Lucene search
This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2011-195.NASLHistoryDec 29, 2011 - 12:00 a.m.
Mandriva Linux Security Advisory : krb5-appl (MDVSA-2011:195)
2011-12-2900:00:00
This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.
www.tenable.com
13
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%
A vulnerability has been discovered and corrected in krb5-appl, heimdal and netkit-telnet :
An unauthenticated remote attacker can cause a buffer overflow and probably execute arbitrary code with the privileges of the telnet daemon (CVE-2011-4862).
In Mandriva the telnetd daemon from the netkit-telnet-server package does not have an initscript to start and stop the service, however one could rather easily craft an initscript or start the service by other means rendering the system vulnerable to this issue.
The updated packages have been patched to correct this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2011:195.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(57412);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2011-4862");
script_xref(name:"MDVSA", value:"2011:195");
script_name(english:"Mandriva Linux Security Advisory : krb5-appl (MDVSA-2011:195)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A vulnerability has been discovered and corrected in krb5-appl,
heimdal and netkit-telnet :
An unauthenticated remote attacker can cause a buffer overflow and
probably execute arbitrary code with the privileges of the telnet
daemon (CVE-2011-4862).
In Mandriva the telnetd daemon from the netkit-telnet-server package
does not have an initscript to start and stop the service, however one
could rather easily craft an initscript or start the service by other
means rendering the system vulnerable to this issue.
The updated packages have been patched to correct this issue."
);
script_set_attribute(
attribute:"see_also",
value:"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploithub_sku", value:"EH-11-760");
script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-appl-clients");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-appl-servers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:netkit-telnet");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:netkit-telnet-server");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
script_set_attribute(attribute:"patch_publication_date", value:"2011/12/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/29");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2010.1", reference:"krb5-appl-clients-1.0-4.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"krb5-appl-servers-1.0-4.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"krb5-appl-clients-1.0.2-1.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"krb5-appl-servers-1.0.2-1.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"netkit-telnet-0.17-12.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"netkit-telnet-server-0.17-12.1-mdv2011.0", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | krb5-appl-clients | p-cpe:/a:mandriva:linux:krb5-appl-clients |
| mandriva | linux | krb5-appl-servers | p-cpe:/a:mandriva:linux:krb5-appl-servers |
| mandriva | linux | netkit-telnet | p-cpe:/a:mandriva:linux:netkit-telnet |
| mandriva | linux | netkit-telnet-server | p-cpe:/a:mandriva:linux:netkit-telnet-server |
| mandriva | linux | 2010.1 | cpe:/o:mandriva:linux:2010.1 |
| mandriva | linux | 2011 | cpe:/o:mandriva:linux:2011 |
Related
nessus
nessus
RHEL 6 : krb5-appl (RHSA-2011:1852)
2011-12-28 00:00:00
openSUSE Security Update : krb5-appl (openSUSE-2012-17)
2014-06-13 00:00:00
GLSA-201202-05 : Heimdal: Arbitrary code execution
2012-02-23 00:00:00
saint
saint
Telnetd Encryption Key ID Code Execution
2012-02-11 00:00:00
Telnetd Encryption Key ID Code Execution
2012-02-11 00:00:00
Telnetd Encryption Key ID Code Execution
2012-02-11 00:00:00
packetstorm
packetstorm
FreeBSD telnetd Remote Root
2012-01-16 00:00:00
FreeBSD Telnet Service Encyption Key ID Buffer Overflow
2011-12-28 00:00:00
Linux BSD-derived Telnet Service Encyption Key ID Buffer Overflow
2011-12-28 00:00:00
openvas
openvas
RedHat Update for krb5-appl RHSA-2011:1852-02
2012-07-09 00:00:00
RedHat Update for krb5 RHSA-2011:1851-01
2011-12-30 00:00:00
Gentoo Security Advisory GLSA 201202-05 (heimdal)
2012-03-12 00:00:00
seebug
seebug
FreeBSD 'telnetd'守护进程远程缓冲区溢出漏洞
2011-12-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:05:32
prion
prion
Buffer overflow
2011-12-25 01:55:00
gentoo
gentoo
Heimdal: Arbitrary code execution
2012-02-22 00:00:00
MIT Kerberos 5 Applications: Multiple vulnerabilities
2012-01-23 00:00:00
debian
debian
[SECURITY] [DSA 2373-1] inetutils security update
2011-12-25 17:15:34
[SECURITY] [DSA 2375-1] krb5. krb5-appl security update
2011-12-26 13:18:10
[SECURITY] [DSA 2372-1] heimdal security update
2011-12-25 17:14:18
ubuntucve
ubuntucve
CVE-2011-4862
2011-12-25 00:00:00
cve
cve
CVE-2011-4862
2011-12-25 01:55:02
freebsd
freebsd
krb5-appl -- telnetd code execution vulnerability
2011-12-23 00:00:00
suse
suse
Security update for heimdal (important)
2012-01-05 12:08:59
Security update for heimdal (important)
2012-01-05 12:36:30
Security update for Kerberos 5 (important)
2012-01-05 12:36:16
centos
centos
krb5 security update
2011-12-27 20:44:52
krb5 security update
2011-12-27 21:11:42
debiancve
debiancve
CVE-2011-4862
2011-12-25 01:55:02
securityvulns
securityvulns
MIT / FreeBSD / Cisco telnetd buffer overflow
2012-01-30 00:00:00
FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd
2012-01-02 00:00:00
MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]
2012-01-02 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-11:08.telnetd
2011-12-23 00:00:00
nvd
nvd
CVE-2011-4862
2011-12-25 01:55:02
oraclelinux
oraclelinux
krb5-appl security update
2011-12-27 00:00:00
krb5 security update
2011-12-27 00:00:00
krb5 security and bug fix update
2012-03-01 00:00:00
redhat
redhat
(RHSA-2011:1851) Critical: krb5 security update
2011-12-27 00:00:00
(RHSA-2011:1853) Critical: krb5 security update
2011-12-28 00:00:00
(RHSA-2011:1852) Critical: krb5-appl security update
2011-12-27 00:00:00
zdt
zdt
Cisco Ironport WSA telnetd Remote Code Execution Vulnerability
2014-10-24 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: krb5-appl-1.0.2-2.fc16
2012-01-05 21:03:02
[SECURITY] Fedora 15 Update: krb5-appl-1.0.1-8.fc15
2012-01-05 20:57:26
checkpoint_advisories
checkpoint_advisories
Multiple Vendors BSD telnetd Encryption Key Buffer Overflow (CVE-2011-4862)
2012-05-14 00:00:00
cvelist
cvelist
CVE-2011-4862
2011-12-25 01:00:00
cisco
cisco
Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
2012-01-26 17:00:00
vmware
vmware
VMware ESXi and ESX address several security issues
2012-03-29 00:00:00
VMware ESXi and ESX address several security issues
2012-03-29 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%
Related for MANDRIVA_MDVSA-2011-195.NASL