Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.OPENSUSE-2015-784.NASL
HistoryNov 23, 2015 - 12:00 a.m.

openSUSE Security Update : krb5 (openSUSE-2015-784)

2015-11-2300:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
8

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.7%

JSON

The krb5 package was update to fix the following security issue :

  • CVE-2015-2698: Fixed a memory corruption regression introduced by resolution of CVE-2015-2698 (bsc#954204).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-784.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(87003);
  script_version("2.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-2698");

  script_name(english:"openSUSE Security Update : krb5 (openSUSE-2015-784)");
  script_summary(english:"Check for the openSUSE-2015-784 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The krb5 package was update to fix the following security issue :

  - CVE-2015-2698: Fixed a memory corruption regression
    introduced by resolution of CVE-2015-2698 (bsc#954204)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954204"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/11/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"krb5-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-client-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-client-debuginfo-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-debuginfo-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-debugsource-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-devel-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-mini-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-mini-debuginfo-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-mini-debugsource-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-mini-devel-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-plugin-kdb-ldap-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-plugin-kdb-ldap-debuginfo-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-plugin-preauth-pkinit-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-server-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"krb5-server-debuginfo-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"krb5-32bit-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"krb5-devel-32bit-1.11.3-3.24.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-client-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-client-debuginfo-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-debuginfo-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-debugsource-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-devel-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-debuginfo-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-debugsource-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-devel-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-kdb-ldap-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-kdb-ldap-debuginfo-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-otp-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-otp-debuginfo-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-pkinit-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-server-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"krb5-server-debuginfo-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"krb5-32bit-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.12.2-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"krb5-devel-32bit-1.12.2-18.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-mini / krb5-mini-debuginfo / krb5-mini-debugsource / etc");
}
VendorProductVersionCPE
novellopensusekrb5p-cpe:/a:novell:opensuse:krb5
novellopensusekrb5-32bitp-cpe:/a:novell:opensuse:krb5-32bit
novellopensusekrb5-clientp-cpe:/a:novell:opensuse:krb5-client
novellopensusekrb5-client-debuginfop-cpe:/a:novell:opensuse:krb5-client-debuginfo
novellopensusekrb5-debuginfop-cpe:/a:novell:opensuse:krb5-debuginfo
novellopensusekrb5-debuginfo-32bitp-cpe:/a:novell:opensuse:krb5-debuginfo-32bit
novellopensusekrb5-debugsourcep-cpe:/a:novell:opensuse:krb5-debugsource
novellopensusekrb5-develp-cpe:/a:novell:opensuse:krb5-devel
novellopensusekrb5-devel-32bitp-cpe:/a:novell:opensuse:krb5-devel-32bit
novellopensusekrb5-minip-cpe:/a:novell:opensuse:krb5-mini
Rows per page:
1-10 of 231

Related

openvas 5
fedora 3
nessus 6
ibm 1
nvd 1
mageia 1
debiancve 1
cvelist 1
prion 1
ubuntucve 2
cve 1
ubuntu 1
altlinux 3
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:2302-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2015-0446)
2015-11-17 00:00:00
Fedora Update for krb5 FEDORA-2015-1
2015-11-20 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: krb5-1.13.2-13.fc23
2015-11-08 22:24:55
[SECURITY] Fedora 21 Update: krb5-1.12.2-19.fc21
2015-11-24 22:51:08
[SECURITY] Fedora 22 Update: krb5-1.13.2-10.fc22
2015-11-19 12:25:51
nessus
nessus
Fedora 23 : krb5-1.13.2-13.fc23 (2015-58ae075703)
2016-03-04 00:00:00
SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2015:2302-1)
2015-12-21 00:00:00
openSUSE Security Update : krb5 (openSUSE-2015-961)
2015-12-29 00:00:00
ibm
ibm
Security Bulletin: OpenSource MIT Kerberos Vulnerabilities affect IBM Security Access Manager for Web (CVE-2015-2698)
2018-06-16 21:45:08
nvd
nvd
CVE-2015-2698
2015-11-13 03:59:00
mageia
mageia
Updated krb5 packages fix CVE-2015-2698
2015-11-17 00:36:58
debiancve
debiancve
CVE-2015-2698
2015-11-13 03:59:00
cvelist
cvelist
CVE-2015-2698
2015-11-13 02:00:00
prion
prion
Memory corruption
2015-11-13 03:59:00
ubuntucve
ubuntucve
CVE-2015-2696
2015-11-08 00:00:00
CVE-2015-2698
2015-11-06 00:00:00
cve
cve
CVE-2015-2698
2015-11-13 03:59:00
ubuntu
ubuntu
Kerberos vulnerabilities
2015-11-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.14.2-alt1
2016-04-26 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.14.2-alt1
2016-04-25 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.13.7-alt0.M70P.1
2017-04-13 00:00:00

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.7%

JSON
Related for OPENSUSE-2015-784.NASL
openvas5fedora3nessus6ibm1nvd1mageia1debiancve1cvelist1prion1ubuntucve2cve1ubuntu1altlinux3