The remote host is affected by the vulnerability described in GLSA-201201-14 (MIT Kerberos 5 Applications: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in MIT Kerberos 5 Applications:
An error in the FTP daemon prevents it from dropping its initial effective group identifier (CVE-2011-1526).
A boundary error in the telnet daemon and client could cause a buffer overflow (CVE-2011-4862).
Impact :
An unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the user running the telnet daemon or client.
Furthermore, an authenticated remote attacker may be able to read or write files owned by the same group as the effective group of the FTP daemon.
Workaround :
There is no known workaround at this time.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201201-14.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(57656);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2011-1526", "CVE-2011-4862");
script_bugtraq_id(48571, 51182);
script_xref(name:"GLSA", value:"201201-14");
script_name(english:"GLSA-201201-14 : MIT Kerberos 5 Applications: Multiple vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201201-14
(MIT Kerberos 5 Applications: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in MIT Kerberos 5
Applications:
An error in the FTP daemon prevents it from dropping its initial
effective group identifier (CVE-2011-1526).
A boundary error in the telnet daemon and client could cause a buffer
overflow (CVE-2011-4862).
Impact :
An unauthenticated remote attacker may be able to execute arbitrary code
with the privileges of the user running the telnet daemon or client.
Furthermore, an authenticated remote attacker may be able to read or
write files owned by the same group as the effective group of the FTP
daemon.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201201-14"
);
script_set_attribute(
attribute:"solution",
value:
"All MIT Kerberos 5 Applications users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-crypt/mit-krb5-appl-1.0.2-r1'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploithub_sku", value:"EH-11-760");
script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mit-krb5-appl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/24");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"app-crypt/mit-krb5-appl", unaffected:make_list("ge 1.0.2-r1"), vulnerable:make_list("lt 1.0.2-r1"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MIT Kerberos 5 Applications");
}
Vendor | Product | Version | CPE |
---|---|---|---|
gentoo | linux | mit-krb5-appl | p-cpe:/a:gentoo:linux:mit-krb5-appl |
gentoo | linux | cpe:/o:gentoo:linux |