Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.OPENSUSE-2015-246.NASL
HistoryMar 20, 2015 - 12:00 a.m.

openSUSE Security Update : krb5 (openSUSE-2015-246)

2015-03-2000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
14
JSON

krb5 was updated to fix three security issues.

Remote authenticated users could cause denial of service.

On openSUSE 13.1 and 13.2 krb5 was updated to fix the following vulnerabilities :

  • bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name

  • bnc#918595: CVE-2014-5355: krb5: denial of service in krb5_read_message On openSUSE 13.1 krb5 was updated to fix the following vulnerability :

  • bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-246.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81965);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-5353", "CVE-2014-5354", "CVE-2014-5355");

  script_name(english:"openSUSE Security Update : krb5 (openSUSE-2015-246)");
  script_summary(english:"Check for the openSUSE-2015-246 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"krb5 was updated to fix three security issues.

Remote authenticated users could cause denial of service.

On openSUSE 13.1 and 13.2 krb5 was updated to fix the following
vulnerabilities :

  - bnc#910457: CVE-2014-5353: NULL pointer dereference when
    using a ticket policy name as password name

  - bnc#918595: CVE-2014-5355: krb5: denial of service in
    krb5_read_message On openSUSE 13.1 krb5 was updated to
    fix the following vulnerability :

  - bnc#910458: CVE-2014-5354: NULL pointer dereference when
    using keyless entries"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910457"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910458"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=918595"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"krb5-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-client-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-client-debuginfo-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-debuginfo-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-debugsource-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-devel-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-mini-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-mini-debuginfo-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-mini-debugsource-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-mini-devel-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-plugin-kdb-ldap-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-plugin-kdb-ldap-debuginfo-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-plugin-preauth-pkinit-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-server-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-server-debuginfo-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"krb5-32bit-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"krb5-devel-32bit-1.11.3-3.18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-client-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-client-debuginfo-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-debuginfo-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-debugsource-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-devel-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-debuginfo-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-debugsource-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-devel-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-kdb-ldap-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-kdb-ldap-debuginfo-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-otp-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-otp-debuginfo-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-pkinit-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-server-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-server-debuginfo-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"krb5-32bit-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.12.2-12.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"krb5-devel-32bit-1.12.2-12.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-mini / krb5-mini-debuginfo / krb5-mini-debugsource / etc");
}
VendorProductVersionCPE
novellopensuse13.1cpe:/o:novell:opensuse:13.1
novellopensuse13.2cpe:/o:novell:opensuse:13.2
novellopensusekrb5p-cpe:/a:novell:opensuse:krb5
novellopensusekrb5-32bitp-cpe:/a:novell:opensuse:krb5-32bit
novellopensusekrb5-clientp-cpe:/a:novell:opensuse:krb5-client
novellopensusekrb5-client-debuginfop-cpe:/a:novell:opensuse:krb5-client-debuginfo
novellopensusekrb5-debuginfop-cpe:/a:novell:opensuse:krb5-debuginfo
novellopensusekrb5-debuginfo-32bitp-cpe:/a:novell:opensuse:krb5-debuginfo-32bit
novellopensusekrb5-debugsourcep-cpe:/a:novell:opensuse:krb5-debugsource
novellopensusekrb5-develp-cpe:/a:novell:opensuse:krb5-devel
Rows per page:
1-10 of 231

Related

nessus 29
openvas 20
altlinux 6
freebsd 3
fedora 4
f5 2
debiancve 3
securityvulns 2
checkpoint_advisories 1
cvelist 3
mageia 2
cve 3
redhat 3
prion 3
ubuntucve 3
oraclelinux 3
veracode 3
amazon 2
centos 3
ibm 6
osv 1
debian 1
archlinux 3
ubuntu 2
aix 1
nessus
nessus
SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2015:1282-1)
2015-07-24 00:00:00
SUSE SLES12 Security Update : krb5 (SUSE-SU-2015:1276-1)
2015-07-22 00:00:00
FreeBSD : krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 (3a888a1e-b321-11e4-83b2-206a8a720317)
2015-02-13 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:1282-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1276-1)
2021-04-19 00:00:00
Fedora Update for krb5 FEDORA-2015-7878
2015-06-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.13-alt2
2014-12-23 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.13-alt2
2014-12-23 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.13-alt2
2014-12-23 00:00:00
freebsd
freebsd
krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
2015-02-12 00:00:00
krb5 1.12 -- New release/fix multiple vulnerabilities
2015-02-20 00:00:00
krb5 1.11 -- New release/fix multiple vulnerabilities
2015-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: krb5-1.12.2-17.fc21
2015-06-21 00:28:50
[SECURITY] Fedora 22 Update: krb5-1.13.1-2.fc22
2015-04-22 22:50:11
[SECURITY] Fedora 21 Update: krb5-1.12.2-14.fc21
2015-03-12 16:33:54
f5
f5
K16743 : MIT Kerberos 5 vulnerability CVE-2014-5355
2015-09-17 00:00:00
SOL16743 - MIT Kerberos 5 vulnerability CVE-2014-5355
2015-06-15 00:00:00
debiancve
debiancve
CVE-2014-5354
2014-12-16 23:59:00
CVE-2014-5355
2015-02-20 11:59:00
CVE-2014-5353
2014-12-16 23:59:00
securityvulns
securityvulns
[ MDVSA-2015:009 ] krb5
2015-01-13 00:00:00
MIT Kerberos 5 DoS
2015-01-13 00:00:00
checkpoint_advisories
checkpoint_advisories
MIT Kerberos 5 recvauth Denial Of Service (CVE-2014-5355)
2015-05-13 00:00:00
cvelist
cvelist
CVE-2014-5355
2015-02-20 11:00:00
CVE-2014-5354
2014-12-16 23:00:00
CVE-2014-5353
2014-12-16 23:00:00
mageia
mageia
Updated krb5 package fixes security vulnerability
2015-03-28 00:12:10
Updated krb5 packages fix CVE-2014-5353
2014-12-19 18:06:35
cve
cve
CVE-2014-5355
2015-02-20 11:59:00
CVE-2014-5354
2014-12-16 23:59:00
CVE-2014-5353
2014-12-16 23:59:00
redhat
redhat
(RHSA-2015:0794) Moderate: krb5 security update
2015-04-09 00:00:00
(RHSA-2015:2154) Moderate: krb5 security, bug fix, and enhancement update
2015-11-19 14:40:51
(RHSA-2015:0439) Moderate: krb5 security, bug fix and enhancement update
2015-03-05 00:00:00
prion
prion
Null pointer dereference
2015-02-20 11:59:00
Null pointer dereference
2014-12-16 23:59:00
Design/Logic Flaw
2014-12-16 23:59:00
ubuntucve
ubuntucve
CVE-2014-5355
2015-02-20 00:00:00
CVE-2014-5354
2014-12-16 00:00:00
CVE-2014-5353
2014-12-16 00:00:00
oraclelinux
oraclelinux
krb5 security update
2015-04-09 00:00:00
krb5 security, bug fix, and enhancement update
2015-11-23 00:00:00
krb5 security, bug fix and enhancement update
2015-03-11 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:13:02
Remote Code Execution
2019-05-02 05:13:02
Denial Of Service (DoS)
2018-08-13 03:20:21
amazon
amazon
Medium: krb5
2015-05-05 15:44:00
Medium: krb5
2015-12-14 10:00:00
centos
centos
krb5 security update
2015-04-09 11:47:52
krb5 security update
2015-11-30 19:36:32
krb5 security update
2015-03-17 13:28:30
ibm
ibm
Security Bulletin: Vulnerabilities in Kerberos (krb5) affect IBM Security Network Protection (CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, and CVE-2014-9422)
2018-06-16 21:25:59
Security Bulletin: Vulnerabilities in MIT Kerberos 5 (krb5) affect PowerKVM (CVE-2014-5355, CVE-2015-2694)
2018-06-18 01:30:34
Security Bulletin: Multiple vulnerabilities in unzip, krb5, tomcat, affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:30:13
osv
osv
krb5 - security update
2018-01-31 00:00:00
debian
debian
[SECURITY] [DLA 1265-1] krb5 security update
2018-01-31 17:06:55
archlinux
archlinux
krb5: multiple issues
2015-02-17 00:00:00
lib32-krb5: multiple issues
2015-07-12 00:00:00
krb5: multiple issues
2015-07-12 00:00:00
ubuntu
ubuntu
Kerberos vulnerabilities
2015-02-10 00:00:00
Kerberos vulnerabilities
2015-11-12 00:00:00
aix
aix
Multiple Security vulnerabilities in IBM NAS(kerberos)
2015-05-21 05:06:05
JSON
Related for OPENSUSE-2015-246.NASL
nessus29openvas20altlinux6freebsd3fedora4f52debiancve3securityvulns2checkpoint_advisories1cvelist3mageia2cve3redhat3prion3ubuntucve3oraclelinux3veracode3amazon2centos3ibm6osv1debian1archlinux3ubuntu2aix1