Lucene search
K

Mandriva Linux Security Advisory : pam_krb5 (MDVSA-2010:054)

🗓️ 05 Mar 2010 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 17 Views

Mandriva Linux Security Advisory : pam_krb5 (MDVSA-2010:054) update available for pam_krb5 packag

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-2009-1384
28 May 200920:14
cve
Cvelist
CVE-2009-1384
28 May 200920:14
cvelist
Debian CVE
CVE-2009-1384
28 May 200920:14
debiancve
Oracle linux
pam_krb5 security and bug fix update
5 Apr 201000:00
oraclelinux
EUVD
EUVD-2009-1382
7 Oct 202500:30
euvd
Fedora
[SECURITY] Fedora 11 Update: pam_krb5-2.3.5-1.fc11
27 Jun 200902:49
fedora
Fedora
[SECURITY] Fedora 10 Update: pam_krb5-2.3.5-1.fc10
27 Jun 200902:40
fedora
Fedora
[SECURITY] Fedora 9 Update: pam_krb5-2.3.5-1.fc9
27 Jun 200903:02
fedora
Tenable Nessus
Fedora 11 : pam_krb5-2.3.5-1.fc11 (2009-5983)
28 Jun 200900:00
nessus
Tenable Nessus
Fedora 10 : pam_krb5-2.3.5-1.fc10 (2009-6255)
28 Jun 200900:00
nessus
Rows per page
#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2010:054. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(44989);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2009-1384");
  script_bugtraq_id(35112);
  script_xref(name:"MDVSA", value:"2010:054");

  script_name(english:"Mandriva Linux Security Advisory : pam_krb5 (MDVSA-2010:054)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandriva Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Pam_krb5 2.2.14 through 2.3.4 generates different password prompts
depending on whether the user account exists, which allows remote
attackers to enumerate valid usernames (CVE-2009-1384).

This update provides the version 2.3.5 of pam_krb5, which is not
vulnerable to this issue."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected pam_krb5 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(287);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pam_krb5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2009.0", reference:"pam_krb5-2.3.5-0.1mdv2009.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2009.1", reference:"pam_krb5-2.3.5-0.1mdv2009.1", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

06 Jan 2021 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 25
EPSS0.03326
17