GLSA-200904-09 : MIT Kerberos 5: Multiple vulnerabilities

2009-04-11T00:00:00
ID GENTOO_GLSA-200904-09.NASL
Type nessus
Reporter Tenable
Modified 2016-11-11T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-200904-09 (MIT Kerberos 5: Multiple vulnerabilities)

Multiple vulnerabilities have been reported in MIT Kerberos 5:
A free() call on an uninitialized pointer in the ASN.1 decoder     when decoding an invalid encoding (CVE-2009-0846).
A buffer     overread in the SPNEGO GSS-API application, reported by Apple Product     Security (CVE-2009-0844).
A NULL pointer dereference in the     SPNEGO GSS-API application, reported by Richard Evans     (CVE-2009-0845).
An incorrect length check inside an ASN.1     decoder leading to spurious malloc() failures (CVE-2009-0847).

Impact :

A remote unauthenticated attacker could exploit the first vulnerability     to cause a Denial of Service or, in unlikely circumstances, execute     arbitrary code on the host running krb5kdc or kadmind with root     privileges and compromise the Kerberos key database. Exploitation of     the other vulnerabilities might lead to a Denial of Service in kadmind,     krb5kdc, or other daemons performing authorization against Kerberos     that utilize GSS-API or an information disclosure.

Workaround :

There is no known workaround at this time.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200904-09.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(36137);
  script_version("$Revision: 1.12 $");
  script_cvs_date("$Date: 2016/11/11 20:08:44 $");

  script_cve_id("CVE-2009-0844", "CVE-2009-0845", "CVE-2009-0846", "CVE-2009-0847");
  script_bugtraq_id(34257, 34408, 34409);
  script_xref(name:"GLSA", value:"200904-09");

  script_name(english:"GLSA-200904-09 : MIT Kerberos 5: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200904-09
(MIT Kerberos 5: Multiple vulnerabilities)

    Multiple vulnerabilities have been reported in MIT Kerberos 5:
    A free() call on an uninitialized pointer in the ASN.1 decoder
    when decoding an invalid encoding (CVE-2009-0846).
    A buffer
    overread in the SPNEGO GSS-API application, reported by Apple Product
    Security (CVE-2009-0844).
    A NULL pointer dereference in the
    SPNEGO GSS-API application, reported by Richard Evans
    (CVE-2009-0845).
    An incorrect length check inside an ASN.1
    decoder leading to spurious malloc() failures (CVE-2009-0847).
  
Impact :

    A remote unauthenticated attacker could exploit the first vulnerability
    to cause a Denial of Service or, in unlikely circumstances, execute
    arbitrary code on the host running krb5kdc or kadmind with root
    privileges and compromise the Kerberos key database. Exploitation of
    the other vulnerabilities might lead to a Denial of Service in kadmind,
    krb5kdc, or other daemons performing authorization against Kerberos
    that utilize GSS-API or an information disclosure.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200904-09"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All MIT Kerberos 5 users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.6.3-r6'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mit-krb5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-crypt/mit-krb5", unaffected:make_list("ge 1.6.3-r6"), vulnerable:make_list("lt 1.6.3-r6"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MIT Kerberos 5");
}