producing\r\nthe desired bytes is one in the number of possible uncontrolled values\r\nof the bytes to be decrypted.\r\n\r\nOther possible consequences of the integer underflow in the AES\r\ndecryption code include a crash due to an explicit abort() call inside\r\na section of code that checks (imperfectly) for invalid lengths.\r\n\r\nThe related integer underflow in the RC4 decryption code can cause an\r\nattempt to copy nearly UINT_MAX bytes from the decryption buffer to\r\nthe output buffer, most likely causing a crash from a memory fault.\r\nIn the unlikely event that the copy does not fault (only really\r\npossible on 64-bit platforms), there is a risk of heap corruption and\r\narbitrary code execution.\r\n\r\nOn 64-bit platforms, where an attempt to malloc() nearly UINT_MAX\r\nbytes is more likely to succeed, the decryption code may attempt to\r\ndecrypt nearly UINT_MAX bytes, leading to either an ordinary\r\n(correctly handled) error condition due to (almost certain) HMAC\r\nvalidation failure or to a crash due to a memory fault (if decrypting\r\nbeyond the end of the input buffer crosses over into invalid address\r\nspace).\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2010-01-12 original release\r\n\r\nCopyright (C) 2009 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 (SunOS)\r\n\r\niEYEARECAAYFAktMqfAACgkQSO8fWy4vZo4cggCgoMQOq/CF68tdzP1n+BwneJG+\r\nvrIAmwX9X8LeO6gOXW9X+2jetti2pYGG\r\n=d7/O\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-01-17T00:00:00", "published": "2010-01-17T00:00:00", "id": "SECURITYVULNS:DOC:23044", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23044", "title": "MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "cvelist": ["CVE-2009-4212"], "description": "Integer overflows on RC4 and AES decription.", "edition": 1, "modified": "2010-01-17T00:00:00", "published": "2010-01-17T00:00:00", "id": "SECURITYVULNS:VULN:10517", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10517", "title": "MIT Kerberos 5 integer overflows", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:24:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4212"], "description": "It was discovered that Kerberos did not correctly handle invalid AES \nblocks. An unauthenticated remote attacker could send specially crafted \ntraffic that would crash the KDC service, leading to a denial of service, \nor possibly execute arbitrary code with root privileges.", "edition": 5, "modified": "2010-01-12T00:00:00", "published": "2010-01-12T00:00:00", "id": "USN-881-1", "href": "https://ubuntu.com/security/notices/USN-881-1", "title": "Kerberos vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:38", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4212"], "description": "[1.6.1-36.el5_4.1]\n- add candidate patch to correct KDC integer overflows which could be\n triggered by malformed RC4 and AES ciphertexts (CVE-2009-4212, #546347) ", "edition": 4, "modified": "2010-01-12T00:00:00", "published": "2010-01-12T00:00:00", "id": "ELSA-2010-0029", "href": "http://linux.oracle.com/errata/ELSA-2010-0029.html", "title": "krb5 security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4212"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2010-01-14T01:24:35", "published": "2010-01-14T01:24:35", "id": "FEDORA:76BED10FB1E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: krb5-1.6.3-23.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4212"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2010-01-14T01:23:01", "published": "2010-01-14T01:23:01", "id": "FEDORA:1447210FB80", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: krb5-1.7-18.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4212", "CVE-2010-0629"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2010-04-09T01:42:04", "published": "2010-04-09T01:42:04", "id": "FEDORA:64EA710FC2C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: krb5-1.6.3-29.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3295", "CVE-2009-4212", "CVE-2010-0283"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2010-02-18T22:26:48", "published": "2010-02-18T22:26:48", "id": "FEDORA:0038310FBFB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: krb5-1.7.1-2.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4212", "CVE-2010-0629", "CVE-2010-1321"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2010-05-19T19:18:06", "published": "2010-05-19T19:18:06", "id": "FEDORA:9AB651114B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: krb5-1.6.3-31.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3295", "CVE-2009-4212", "CVE-2010-0283", "CVE-2010-0628"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2010-03-27T00:55:38", "published": "2010-03-27T00:55:38", "id": "FEDORA:DA6AE10F8DD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: krb5-1.7.1-6.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3295", "CVE-2009-4212", "CVE-2010-0283", "CVE-2010-0628", "CVE-2010-1320"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2010-04-21T21:58:12", "published": "2010-04-21T21:58:12", "id": "FEDORA:919C011128A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: krb5-1.7.1-7.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3295", "CVE-2009-4212", "CVE-2010-0283", "CVE-2010-0628", "CVE-2010-1320", "CVE-2010-1321"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2010-05-19T19:19:21", "published": "2010-05-19T19:19:21", "id": "FEDORA:431E7111A04", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: krb5-1.7.1-9.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:14:07", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4212"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1969-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nJanuary 12, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : krb5\nVulnerability : integer underflow\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2009-4212\nDebian Bug : none\n\nIt was discovered that krb5, a system for authenticating users and services on a\nnetwork, is prone to integer underflow in the AES and RC4 decryption operations of\nthe crypto library. A remote attacker can cause crashes, heap corruption, or,\nunder extraordinarily unlikely conditions, arbitrary code execution.\n\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.4.4-7etch8.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-5lenny2.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.8+dfsg~alpha1-1.\n\nWe recommend that you upgrade your krb5 package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch8.dsc\n Size/MD5 checksum: 884 4ee0daa9f7a62bb59b665585dfc699d9\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz\n Size/MD5 checksum: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch8.diff.gz\n Size/MD5 checksum: 1590501 546997d33ae6e7a7d8daa7cec8eeed3f\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch8_all.deb\n Size/MD5 checksum: 1806668 4bdcd4ef469018cadaf6acf6782b2c0c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 66426 c7715fa7c77e4d861ae2c5b6bb2523ef\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 1017748 f70cc2b7b95219218bbae652bae2011f\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 1088876 eb19f3e6ee7e34c15d1c036eeb1ab3ca\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 216408 2cf4a2b423df4358d3003b64b5d8c5b8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 89570 6245b91a6384231f06db23ac68b81743\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 76316 019757cc0b367128f90d5de3d24b2750\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 245950 e21517ad70bd355bfab8439cd9753be9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 155570 ee316999fb912edfb6ce481e19285c22\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 136924 010501b5910d3afc49763021e9702527\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 92386 6a50f75d72010e6908bfc3a4bf6466b8\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_alpha.deb\n Size/MD5 checksum: 461704 ba58baccaeac818475af555154853b5c\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 87118 fe568cfa5b5c4db84516e6177c35bfac\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 427114 fc0d3cbf9ba99bf127f99500701d3a84\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 84254 f6074da963c6336728384045c2a93dfb\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 1073020 17030c0f4d64cd46f9c7a36a68ef60f3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 131638 2c3a999c180a2459f3b99985fe9baf1f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 222206 7568096cc250818d8471a388e8eeac09\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 190912 0beb7c8d9b28a67896e76281bbb97d82\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 142510 9af4235fe3bfa0629884322440a980bb\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 62480 690f768fae84f2c96bd5d80b2e87fe70\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 767772 b35e650c85f15a2279fc287217d1a9d0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_amd64.deb\n Size/MD5 checksum: 68558 9c0b741886e3052ea6e8830200d70df9\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 60160 990910a9728b3c36871059da511499f1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 81766 76b150051fa839ad64a9bd3e7f213f93\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 390542 b2176ae80244a7f7eca4e81cc887e0d8\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 173512 069d194a443166bedcc56afa8e1744e1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 63732 826309ff571a3b22d6ed3d35d6bad726\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 123842 f829ca2bf7af803b910ba63b12cbe45f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 206564 590041188ecb8fc811110f43fe76d1fe\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 136404 de19824685b4f9a9dd22021c702b2bc6\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 1014004 a0f0bab83ddf8243f7421e6e8e267af7\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 79150 d47ec170d23eee90d8b6e1028952fc3a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_arm.deb\n Size/MD5 checksum: 683144 935f17e1a5660b4a54e58879ec499e69\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 440296 3be94c09e6845b8ea0c01426d0ca4696\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 1051932 ecd460dd2c253e3b34026f0d0ad38c2a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 85920 9555de162f9ba2dd330000f412ac341a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 816232 f22cb3c9e31461776e014e9a1327eb1b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 133916 e0314016283317b38de3739a2e12bce6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 87098 91c0a588fc11a820170f424fb671bb40\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 201512 51aea1b2776f31091e9699acaaf295b4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 228146 8b666d9dc7a950da3b9b2e4d7d483716\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 70040 6ec1038379ce8698407ba3546c92caa7\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 144924 c4ee08b3257b726f6321846a946c2fc6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_hppa.deb\n Size/MD5 checksum: 64550 d23564cc243a250497a0f92cc02a26a0\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 680610 cc980957f4c660dfe1b73e175c807931\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 62780 3adbcad94f5627c2c4cf1b1850d05c6a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 80642 c1699246a7ad5eaca9c2f5ee5fcb337a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 1038380 a38ca0f4f6d1b6d3fb4e5e37bb241614\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 124540 7e39b6602069aae509d227999d5d403c\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 174430 7ca10e3a2179c518d2aed4a4612c6119\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 133706 6e33380795b2d945c01ef7183e458f23\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 58378 571974ef325e11e5773a8e69e3439923\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 78928 e9cdd1646f5f3d1e3756958d70171c84\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 408762 f72eb38bd49c68c5a89f909844020534\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_i386.deb\n Size/MD5 checksum: 196872 bab9430ce99981adda474d644bae0764\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 592704 767340ed4ccd5f3cf187729272b5c359\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 105900 62b1f2084544249fcac0df57051f4554\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 1089322 7fb36fb213abb1e9f0bd59c3fe7e00bb\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 91658 b3a950cedd6913ba128015f45444e85e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 190736 c5f859c6fcc1fd11d8debc15a7743dbc\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 1043602 09a701e1f8ff82330785d75af7905d76\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 269918 be2672d30dd739574b5eb9172a3c837d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 164846 21c637c657eb92ccfc67962ca8d0cb68\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 80648 f8389e4089152f52144f5c7c66662cab\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 113314 eab64b5247be62d6611ad505d3ed939c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_ia64.deb\n Size/MD5 checksum: 306220 334c842132fe5a0d29fce45e808af341\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 390280 ee3724ff64a41b47223c4543a24231e9\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 177164 1e245bb9a77d9e22225486cc1d109d90\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 71552 8329658d40b027864f640ef976936579\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 807966 845f3e360ec42242be927189c1240d20\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 82136 7297d947bf02cc83edb6791b1bec7e98\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 86776 fb6080c740deadf8a3d25e3db1d11c29\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 145300 7ce64ef299b1e4178a3c680e4f5d12a7\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 1113408 091e167743444e2d86b9b0994a067974\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 230778 eb1ea743345a76dbcbd5a0c410ec1d1d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 128832 9f796e1d54468c19817838bed81e1226\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_mips.deb\n Size/MD5 checksum: 63282 81a4b1a095c8a89758db14e1bf70a207\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 1088272 5ca4bc01e92b0353c4bc44747dfb0211\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 810866 a5281da7e780dc16370ec958aa8e87bc\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 64152 46e6875c9ca40d9d0f56ba08ed0e7821\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 82976 757fdca0536a4037264cb5b675a812ee\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 87790 70002efa0b49808320fbacef838ce0fb\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 392406 dff848b39a73feed2b18bb6db7715cef\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 233092 7927807f45581b8c8a7873af13f20a8e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 146004 3789fc059b01d64c5d7694239f981b87\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 71896 ca412ae3c2d58efeb8209da59048b86a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 131392 5d79bcf0fbc6a852c740e58af83c6b77\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_mipsel.deb\n Size/MD5 checksum: 179810 93fd247868871f538dfaa597aa172ccb\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 223096 fe0bbb32aa77142527981f0a4f5494f0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 62264 d3dcf571fac840e90cac101ef7641901\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 84690 1628641e1f4e0286e35af2199fe5cc01\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 399766 80947d1ae44a46692f73e2669627b7c2\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 179904 57bb2072d0c07f1a9a8c1ebdd347d4ba\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 137650 bbb39692552b59c88aad0957b54a8774\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 67704 4fd027cddf05f78a77bbf7a97ad0f9e6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 144126 a24427b5adbf031e01ac09725cdcc380\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 87190 68da3d251a9e60e1ed841e27809d2d99\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 1083782 7ef84bf21c4a23bc02bba4713c260873\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_powerpc.deb\n Size/MD5 checksum: 753896 f8d79f96e7e7a9f937407f49b78d9312\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 129546 1ea44de69cbfec2cab806be2f5e11f80\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 733810 86ea546d8eb5e4c7c2aeffa0703c72a4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 82426 de07126b23e8d53c703348eb8539d5da\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 1074058 f64077b9524e988dba437e79bad53cfb\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 140762 d770522258122aa18764b938ebd88e24\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 195808 7ef172ebb5c195d3fa1010e9cc289402\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 69080 d584525570c9eeb6299eeb014e885582\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 224770 2cef613c0d36527987de842ca3198aae\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 439428 6700040f505a31c9cae489a87d73e7a3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 88216 9836d516b47f2c30ae4757efd3bd8e75\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_s390.deb\n Size/MD5 checksum: 63716 b7911851d810eac531c4b7ca56316134\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 167036 8c8d9890d634258080ade15d84edb6a2\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 64134 a1a8b905b3371fea357bbe07df1ffe0c\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 373070 3a8109216dd34cb46f6b83597f47691e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 78548 8c65e37edbe211fa7ccda2f8a0d236cd\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 200582 0d147e7d1b517e8a082de68e46000221\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 132038 90c76335e6a9f33162be50e9cb8b66c8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 123362 22537c970b94146a418b37289b100c3d\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 962126 b9e55793348dd0a74c60f3cf3aa92c78\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 77454 f214534d165fdffbc0970ef6baf6476d\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 680902 e8c793ceab96ca75946d78e84596331c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_sparc.deb\n Size/MD5 checksum: 58568 996681397f88bb299f2344ecdc3cacd7\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny2.diff.gz\n Size/MD5 checksum: 847479 4863ad37f712731b55e989f650681cf6\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny2.dsc\n Size/MD5 checksum: 1536 517483a1b196783a6b930ce5279b35e8\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz\n Size/MD5 checksum: 11647547 08d6ce311204803acbe878ef0bb23c71\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5lenny2_all.deb\n Size/MD5 checksum: 2148814 033ed1efe5d8f0f156fc494706c808b5\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 71398 ca090fb8bcfdcc2fc3f5515bef39a0fd\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 92652 65ed615eb4e3eddf9624208f6b29d172\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 98132 9af97bbe3becc4af76796dbf15e09d3b\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 179916 248446d582e244beda0abae6a6d041f6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 83152 691efa10f887c940a91462391370ebb4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 112610 503d2b53b2b4afd7517c52a834dd2fb1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 148160 6705c91448817d23890f8d24d183d650\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 256154 6d54e7196412177f4fdc2450981094dd\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 1349966 f8ef1c1e8aae7fe1d061636b7789342d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 219542 4068bd7ecab8dd91a4ba212d3ed8b709\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 538112 1c36cf6e6864acc7bc81c88435e2200e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 98006 0b67c73e8e0018fd346092b39e0ed5db\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_alpha.deb\n Size/MD5 checksum: 70114 0bc2d7afc1759b5c6ca1423856b8161b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 146730 6f4e67a7507773df90371fbb31bca7c5\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 519370 01d1077bfbab1ce248f8cead034e498f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 95298 5d4299de77de3e070b5d9c908db60962\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 1475794 61eee9e67cb367b053ed308655fdfef0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 68318 bf3d50ea870cd2c47c02b9499155f5ec\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 238698 c68ddf853b1e7c5576d9bd11660ef98a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 77100 cdad45e1d14d4375944eed7b02f97b32\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 108392 702fdefe0711d2d3ef08a7f0c5252142\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 94016 90ab00c758a3ec085c508ac38923e2e9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 69304 2b2ab7d2ab4e433f27d7af3a7692f8e4\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 92722 0f7d5151f05305fd7edde228db4db05c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 199290 c13a655ddb56829a6da3056eafc11f57\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_amd64.deb\n Size/MD5 checksum: 169726 c56d7b235e72ed6bda6c85bb3040c8b9\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 145920 ef484e287053f697965299b99c091e8d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 102664 b94057d8bec867a8cdc753f96d8792ca\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 448840 6d8b1125b5b55a7f90f7a6968fde4ac5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 87640 21a2f847f2892b292b8f3880a6b3363f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 215100 c4db292db7749bf76788f8fd9ed28aa5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 188268 d4bd686a4be543a64e53028edc777586\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 135214 b57a313a3ef2a194891176707c68214c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 86642 a8e5efe9362905021ba6be528e1da53c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 70416 ada9c86f89264cd1e28ced20d792778b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 61518 846e2f6fa06cc906e41e87d083e684ca\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 92714 5780ff696e0a16a49f1ca03d1c192577\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 65948 ede274061769677ee44f197ae7bd73e9\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_arm.deb\n Size/MD5 checksum: 1283476 44701e72f952e2e4c2b064eb75a9dcb4\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 134836 57b9d62c596d0a0978786f60dc47d529\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 69966 35aee03b89f4e78cd57ffb2ec6f1543e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 86134 745b8e6753d12220e715fd6473a83913\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 209128 0e8e3e6b84cc5a3f916879f3b7d5562a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 448822 56ffcc4240fa08fda0a674cb94605ec9\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 145848 e6eac0f9ec739ca86016968486c2e9aa\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 1290160 4081413b96c25bcf999c088ba0c06191\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 186102 c86b76a0c80824d9dfc4d77b08166d89\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 61556 d36ff9f728f1fb6eb46a60b8ee0bef1f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 101064 e3942d30e80f02e9e2352b613b32cc0f\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 92766 3a265b2a9912f3bdb87cce69bc693e26\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 86808 4b1f7eebf3700eb4d262c584f35bb877\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_armel.deb\n Size/MD5 checksum: 65606 82f1a791f29488a2534ad3a537e052e5\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 170862 02b00df5166d3c3e90bf9b964eb34c23\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 93952 83cd93f84feb117b50db2fa1ad9fcf25\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 92868 abb9537f1a875f5e2b45e7220ea7cb2c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 70176 9fd26139b1a6077f3d4b6097880de080\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 68732 029acd28a997daa30df0d6313eaffae6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 111168 3c9eb020108eb3faa8657e66fbfc4d20\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 76238 6f1bb91dc434b25b11913977ffa2919c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 92474 44dd654591ffd1cb17ccd253e97ff40e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 145450 54fd47f443c221b2136e814df24529e7\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 235032 28f381ab9f44f0c5fcfa9c5ad49820ad\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 510864 4d5a3ccecd06ace02019fe0d2c865049\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 200158 c667bfe04b647561c68cb22968235474\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_hppa.deb\n Size/MD5 checksum: 1302162 774ec15b2431b2e1e065da84d8eb9670\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 1413950 e802d6567ed223d6beca19b7d6272389\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 87556 f3c9bc00276872a9b154324afd41e705\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 210378 dfbd50409d17aab6392e730b98dafbca\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 153804 7849b458fd30c031168ec4d95aacee66\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 102830 0757e35a188349c39632761e01f23a56\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 186216 4e892700eda91de2bee99398963deb69\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 88312 b3bb0f731ea641305db2337209805297\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 481642 04ebe294248341111f1de90d9bc43fae\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 137568 730328f701319ac74f2a13654af52e1a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 64352 e7397761d38609dcb1dbc89dd563f13f\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 92704 f42ade4fdc92a8ab38d4ddf96432a9bd\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 65240 665d15a9b1e44a7424b35cfcadd39474\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_i386.deb\n Size/MD5 checksum: 70898 f0a680d86b77d362f82f14a8e280b307\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 118502 b61c89fe1a3978fbb2a8be001c94e214\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 1282370 938b88afd402ffea976403f99ee0fff0\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 219590 d9a9bbbb7cbdf4b6e3ef009ada07787f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 85734 616f2c76dbfbb2006608c466467d045a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 113710 777c9492f526bae4b2a4aab130ac4988\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 177328 b13561afc9a03935c8a4e4b8fe6e77af\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 92710 ae1ab96d1cff1f4e0ce2113025637a62\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 270656 52d380feec8d765ad6c5645edf1c7ffb\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 700958 ad8334928d62f636dbe4410e757e1e1c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 85228 b493ca2894a47e747d2b31fe93b278a4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 97562 c2b52bbd7a858e83d748e34ba3212ca5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 139022 f6fa1941b7bab6c1ad9fb8c01f491abf\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_ia64.deb\n Size/MD5 checksum: 312288 72e40a747f97bff17a22cf23b89332d3\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 63936 772642f58803aa4ecc653bd065c6b9bb\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 151438 c8197cdaa3f69e44098a4950da9c80be\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 1381838 a37792b2bccfb1d8128bd6e190e4e41c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 234742 a1916fff0802c341d0f4016326785cd0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 102112 a497919bf702e109ecdbd90bbe3e52c1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 76392 36f581155c9d22ae46804f80ecdb16d4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 89552 2abf2c6c9bc12f62d93e0cf353ecb1c6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 193034 f6406b8e5ddcf96d27304e37a13a930c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 91472 93636b59ca82ed54fd0f41c28d406145\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 457014 755e4322e73e834de6f53672f1fee8ba\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 68420 4fc15a6c545c8566f2491c7e1be9da6d\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 92664 71e2aea5291ea0d6a99022c004961fcb\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_mips.deb\n Size/MD5 checksum: 139754 f5e5a96821bba5e4e27aa0e8575e811e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 194710 654bdfef5c7cb83e2c168fa17b6bb235\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 142330 ad02fc15a5db773dd3f5f07f413afd42\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 152716 4b3ed14c0c37b6324d0bcdd5e0e38fa8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 63954 727f984f06ebdfc74db308190d6ad4a0\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 1354424 f5b2b0e73732501a6ceeb89977318583\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 76948 08680fec5f245b34daa5dfee6b27783d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 68988 84921c1acde715e504e5b609e8fd17b3\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 92734 d54e507a212a32e3fac2a4b1620fc946\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 90074 e1051b8631c50afae3748299e2281d05\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 236418 eaa8bb2f4e81fe5988daf67823f04f40\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 458282 20ce42cca24170dbea2b62fef7518899\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 92486 425cbb4a813c05aa15297f04f458687e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_mipsel.deb\n Size/MD5 checksum: 102792 203159863acc422d7b20f5c197daa07b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 1348068 5c55594c1a91264ad2a2b7298d0a452a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 249296 d8ae807480800e6ae248c2b82ef4714a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 102010 f1b50b23234f553bcadebab4f4753f20\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 71414 01e9a39b2710bfe72f572ea8bc7f8a16\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 162918 a506df1f06d35e4defe4ffa9b7ebd776\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 92714 56f990b927671bedb5c54b72ed90eb95\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 100300 0c4004eed024805b8a02360f9e40b5f9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 208818 34337fefc9e83f0a32b84ba1ab7ef39f\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 500852 518d8511fe310695edf8146f88d611e9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 78166 b811cc6d5be4f7e6da307c4e98562313\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 112038 92e8a7060416f29242a489497872a4f8\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 163598 5fe88426c0dfc6fe7d260e2829571875\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_powerpc.deb\n Size/MD5 checksum: 66612 be5469bdd83a2f80313b87f983654593\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 92688 62fe1e7b6adf8249dbb50b5a8fe428d6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 70426 93962917fe3dcb74ea0e43851d1dc9be\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 144958 a0d9a3bc73ed7ccde73263c122215e2a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 108464 7b37b0566d714a6ca856c17e8a0b9ce1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 77152 30b89036ead9d052428d2e7d760648ab\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 92852 4ab73ae69a9271bf4656b5d739eb0a30\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 237520 859ea9cc9a2cb37fb313e6cb544e1958\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 170310 c4e08492c51cf98c8a52ca236df9a494\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 1365520 379205e114d12000cb3ebc90f4e24f70\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 68778 025c8e4b569f713d18b39e3c29119977\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 97064 ed9a6b3c89ae6d19836b6a19d093a249\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 516490 e6f7e0887f4172edbb1b2369f462219b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_s390.deb\n Size/MD5 checksum: 199950 4d310d743c5c95c44a10a1119b78f599\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 214146 684a5df295f92d96fd9173e902103d16\n http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 61362 a91ddc177f135c2840b8f4c7848f87c6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 182876 2cb261c2dab19a1af5cb02d692480448\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 435970 a0d1c3c30b9c3d6b1349dc212ba533d8\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 100386 53f9a4ed9735831835948cbfa442a7a2\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 146382 8bd696bb3dbe3fa543e5b3c40339e4e9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 87728 71591f7ccd2e483262e6dd60b43ffdac\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 93886 0727503660d1a60a34d761f2ac91127b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 66132 4f031d0101e2de304bfb73f7c4474753\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 71930 9038273dfd441cb4dae22eaef85da721\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 88758 df5ae0261c7c491286f840138dfcc36d\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 1214774 8e7ebe13eab77d0e29db21e17a561cd1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_sparc.deb\n Size/MD5 checksum: 137880 5efb1fe5a5a2d683328e944489bdb4f8\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2010-01-12T21:37:29", "published": "2010-01-12T21:37:29", "id": "DEBIAN:DSA-1969-1:2A44E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00004.html", "title": "[SECURITY] [DSA-1969-1] New krb5 packages fix denial of service", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4212"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0029\n\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nMultiple integer underflow flaws, leading to heap-based corruption, were\nfound in the way the MIT Kerberos Key Distribution Center (KDC) decrypted\nciphertexts encrypted with the Advanced Encryption Standard (AES) and\nARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to\nprovide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it\ncould potentially lead to either a denial of service of the central KDC\n(KDC crash or abort upon processing the crafted ciphertext), or arbitrary\ncode execution with the privileges of the KDC (i.e., root privileges).\n(CVE-2009-4212)\n\nAll krb5 users should upgrade to these updated packages, which contain a\nbackported patch to correct these issues. All running services using the\nMIT Kerberos libraries must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028479.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028480.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028491.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028492.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028493.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/028494.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0029.html", "edition": 4, "modified": "2010-01-14T23:56:11", "published": "2010-01-13T00:51:06", "href": "http://lists.centos.org/pipermail/centos-announce/2010-January/028479.html", "id": "CESA-2010:0029", "title": "krb5 security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4212"], "description": "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nMultiple integer underflow flaws, leading to heap-based corruption, were\nfound in the way the MIT Kerberos Key Distribution Center (KDC) decrypted\nciphertexts encrypted with the Advanced Encryption Standard (AES) and\nARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to\nprovide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it\ncould potentially lead to either a denial of service of the central KDC\n(KDC crash or abort upon processing the crafted ciphertext), or arbitrary\ncode execution with the privileges of the KDC (i.e., root privileges).\n(CVE-2009-4212)\n\nAll krb5 users should upgrade to these updated packages, which contain a\nbackported patch to correct these issues. All running services using the\nMIT Kerberos libraries must be restarted for the update to take effect.", "modified": "2018-05-26T04:26:17", "published": "2010-01-12T05:00:00", "id": "RHSA-2010:0029", "href": "https://access.redhat.com/errata/RHSA-2010:0029", "type": "redhat", "title": "(RHSA-2010:0029) Critical: krb5 security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:01", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6304", "CVE-2007-4567", "CVE-2009-1189", "CVE-2009-2409", "CVE-2009-2730", "CVE-2009-2910", "CVE-2009-2957", "CVE-2009-2958", "CVE-2009-3080", "CVE-2009-3556", "CVE-2009-3563", "CVE-2009-3736", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4020", "CVE-2009-4021", "CVE-2009-4138", "CVE-2009-4141", "CVE-2009-4212", "CVE-2009-4272", "CVE-2009-4355", "CVE-2009-4536", "CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0001", "CVE-2010-0097", "CVE-2010-0298", "CVE-2010-0306", "CVE-2010-0309"], "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\n(RHEV) Hypervisor ISO disk image. The RHEV Hypervisor is a dedicated\nKernel-based Virtual Machine (KVM) hypervisor. It includes everything\nnecessary to run and manage virtual machines: A subset of the Red Hat\nEnterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: RHEV Hypervisor is only available for the Intel 64 and AMD64\narchitectures with virtualization extensions.\n\nA flaw was found in the IPv6 Extension Header (EH) handling\nimplementation in the Linux kernel. The skb->dst data structure was not\nproperly validated in the ipv6_hop_jumbo() function. This could possibly\nlead to a remote denial of service. (CVE-2007-4567)\n\nThe Parallels Virtuozzo Containers team reported two flaws in the routing\nimplementation. If an attacker was able to cause a large enough number of\ncollisions in the routing hash table (via specially-crafted packets) for\nthe emergency route flush to trigger, a deadlock could occur. Secondly, if\nthe kernel routing cache was disabled, an uninitialized pointer would be\nleft behind after a route lookup, leading to a kernel panic.\n(CVE-2009-4272)\n\nA flaw was found in each of the following Intel PRO/1000 Linux drivers in\nthe Linux kernel: e1000 and e1000e. A remote attacker using packets larger\nthan the MTU could bypass the existing fragment check, resulting in\npartial, invalid frames being passed to the network stack. These flaws\ncould also possibly be used to trigger a remote denial of service.\n(CVE-2009-4536, CVE-2009-4538)\n\nA flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel.\nReceiving overly-long frames with a certain revision of the network cards\nsupported by this driver could possibly result in a remote denial of\nservice. (CVE-2009-4537)\n\nThe x86 emulator implementation was missing a check for the Current\nPrivilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest\ncould leverage these flaws to cause a denial of service (guest crash) or\npossibly escalate their privileges within that guest. (CVE-2010-0298,\nCVE-2010-0306)\n\nA flaw was found in the Programmable Interval Timer (PIT) emulation. Access\nto the internal data structure pit_state, which represents the data state\nof the emulated PIT, was not properly validated in the pit_ioport_read()\nfunction. A privileged guest user could use this flaw to crash the host.\n(CVE-2010-0309)\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for RHEV\nHypervisor. These fixes are for kernel issues CVE-2006-6304, CVE-2009-2910,\nCVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,\nCVE-2009-4021, CVE-2009-4138, and CVE-2009-4141; ntp issue CVE-2009-3563;\ndbus issue CVE-2009-1189; dnsmasq issues CVE-2009-2957 and CVE-2009-2958;\ngnutls issue CVE-2009-2730; krb5 issue CVE-2009-4212; bind issue \nCVE-2010-0097; gzip issue CVE-2010-0001; openssl issues CVE-2009-2409 and \nCVE-2009-4355; and gcc issue CVE-2009-3736.\n\nThis update also fixes the following bugs:\n\n* on systems with a large number of disk devices, USB storage devices may\nget enumerated after \"/dev/sdz\", for example, \"/dev/sdcd\". This was not\nhandled by the udev rules, resulting in a missing \"/dev/live\" symbolic\nlink, causing installations from USB media to fail. With this update, udev\nrules correctly handle USB storage devices on systems with a large number\nof disk devices, which resolves this issue. (BZ#555083)\n\nAs RHEV Hypervisor is based on KVM, the bug fixes from the KVM update\nRHSA-2010:0088 have been included in this update:\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0088.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.", "modified": "2019-03-22T23:44:58", "published": "2010-02-09T05:00:00", "id": "RHSA-2010:0095", "href": "https://access.redhat.com/errata/RHSA-2010:0095", "type": "redhat", "title": "(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T13:44:39", "description": "CVE-2009-4212 krb: KDC integer overflows in AES and RC4 decryption\nroutines (MITKRB5-SA-2009-004)\n\nMultiple integer underflow flaws, leading to heap-based corruption,\nwere found in the way the MIT Kerberos Key Distribution Center (KDC)\ndecrypted ciphertexts encrypted with the Advanced Encryption Standard\n(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client\nwere able to provide a specially crafted AES- or RC4-encrypted\nciphertext or texts, it could potentially lead to either a denial of\nservice of the central KDC (KDC crash or abort upon processing the\ncrafted ciphertext), or arbitrary code execution with the privileges\nof the KDC (i.e., root privileges). (CVE-2009-4212)\n\nAll running services using the MIT Kerberos libraries must be\nrestarted for the update to take effect.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100112_KRB5_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60721", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60721);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4212\");\n\n script_name(english:\"Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-4212 krb: KDC integer overflows in AES and RC4 decryption\nroutines (MITKRB5-SA-2009-004)\n\nMultiple integer underflow flaws, leading to heap-based corruption,\nwere found in the way the MIT Kerberos Key Distribution Center (KDC)\ndecrypted ciphertexts encrypted with the Advanced Encryption Standard\n(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client\nwere able to provide a specially crafted AES- or RC4-encrypted\nciphertext or texts, it could potentially lead to either a denial of\nservice of the central KDC (KDC crash or abort upon processing the\ncrafted ciphertext), or arbitrary code execution with the privileges\nof the KDC (i.e., root privileges). (CVE-2009-4212)\n\nAll running services using the MIT Kerberos libraries must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1001&L=scientific-linux-errata&T=0&P=1065\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a85f353\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"krb5-devel-1.2.7-71\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"krb5-libs-1.2.7-71\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"krb5-server-1.2.7-71\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"krb5-workstation-1.2.7-71\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"krb5-devel-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"krb5-libs-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"krb5-server-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"krb5-workstation-1.3.4-62.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"krb5-devel-1.6.1-36.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"krb5-libs-1.6.1-36.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"krb5-server-1.6.1-36.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"krb5-workstation-1.6.1-36.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:56", "description": "From Red Hat Security Advisory 2010:0029 :\n\nUpdated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat\nEnterprise Linux 4.7, 5.2, and 5.3 Extended Update Support.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nMultiple integer underflow flaws, leading to heap-based corruption,\nwere found in the way the MIT Kerberos Key Distribution Center (KDC)\ndecrypted ciphertexts encrypted with the Advanced Encryption Standard\n(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client\nwere able to provide a specially crafted AES- or RC4-encrypted\nciphertext or texts, it could potentially lead to either a denial of\nservice of the central KDC (KDC crash or abort upon processing the\ncrafted ciphertext), or arbitrary code execution with the privileges\nof the KDC (i.e., root privileges). (CVE-2009-4212)\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running services using\nthe MIT Kerberos libraries must be restarted for the update to take\neffect.", "edition": 23, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2010-0029)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-workstation", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2010-0029.NASL", "href": "https://www.tenable.com/plugins/nessus/67984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0029 and \n# Oracle Linux Security Advisory ELSA-2010-0029 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67984);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4212\");\n script_bugtraq_id(37749);\n script_xref(name:\"RHSA\", value:\"2010:0029\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2010-0029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0029 :\n\nUpdated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat\nEnterprise Linux 4.7, 5.2, and 5.3 Extended Update Support.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nMultiple integer underflow flaws, leading to heap-based corruption,\nwere found in the way the MIT Kerberos Key Distribution Center (KDC)\ndecrypted ciphertexts encrypted with the Advanced Encryption Standard\n(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client\nwere able to provide a specially crafted AES- or RC4-encrypted\nciphertext or texts, it could potentially lead to either a denial of\nservice of the central KDC (KDC crash or abort upon processing the\ncrafted ciphertext), or arbitrary code execution with the privileges\nof the KDC (i.e., root privileges). (CVE-2009-4212)\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running services using\nthe MIT Kerberos libraries must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-January/001313.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-January/001314.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-January/001315.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-devel-1.2.7-71\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-devel-1.2.7-71\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-libs-1.2.7-71\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-libs-1.2.7-71\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-server-1.2.7-71\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-server-1.2.7-71\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-workstation-1.2.7-71\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-workstation-1.2.7-71\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"krb5-devel-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"krb5-libs-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"krb5-server-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"krb5-workstation-1.3.4-62.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"krb5-devel-1.6.1-36.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-libs-1.6.1-36.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-server-1.6.1-36.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-workstation-1.6.1-36.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:21", "description": "Specially crafted AES and RC4 packets could allow unauthenticated\nremote attackers to trigger an integer overflow leads to heap memory\ncorruption (CVE-2009-4212). This has been fixed.", "edition": 23, "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 6776)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2010-10-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KRB5-6776.NASL", "href": "https://www.tenable.com/plugins/nessus/49875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49875);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4212\");\n\n script_name(english:\"SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 6776)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted AES and RC4 packets could allow unauthenticated\nremote attackers to trigger an integer overflow leads to heap memory\ncorruption (CVE-2009-4212). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4212.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6776.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"krb5-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"krb5-client-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"krb5-devel-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"krb5-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"krb5-apps-clients-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"krb5-apps-servers-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"krb5-client-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"krb5-devel-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"krb5-server-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.44.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.4.3-19.44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:21", "description": "Specially crafted AES and RC4 packets could allow unauthenticated\nremote attackers to trigger an integer overflow leads to heap memory\ncorruption (CVE-2009-4212). This has been fixed.", "edition": 23, "published": "2010-01-20T00:00:00", "title": "SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 6775)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2010-01-20T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KRB5-6775.NASL", "href": "https://www.tenable.com/plugins/nessus/44093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44093);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4212\");\n\n script_name(english:\"SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 6775)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted AES and RC4 packets could allow unauthenticated\nremote attackers to trigger an integer overflow leads to heap memory\ncorruption (CVE-2009-4212). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4212.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6775.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"krb5-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"krb5-client-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"krb5-devel-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"krb5-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"krb5-apps-clients-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"krb5-apps-servers-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"krb5-client-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"krb5-devel-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"krb5-server-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.43.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.4.3-19.43.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:07", "description": "Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat\nEnterprise Linux 4.7, 5.2, and 5.3 Extended Update Support.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nMultiple integer underflow flaws, leading to heap-based corruption,\nwere found in the way the MIT Kerberos Key Distribution Center (KDC)\ndecrypted ciphertexts encrypted with the Advanced Encryption Standard\n(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client\nwere able to provide a specially crafted AES- or RC4-encrypted\nciphertext or texts, it could potentially lead to either a denial of\nservice of the central KDC (KDC crash or abort upon processing the\ncrafted ciphertext), or arbitrary code execution with the privileges\nof the KDC (i.e., root privileges). (CVE-2009-4212)\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running services using\nthe MIT Kerberos libraries must be restarted for the update to take\neffect.", "edition": 25, "published": "2010-01-13T00:00:00", "title": "CentOS 3 / 4 / 5 : krb5 (CESA-2010:0029)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2010-01-13T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-workstation", "p-cpe:/a:centos:centos:krb5-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:krb5-server", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:krb5-libs", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2010-0029.NASL", "href": "https://www.tenable.com/plugins/nessus/43866", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0029 and \n# CentOS Errata and Security Advisory 2010:0029 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43866);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-4212\");\n script_bugtraq_id(37749);\n script_xref(name:\"RHSA\", value:\"2010:0029\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : krb5 (CESA-2010:0029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat\nEnterprise Linux 4.7, 5.2, and 5.3 Extended Update Support.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nMultiple integer underflow flaws, leading to heap-based corruption,\nwere found in the way the MIT Kerberos Key Distribution Center (KDC)\ndecrypted ciphertexts encrypted with the Advanced Encryption Standard\n(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client\nwere able to provide a specially crafted AES- or RC4-encrypted\nciphertext or texts, it could potentially lead to either a denial of\nservice of the central KDC (KDC crash or abort upon processing the\ncrafted ciphertext), or arbitrary code execution with the privileges\nof the KDC (i.e., root privileges). (CVE-2009-4212)\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running services using\nthe MIT Kerberos libraries must be restarted for the update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016441.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3928f71\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016442.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7b6d35c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016453.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63052a55\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016454.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b727736e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016455.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c029756a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-January/016456.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?555907ea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"krb5-devel-1.2.7-71\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"krb5-devel-1.2.7-71\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"krb5-libs-1.2.7-71\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"krb5-libs-1.2.7-71\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"krb5-server-1.2.7-71\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"krb5-server-1.2.7-71\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"krb5-workstation-1.2.7-71\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"krb5-workstation-1.2.7-71\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-devel-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-devel-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-libs-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-libs-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-server-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-server-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-workstation-1.3.4-62.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-workstation-1.3.4-62.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-devel-1.6.1-36.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-libs-1.6.1-36.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-server-1.6.1-36.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"krb5-workstation-1.6.1-36.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:50", "description": "It was discovered that krb5, a system for authenticating users and\nservices on a network, is prone to integer underflow in the AES and\nRC4 decryption operations of the crypto library. A remote attacker can\ncause crashes, heap corruption, or, under extraordinarily unlikely\nconditions, arbitrary code execution.", "edition": 25, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1969-1 : krb5 - integer underflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:krb5", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1969.NASL", "href": "https://www.tenable.com/plugins/nessus/44834", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1969. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44834);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-4212\");\n script_bugtraq_id(37749);\n script_xref(name:\"DSA\", value:\"1969\");\n\n script_name(english:\"Debian DSA-1969-1 : krb5 - integer underflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that krb5, a system for authenticating users and\nservices on a network, is prone to integer underflow in the AES and\nRC4 decryption operations of the crypto library. A remote attacker can\ncause crashes, heap corruption, or, under extraordinarily unlikely\nconditions, arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-1969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the krb5 package.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.4.4-7etch8.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-5lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"krb5-admin-server\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-clients\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-doc\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-ftpd\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-kdc\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-rsh-server\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-telnetd\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-user\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libkadm55\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libkrb5-dbg\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libkrb5-dev\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libkrb53\", reference:\"1.4.4-7etch8\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-admin-server\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-clients\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-doc\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-ftpd\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-kdc\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-kdc-ldap\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-pkinit\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-rsh-server\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-telnetd\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"krb5-user\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkadm55\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkrb5-dbg\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkrb5-dev\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkrb53\", reference:\"1.6.dfsg.4~beta1-5lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:57:17", "description": "It was discovered that Kerberos did not correctly handle invalid AES\nblocks. An unauthenticated remote attacker could send specially\ncrafted traffic that would crash the KDC service, leading to a denial\nof service, or possibly execute arbitrary code with root privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-01-13T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : krb5 vulnerability (USN-881-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg", "p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:libk5crypto3", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-3", "p-cpe:/a:canonical:ubuntu_linux:krb5-doc", "p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd", "p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:krb5-clients", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd", "p-cpe:/a:canonical:ubuntu_linux:libkadm55", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:libgssrpc4", "p-cpe:/a:canonical:ubuntu_linux:libkdb5-4", "p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt6", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libkrb53", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libkrb5support0", "p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit", "p-cpe:/a:canonical:ubuntu_linux:libkadm5srv6"], "id": "UBUNTU_USN-881-1.NASL", "href": "https://www.tenable.com/plugins/nessus/43874", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-881-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43874);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-4212\");\n script_xref(name:\"USN\", value:\"881-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : krb5 vulnerability (USN-881-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Kerberos did not correctly handle invalid AES\nblocks. An unauthenticated remote attacker could send specially\ncrafted traffic that would crash the KDC service, leading to a denial\nof service, or possibly execute arbitrary code with root privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/881-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssrpc4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libk5crypto3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5srv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdb5-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5support0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-admin-server\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-clients\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-doc\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-ftpd\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-kdc\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-rsh-server\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-telnetd\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-user\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkadm55\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb5-dev\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb53\", pkgver:\"1.4.3-5ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-clients\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-doc\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-kdc\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-pkinit\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-user\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libgssapi-krb5-2\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libgssrpc4\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libk5crypto3\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkadm5clnt6\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkadm5srv6\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkdb5-4\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkrb5-3\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkrb5-dbg\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkrb5support0\", pkgver:\"1.7dfsg~beta3-1ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-clients / krb5-doc / krb5-ftpd / krb5-kdc / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:23", "description": "Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat\nEnterprise Linux 4.7, 5.2, and 5.3 Extended Update Support.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nMultiple integer underflow flaws, leading to heap-based corruption,\nwere found in the way the MIT Kerberos Key Distribution Center (KDC)\ndecrypted ciphertexts encrypted with the Advanced Encryption Standard\n(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client\nwere able to provide a specially crafted AES- or RC4-encrypted\nciphertext or texts, it could potentially lead to either a denial of\nservice of the central KDC (KDC crash or abort upon processing the\ncrafted ciphertext), or arbitrary code execution with the privileges\nof the KDC (i.e., root privileges). (CVE-2009-4212)\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running services using\nthe MIT Kerberos libraries must be restarted for the update to take\neffect.", "edition": 26, "published": "2010-01-13T00:00:00", "title": "RHEL 3 / 4 / 5 : krb5 (RHSA-2010:0029)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2010-01-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:krb5-server", "cpe:/o:redhat:enterprise_linux:5.2", "cpe:/o:redhat:enterprise_linux:5.4", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2010-0029.NASL", "href": "https://www.tenable.com/plugins/nessus/43868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0029. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43868);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4212\");\n script_bugtraq_id(37749);\n script_xref(name:\"RHSA\", value:\"2010:0029\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : krb5 (RHSA-2010:0029)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat\nEnterprise Linux 4.7, 5.2, and 5.3 Extended Update Support.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nMultiple integer underflow flaws, leading to heap-based corruption,\nwere found in the way the MIT Kerberos Key Distribution Center (KDC)\ndecrypted ciphertexts encrypted with the Advanced Encryption Standard\n(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client\nwere able to provide a specially crafted AES- or RC4-encrypted\nciphertext or texts, it could potentially lead to either a denial of\nservice of the central KDC (KDC crash or abort upon processing the\ncrafted ciphertext), or arbitrary code execution with the privileges\nof the KDC (i.e., root privileges). (CVE-2009-4212)\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running services using\nthe MIT Kerberos libraries must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0029\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0029\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-devel-1.2.7-71\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-libs-1.2.7-71\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-server-1.2.7-71\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-workstation-1.2.7-71\")) flag++;\n\n\nif (sp == \"7\") { if (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"krb5-devel-1.3.4-60.el4_7.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL4\", reference:\"krb5-devel-1.3.4-62.el4_8.1\")) flag++; }\n\nif (sp == \"7\") { if (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"krb5-libs-1.3.4-60.el4_7.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL4\", reference:\"krb5-libs-1.3.4-62.el4_8.1\")) flag++; }\n\nif (sp == \"7\") { if (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"krb5-server-1.3.4-60.el4_7.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL4\", reference:\"krb5-server-1.3.4-62.el4_8.1\")) flag++; }\n\nif (sp == \"7\") { if (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"krb5-workstation-1.3.4-60.el4_7.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL4\", reference:\"krb5-workstation-1.3.4-62.el4_8.1\")) flag++; }\n\n\nif (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", reference:\"krb5-devel-1.6.1-31.el5_3.4\")) flag++; }\nelse if (sp == \"2\") { if (rpm_check(release:\"RHEL5\", sp:\"2\", reference:\"krb5-devel-1.6.1-25.el5_2.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"krb5-devel-1.6.1-36.el5_4.1\")) flag++; }\n\nif (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", reference:\"krb5-libs-1.6.1-31.el5_3.4\")) flag++; }\nelse if (sp == \"2\") { if (rpm_check(release:\"RHEL5\", sp:\"2\", reference:\"krb5-libs-1.6.1-25.el5_2.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"krb5-libs-1.6.1-36.el5_4.1\")) flag++; }\n\nif (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"krb5-server-1.6.1-31.el5_3.4\")) flag++; }\nelse if (sp == \"2\") { if (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i386\", reference:\"krb5-server-1.6.1-25.el5_2.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"krb5-server-1.6.1-36.el5_4.1\")) flag++; }\n\nif (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"krb5-server-1.6.1-31.el5_3.4\")) flag++; }\nelse if (sp == \"2\") { if (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"krb5-server-1.6.1-25.el5_2.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"krb5-server-1.6.1-36.el5_4.1\")) flag++; }\n\nif (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"krb5-server-1.6.1-31.el5_3.4\")) flag++; }\nelse if (sp == \"2\") { if (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"krb5-server-1.6.1-25.el5_2.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"krb5-server-1.6.1-36.el5_4.1\")) flag++; }\n\nif (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"krb5-workstation-1.6.1-31.el5_3.4\")) flag++; }\nelse if (sp == \"2\") { if (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"i386\", reference:\"krb5-workstation-1.6.1-25.el5_2.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"krb5-workstation-1.6.1-36.el5_4.1\")) flag++; }\n\nif (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"s390x\", reference:\"krb5-workstation-1.6.1-31.el5_3.4\")) flag++; }\nelse if (sp == \"2\") { if (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"s390x\", reference:\"krb5-workstation-1.6.1-25.el5_2.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"krb5-workstation-1.6.1-36.el5_4.1\")) flag++; }\n\nif (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"krb5-workstation-1.6.1-31.el5_3.4\")) flag++; }\nelse if (sp == \"2\") { if (rpm_check(release:\"RHEL5\", sp:\"2\", cpu:\"x86_64\", reference:\"krb5-workstation-1.6.1-25.el5_2.3\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"krb5-workstation-1.6.1-36.el5_4.1\")) flag++; }\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:41", "description": "This update incorporates fixes from upstream which correct integer\nunderflow problems in the AES and RC4 decryption routines\n(CVE-2009-4212). It also corrects a failure in 'kdb5_util load' which\ncould occur when the database files being created did not previously\nexist.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : krb5-1.7-18.fc12 (2010-0503)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:krb5", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-0503.NASL", "href": "https://www.tenable.com/plugins/nessus/47187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-0503.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47187);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4212\");\n script_bugtraq_id(37486, 37749);\n script_xref(name:\"FEDORA\", value:\"2010-0503\");\n\n script_name(english:\"Fedora 12 : krb5-1.7-18.fc12 (2010-0503)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates fixes from upstream which correct integer\nunderflow problems in the AES and RC4 decryption routines\n(CVE-2009-4212). It also corrects a failure in 'kdb5_util load' which\ncould occur when the database files being created did not previously\nexist.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=545015\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9bf3b63\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"krb5-1.7-18.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:31", "description": "A vulnerability has been found and corrected in krb5 :\n\nMultiple integer underflows in the (1) AES and (2) RC4 decryption\nfunctionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3\nthrough 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a\ndenial of service (daemon crash) or possibly execute arbitrary code by\nproviding ciphertext with a length that is too short to be valid\n(CVE-2009-4212).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2010-01-14T00:00:00", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2010:006)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "modified": "2010-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:libkrb53", "p-cpe:/a:mandriva:linux:krb5-server", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:ftp-server-krb5", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:krb5", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:lib64krb53", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:ftp-client-krb5", "p-cpe:/a:mandriva:linux:libkrb53-devel", "p-cpe:/a:mandriva:linux:telnet-client-krb5", "p-cpe:/a:mandriva:linux:telnet-server-krb5"], "id": "MANDRIVA_MDVSA-2010-006.NASL", "href": "https://www.tenable.com/plugins/nessus/43881", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:006. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43881);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-4212\");\n script_bugtraq_id(37749);\n script_xref(name:\"MDVSA\", value:\"2010:006\");\n\n script_name(english:\"Mandriva Linux Security Advisory : krb5 (MDVSA-2010:006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in krb5 :\n\nMultiple integer underflows in the (1) AES and (2) RC4 decryption\nfunctionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3\nthrough 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a\ndenial of service (daemon crash) or possibly execute arbitrary code by\nproviding ciphertext with a length that is too short to be valid\n(CVE-2009-4212).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ftp-client-krb5-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ftp-server-krb5-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-server-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-workstation-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkrb53-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"telnet-client-krb5-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"telnet-server-krb5-1.6.2-7.4mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"ftp-client-krb5-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ftp-server-krb5-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"krb5-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"krb5-server-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"krb5-workstation-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkrb53-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"telnet-client-krb5-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"telnet-server-krb5-1.6.3-6.3mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"ftp-client-krb5-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"ftp-server-krb5-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"krb5-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"krb5-server-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"krb5-workstation-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libkrb53-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"telnet-client-krb5-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"telnet-server-krb5-1.6.3-9.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"ftp-client-krb5-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"ftp-server-krb5-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"krb5-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"krb5-server-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"krb5-workstation-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkrb53-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"telnet-client-krb5-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"telnet-server-krb5-1.6.3-10.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-21T11:32:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "Check for the Version of krb5", "modified": "2017-12-21T00:00:00", "published": "2010-01-19T00:00:00", "id": "OPENVAS:870207", "href": "http://plugins.openvas.org/nasl.php?oid=870207", "type": "openvas", "title": "RedHat Update for krb5 RHSA-2010:0029-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for krb5 RHSA-2010:0029-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third party, the Key Distribution Center (KDC).\n\n Multiple integer underflow flaws, leading to heap-based corruption, were\n found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted\n ciphertexts encrypted with the Advanced Encryption Standard (AES) and\n ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to\n provide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it\n could potentially lead to either a denial of service of the central KDC\n (KDC crash or abort upon processing the crafted ciphertext), or arbitrary\n code execution with the privileges of the KDC (i.e., root privileges).\n (CVE-2009-4212)\n \n All krb5 users should upgrade to these updated packages, which contain a\n backported patch to correct these issues. All running services using the\n MIT Kerberos libraries must be restarted for the update to take effect.\";\n\ntag_affected = \"krb5 on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-January/msg00006.html\");\n script_id(870207);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0029-01\");\n script_cve_id(\"CVE-2009-4212\");\n script_name(\"RedHat Update for krb5 RHSA-2010:0029-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~36.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~36.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~36.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~36.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~36.el5_4.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.3.4~62.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~62.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~62.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~62.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~62.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.2.7~71\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.2.7~71\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.2.7~71\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.2.7~71\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.2.7~71\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "Check for the Version of krb5-devel", "modified": "2017-12-21T00:00:00", "published": "2010-01-19T00:00:00", "id": "OPENVAS:880356", "href": "http://plugins.openvas.org/nasl.php?oid=880356", "type": "openvas", "title": "CentOS Update for krb5-devel CESA-2010:0029 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2010:0029 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third party, the Key Distribution Center (KDC).\n\n Multiple integer underflow flaws, leading to heap-based corruption, were\n found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted\n ciphertexts encrypted with the Advanced Encryption Standard (AES) and\n ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to\n provide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it\n could potentially lead to either a denial of service of the central KDC\n (KDC crash or abort upon processing the crafted ciphertext), or arbitrary\n code execution with the privileges of the KDC (i.e., root privileges).\n (CVE-2009-4212)\n \n All krb5 users should upgrade to these updated packages, which contain a\n backported patch to correct these issues. All running services using the\n MIT Kerberos libraries must be restarted for the update to take effect.\";\n\ntag_affected = \"krb5-devel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-January/016456.html\");\n script_id(880356);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0029\");\n script_cve_id(\"CVE-2009-4212\");\n script_name(\"CentOS Update for krb5-devel CESA-2010:0029 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:11:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "Check for the Version of krb5", "modified": "2017-12-11T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:861639", "href": "http://plugins.openvas.org/nasl.php?oid=861639", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2010-0515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2010-0515\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 11\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html\");\n script_id(861639);\n script_version(\"$Revision: 8068 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-11 07:31:34 +0100 (Mon, 11 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-0515\");\n script_cve_id(\"CVE-2009-4212\");\n script_name(\"Fedora Update for krb5 FEDORA-2010-0515\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~23.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "Oracle Linux Local Security Checks ELSA-2010-0029", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122402", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0029.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122402\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:18:20 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0029\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0029 - krb5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0029\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0029.html\");\n script_cve_id(\"CVE-2009-4212\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~36.el5_4.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~36.el5_4.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~36.el5_4.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~36.el5_4.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:04:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "Check for the Version of krb5-devel", "modified": "2018-01-03T00:00:00", "published": "2010-01-19T00:00:00", "id": "OPENVAS:1361412562310880350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880350", "type": "openvas", "title": "CentOS Update for krb5-devel CESA-2010:0029 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2010:0029 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third party, the Key Distribution Center (KDC).\n\n Multiple integer underflow flaws, leading to heap-based corruption, were\n found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted\n ciphertexts encrypted with the Advanced Encryption Standard (AES) and\n ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to\n provide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it\n could potentially lead to either a denial of service of the central KDC\n (KDC crash or abort upon processing the crafted ciphertext), or arbitrary\n code execution with the privileges of the KDC (i.e., root privileges).\n (CVE-2009-4212)\n \n All krb5 users should upgrade to these updated packages, which contain a\n backported patch to correct these issues. All running services using the\n MIT Kerberos libraries must be restarted for the update to take effect.\";\n\ntag_affected = \"krb5-devel on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-January/016454.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880350\");\n script_version(\"$Revision: 8274 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 08:28:17 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0029\");\n script_cve_id(\"CVE-2009-4212\");\n script_name(\"CentOS Update for krb5-devel CESA-2010:0029 centos3 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.2.7~71\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.2.7~71\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.2.7~71\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.2.7~71\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.2.7~71\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:05:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "Check for the Version of krb5-devel", "modified": "2018-01-17T00:00:00", "published": "2010-01-19T00:00:00", "id": "OPENVAS:1361412562310880344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880344", "type": "openvas", "title": "CentOS Update for krb5-devel CESA-2010:0029 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2010:0029 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third party, the Key Distribution Center (KDC).\n\n Multiple integer underflow flaws, leading to heap-based corruption, were\n found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted\n ciphertexts encrypted with the Advanced Encryption Standard (AES) and\n ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to\n provide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it\n could potentially lead to either a denial of service of the central KDC\n (KDC crash or abort upon processing the crafted ciphertext), or arbitrary\n code execution with the privileges of the KDC (i.e., root privileges).\n (CVE-2009-4212)\n \n All krb5 users should upgrade to these updated packages, which contain a\n backported patch to correct these issues. All running services using the\n MIT Kerberos libraries must be restarted for the update to take effect.\";\n\ntag_affected = \"krb5-devel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-January/016455.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880344\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0029\");\n script_cve_id(\"CVE-2009-4212\");\n script_name(\"CentOS Update for krb5-devel CESA-2010:0029 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.3.4~62.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "Check for the Version of krb5", "modified": "2018-01-16T00:00:00", "published": "2010-01-19T00:00:00", "id": "OPENVAS:1361412562310830809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830809", "type": "openvas", "title": "Mandriva Update for krb5 MDVSA-2010:006 (krb5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDVSA-2010:006 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in krb5:\n\n Multiple integer underflows in the (1) AES and (2) RC4 decryption\n functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3\n through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause\n a denial of service (daemon crash) or possibly execute arbitrary code\n by providing ciphertext with a length that is too short to be valid\n (CVE-2009-4212).\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\n \n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-01/msg00039.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830809\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:006\");\n script_cve_id(\"CVE-2009-4212\");\n script_name(\"Mandriva Update for krb5 MDVSA-2010:006 (krb5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "Check for the Version of krb5", "modified": "2017-12-19T00:00:00", "published": "2010-01-19T00:00:00", "id": "OPENVAS:830809", "href": "http://plugins.openvas.org/nasl.php?oid=830809", "type": "openvas", "title": "Mandriva Update for krb5 MDVSA-2010:006 (krb5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDVSA-2010:006 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in krb5:\n\n Multiple integer underflows in the (1) AES and (2) RC4 decryption\n functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3\n through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause\n a denial of service (daemon crash) or possibly execute arbitrary code\n by providing ciphertext with a length that is too short to be valid\n (CVE-2009-4212).\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\n \n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-01/msg00039.php\");\n script_id(830809);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-19 08:58:46 +0100 (Tue, 19 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:006\");\n script_cve_id(\"CVE-2009-4212\");\n script_name(\"Mandriva Update for krb5 MDVSA-2010:006 (krb5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.2~7.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~6.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~10.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.6.3~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-19T16:10:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "This host is installed with Kerberos5 and is prone to multiple\n Integer Underflow vulnerability.", "modified": "2019-12-18T00:00:00", "published": "2010-01-20T00:00:00", "id": "OPENVAS:1361412562310800433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800433", "type": "openvas", "title": "Kerberos5 Multiple Integer Underflow Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Kerberos5 Multiple Integer Underflow Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800433\");\n script_version(\"2019-12-18T15:04:04+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 15:04:04 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-01-20 08:21:11 +0100 (Wed, 20 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-4212\");\n script_name(\"Kerberos5 Multiple Integer Underflow Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_kerberos5_detect.nasl\");\n script_mandatory_keys(\"Kerberos5/Ver\");\n\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=545015\");\n script_xref(name:\"URL\", value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt\");\n script_xref(name:\"URL\", value:\"http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt\");\n script_xref(name:\"URL\", value:\"http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt\");\n\n script_tag(name:\"affected\", value:\"kerberos5 version 1.3 through 1.6.3, and version 1.7.\");\n\n script_tag(name:\"insight\", value:\"Multiple Integer Underflow due to errors within the 'AES' and 'RC4'\n decryption functionality in the crypto library in MIT Kerberos when\n processing ciphertext with a length that is too short to be valid.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Kerberos5 and is prone to multiple\n Integer Underflow vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch mentioned in the advisories below.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause a denial of service\n or possibly execute arbitrary code.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:mit:kerberos\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! version = get_app_version( cpe: CPE ) ) exit( 0 );\n\nif( version_in_range( version: version, test_version: \"1.3\", test_version2: \"1.6.3\" )\n || version_is_equal( version: version, test_version: \"1.7\" ) ) {\n\n report = report_fixed_ver( installed_version: version, fixed_version: \"Apply the referenced patch\" );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-21T11:32:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4212"], "description": "Check for the Version of krb5", "modified": "2017-12-20T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:1361412562310861639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861639", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2010-0515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2010-0515\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 11\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861639\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-0515\");\n script_cve_id(\"CVE-2009-4212\");\n script_name(\"Fedora Update for krb5 FEDORA-2010-0515\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.3~23.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:28:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3295", "CVE-2009-4212"], "description": "Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption (CVE-2009-4212). Remote attackers could potentially exploit that to execute arbitrary code. openSUSE 11.2 is also affected by the following problem: Specially crafted ticket requests could crash the kerberos server (CVE-2009-3295).\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-01-19T17:05:33", "published": "2010-01-19T17:05:33", "id": "SUSE-SA:2010:006", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00006.html", "title": "remote code execution in krb5", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0307", "CVE-2009-0844", "CVE-2010-1437", "CVE-2009-0846", "CVE-2010-0291", "CVE-2010-0415", "CVE-2010-1321", "CVE-2010-0622", "CVE-2010-1088", "CVE-2009-4212", "CVE-2010-1087", "CVE-2009-0845"], "description": "a. Service Console OS update for COS kernel \nThis patch updates the service console kernel to fix multiple security issues. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0415, CVE-2010-0307, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1437, and CVE-2010-1088 to these issues. \n \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2011-01-04T00:00:00", "published": "2010-11-15T00:00:00", "id": "VMSA-2010-0016", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0016.html", "title": "VMware ESXi and ESX third party updates for Service Console and Likewise components", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-06T16:05:45", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3613", "CVE-2009-3556", "CVE-2009-1386", "CVE-2009-4537", "CVE-2009-1379", "CVE-2009-3939", "CVE-2009-1377", "CVE-2009-4272", "CVE-2009-3621", "CVE-2009-3726", "CVE-2009-2910", "CVE-2009-4355", "CVE-2009-4141", "CVE-2009-2409", "CVE-2009-3563", "CVE-2009-1387", "CVE-2010-0001", "CVE-2007-4567", "CVE-2010-0382", "CVE-2009-1378", "CVE-2010-0290", "CVE-2009-0590", "CVE-2009-3080", "CVE-2009-4538", "CVE-2009-3547", "CVE-2006-6304", "CVE-2009-4020", "CVE-2009-3620", "CVE-2010-0426", "CVE-2009-4536", "CVE-2010-0427", "CVE-2009-2908", "CVE-2009-1384", "CVE-2009-3228", "CVE-2009-3889", "CVE-2010-0097", "CVE-2009-4212", "CVE-2009-4021", "CVE-2009-3286", "CVE-2009-3612", "CVE-2009-3736", "CVE-2009-4138", "CVE-2009-2695"], "description": "a. Service Console update for COS kernel \n \nUpdated COS package \"kernel\" addresses the security issues that are fixed through versions 2.6.18-164.11.1. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2010-06-24T00:00:00", "published": "2010-05-27T00:00:00", "id": "VMSA-2010-0009", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0009.html", "title": "ESXi utilities and ESX Service Console third party updates", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:43", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0283", "CVE-2011-1530", "CVE-2011-1529", "CVE-2011-4151", "CVE-2011-0285", "CVE-2010-1324", "CVE-2010-4020", "CVE-2010-1320", "CVE-2010-0629", "CVE-2011-0283", "CVE-2010-4021", "CVE-2011-0281", "CVE-2010-1322", "CVE-2011-1528", "CVE-2010-1321", "CVE-2009-3295", "CVE-2011-0282", "CVE-2009-4212", "CVE-2011-1527", "CVE-2011-0284", "CVE-2010-1323", "CVE-2010-4022"], "edition": 1, "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the administration daemon or the Key Distribution Center (KDC) daemon, cause a Denial of Service condition, or possibly obtain sensitive information. Furthermore, a remote attacker may be able to spoof Kerberos authorization, modify KDC responses, forge user data messages, forge tokens, forge signatures, impersonate a client, modify user-visible prompt text, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.9.2-r1\"", "modified": "2012-01-23T00:00:00", "published": "2012-01-23T00:00:00", "id": "GLSA-201201-13", "href": "https://security.gentoo.org/glsa/201201-13", "type": "gentoo", "title": "MIT Kerberos 5: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}