GLSA-200904-09 : MIT Kerberos 5: Multiple vulnerabilities

2009-04-11T00:00:00
ID GENTOO_GLSA-200904-09.NASL
Type nessus
Reporter Tenable
Modified 2016-11-11T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-200904-09 (MIT Kerberos 5: Multiple vulnerabilities)

Multiple vulnerabilities have been reported in MIT Kerberos 5:
A free() call on an uninitialized pointer in the ASN.1 decoder
when decoding an invalid encoding (CVE-2009-0846).
A buffer
overread in the SPNEGO GSS-API application, reported by Apple Product
Security (CVE-2009-0844).
A NULL pointer dereference in the
SPNEGO GSS-API application, reported by Richard Evans
(CVE-2009-0845).
An incorrect length check inside an ASN.1
decoder leading to spurious malloc() failures (CVE-2009-0847).

Impact :

A remote unauthenticated attacker could exploit the first vulnerability
to cause a Denial of Service or, in unlikely circumstances, execute
arbitrary code on the host running krb5kdc or kadmind with root
privileges and compromise the Kerberos key database. Exploitation of
the other vulnerabilities might lead to a Denial of Service in kadmind,
krb5kdc, or other daemons performing authorization against Kerberos
that utilize GSS-API or an information disclosure.

Workaround :

There is no known workaround at this time.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200904-09.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(36137);
  script_version("$Revision: 1.12 $");
  script_cvs_date("$Date: 2016/11/11 20:08:44 $");

  script_cve_id("CVE-2009-0844", "CVE-2009-0845", "CVE-2009-0846", "CVE-2009-0847");
  script_bugtraq_id(34257, 34408, 34409);
  script_xref(name:"GLSA", value:"200904-09");

  script_name(english:"GLSA-200904-09 : MIT Kerberos 5: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200904-09
(MIT Kerberos 5: Multiple vulnerabilities)

    Multiple vulnerabilities have been reported in MIT Kerberos 5:
    A free() call on an uninitialized pointer in the ASN.1 decoder
    when decoding an invalid encoding (CVE-2009-0846).
    A buffer
    overread in the SPNEGO GSS-API application, reported by Apple Product
    Security (CVE-2009-0844).
    A NULL pointer dereference in the
    SPNEGO GSS-API application, reported by Richard Evans
    (CVE-2009-0845).
    An incorrect length check inside an ASN.1
    decoder leading to spurious malloc() failures (CVE-2009-0847).
  
Impact :

    A remote unauthenticated attacker could exploit the first vulnerability
    to cause a Denial of Service or, in unlikely circumstances, execute
    arbitrary code on the host running krb5kdc or kadmind with root
    privileges and compromise the Kerberos key database. Exploitation of
    the other vulnerabilities might lead to a Denial of Service in kadmind,
    krb5kdc, or other daemons performing authorization against Kerberos
    that utilize GSS-API or an information disclosure.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200904-09"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All MIT Kerberos 5 users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.6.3-r6'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mit-krb5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-crypt/mit-krb5", unaffected:make_list("ge 1.6.3-r6"), vulnerable:make_list("lt 1.6.3-r6"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MIT Kerberos 5");
}