Mandrake Linux Security Advisory : krb5 (MDKSA-2006:139)

2006-12-1600:00:00

www.tenable.com

A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege.

Updated packages have been patched to correct this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:139. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(23888);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2006-3083", "CVE-2006-3084");
  script_bugtraq_id(19427);
  script_xref(name:"MDKSA", value:"2006:139");

  script_name(english:"Mandrake Linux Security Advisory : krb5 (MDKSA-2006:139)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was discovered in some bundled Kerberos-aware packages that
would fail to check the results of the setuid() call. This call can
fail in some circumstances on the Linux 2.6 kernel if certain user
limits are reached, which could be abused by a local attacker to get
the applications to continue to run as root, possibly leading to an
elevation of privilege.

Updated packages have been patched to correct this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ftp-client-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ftp-server-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-workstation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64krb53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64krb53-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkrb53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkrb53-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:telnet-client-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:telnet-server-krb5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/08/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2006.0", reference:"ftp-client-krb5-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ftp-server-krb5-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"krb5-server-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"krb5-workstation-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64krb53-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64krb53-devel-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkrb53-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkrb53-devel-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"telnet-client-krb5-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"telnet-server-krb5-1.4.2-1.1.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinuxftp-client-krb5p-cpe:/a:mandriva:linux:ftp-client-krb5
mandrivalinuxftp-server-krb5p-cpe:/a:mandriva:linux:ftp-server-krb5
mandrivalinuxkrb5-serverp-cpe:/a:mandriva:linux:krb5-server
mandrivalinuxkrb5-workstationp-cpe:/a:mandriva:linux:krb5-workstation
mandrivalinuxlib64krb53p-cpe:/a:mandriva:linux:lib64krb53
mandrivalinuxlib64krb53-develp-cpe:/a:mandriva:linux:lib64krb53-devel
mandrivalinuxlibkrb53p-cpe:/a:mandriva:linux:libkrb53
mandrivalinuxlibkrb53-develp-cpe:/a:mandriva:linux:libkrb53-devel
mandrivalinuxtelnet-client-krb5p-cpe:/a:mandriva:linux:telnet-client-krb5
mandrivalinuxtelnet-server-krb5p-cpe:/a:mandriva:linux:telnet-server-krb5

Vendor	Product	Version	CPE
mandriva	linux	ftp-client-krb5	p-cpe:/a:mandriva:linux:ftp-client-krb5
mandriva	linux	ftp-server-krb5	p-cpe:/a:mandriva:linux:ftp-server-krb5
mandriva	linux	krb5-server	p-cpe:/a:mandriva:linux:krb5-server
mandriva	linux	krb5-workstation	p-cpe:/a:mandriva:linux:krb5-workstation
mandriva	linux	lib64krb53	p-cpe:/a:mandriva:linux:lib64krb53
mandriva	linux	lib64krb53-devel	p-cpe:/a:mandriva:linux:lib64krb53-devel
mandriva	linux	libkrb53	p-cpe:/a:mandriva:linux:libkrb53
mandriva	linux	libkrb53-devel	p-cpe:/a:mandriva:linux:libkrb53-devel
mandriva	linux	telnet-client-krb5	p-cpe:/a:mandriva:linux:telnet-client-krb5
mandriva	linux	telnet-server-krb5	p-cpe:/a:mandriva:linux:telnet-server-krb5