GLSA-201201-14 : MIT Kerberos 5 Applications: Multiple vulnerabilities

2012-01-2400:00:00

www.tenable.com

The remote host is affected by the vulnerability described in GLSA-201201-14 (MIT Kerberos 5 Applications: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in MIT Kerberos 5       Applications:
  An error in the FTP daemon prevents it from dropping its initial         effective group identifier (CVE-2011-1526).
  A boundary error in the telnet daemon and client could cause a buffer         overflow (CVE-2011-4862).

Impact :

An unauthenticated remote attacker may be able to execute arbitrary code       with the privileges of the user running the telnet daemon or client.
  Furthermore, an authenticated remote attacker may be able to read or       write files owned by the same group as the effective group of the FTP       daemon.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201201-14.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(57656);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2011-1526", "CVE-2011-4862");
  script_bugtraq_id(48571, 51182);
  script_xref(name:"GLSA", value:"201201-14");

  script_name(english:"GLSA-201201-14 : MIT Kerberos 5 Applications: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201201-14
(MIT Kerberos 5 Applications: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MIT Kerberos 5
      Applications:
      An error in the FTP daemon prevents it from dropping its initial
        effective group identifier (CVE-2011-1526).
      A boundary error in the telnet daemon and client could cause a buffer
        overflow (CVE-2011-4862).
  
Impact :

    An unauthenticated remote attacker may be able to execute arbitrary code
      with the privileges of the user running the telnet daemon or client.
      Furthermore, an authenticated remote attacker may be able to read or
      write files owned by the same group as the effective group of the FTP
      daemon.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201201-14"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All MIT Kerberos 5 Applications users should upgrade to the latest
      version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=app-crypt/mit-krb5-appl-1.0.2-r1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-11-760");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mit-krb5-appl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-crypt/mit-krb5-appl", unaffected:make_list("ge 1.0.2-r1"), vulnerable:make_list("lt 1.0.2-r1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MIT Kerberos 5 Applications");
}

VendorProductVersionCPE
gentoolinuxmit-krb5-applp-cpe:/a:gentoo:linux:mit-krb5-appl
gentoolinuxcpe:/o:gentoo:linux

Vendor	Product	Version	CPE
gentoo	linux	mit-krb5-appl	p-cpe:/a:gentoo:linux:mit-krb5-appl
gentoo	linux		cpe:/o:gentoo:linux

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1526

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862

security.gentoo.org/glsa/201201-14

JSON

Related for GENTOO_GLSA-201201-14.NASL