GLSA-201201-14 : MIT Kerberos 5 Applications: Multiple vulnerabilities

2012-01-24T00:00:00
ID GENTOO_GLSA-201201-14.NASL
Type nessus
Reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-02-02T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-201201-14 (MIT Kerberos 5 Applications: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in MIT Kerberos 5
  Applications:
  An error in the FTP daemon prevents it from dropping its initial
    effective group identifier (CVE-2011-1526).
  A boundary error in the telnet daemon and client could cause a buffer
    overflow (CVE-2011-4862).

Impact :

An unauthenticated remote attacker may be able to execute arbitrary code
  with the privileges of the user running the telnet daemon or client.
  Furthermore, an authenticated remote attacker may be able to read or
  write files owned by the same group as the effective group of the FTP
  daemon.

Workaround :

There is no known workaround at this time.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201201-14.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(57656);
  script_version("1.22");
  script_cvs_date("Date: 2018/11/05  9:50:12");

  script_cve_id("CVE-2011-1526", "CVE-2011-4862");
  script_bugtraq_id(48571, 51182);
  script_xref(name:"GLSA", value:"201201-14");

  script_name(english:"GLSA-201201-14 : MIT Kerberos 5 Applications: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201201-14
(MIT Kerberos 5 Applications: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MIT Kerberos 5
      Applications:
      An error in the FTP daemon prevents it from dropping its initial
        effective group identifier (CVE-2011-1526).
      A boundary error in the telnet daemon and client could cause a buffer
        overflow (CVE-2011-4862).
  
Impact :

    An unauthenticated remote attacker may be able to execute arbitrary code
      with the privileges of the user running the telnet daemon or client.
      Furthermore, an authenticated remote attacker may be able to read or
      write files owned by the same group as the effective group of the FTP
      daemon.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201201-14"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All MIT Kerberos 5 Applications users should upgrade to the latest
      version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=app-crypt/mit-krb5-appl-1.0.2-r1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-11-760");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mit-krb5-appl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-crypt/mit-krb5-appl", unaffected:make_list("ge 1.0.2-r1"), vulnerable:make_list("lt 1.0.2-r1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MIT Kerberos 5 Applications");
}