Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-328.NASL
HistoryApr 02, 2018 - 12:00 a.m.

openSUSE Security Update : krb5 (openSUSE-2018-328)

2018-04-0200:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

This update for krb5 provides the following fixes :

Security issues fixed :

  • CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927).

  • CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926).

Non-security issues fixed :

  • Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos.
    System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662)

  • Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-328.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(108783);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2018-5729", "CVE-2018-5730");

  script_name(english:"openSUSE Security Update : krb5 (openSUSE-2018-328)");
  script_summary(english:"Check for the openSUSE-2018-328 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for krb5 provides the following fixes :

Security issues fixed :

  - CVE-2018-5730: DN container check bypass by supplying
    special crafted data (bsc#1083927).

  - CVE-2018-5729: NULL pointer dereference in kadmind or DN
    container check bypass by supplying special crafted data
    (bsc#1083926).

Non-security issues fixed :

  - Make it possible for legacy applications (e.g. SAP
    Netweaver) to remain compatible with newer Kerberos.
    System administrators who are experiencing this kind of
    compatibility issues may set the environment variable
    GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make
    sure the environment variable is visible and effective
    to the application startup script. (bsc#1057662)

  - Fix a GSS failure in legacy applications by not
    indicating deprecated GSS mechanisms in
    gss_indicate_mech() list. (bsc#1081725)

This update was imported from the SUSE:SLE-12-SP2:Update update
project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057662"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081725"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083926"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083927"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"krb5-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-client-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-client-debuginfo-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-debuginfo-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-debugsource-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-devel-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-mini-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-mini-debuginfo-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-mini-debugsource-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-mini-devel-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-plugin-kdb-ldap-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-plugin-kdb-ldap-debuginfo-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-plugin-preauth-otp-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-plugin-preauth-otp-debuginfo-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-plugin-preauth-pkinit-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-server-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"krb5-server-debuginfo-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"krb5-32bit-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.12.5-16.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"krb5-devel-32bit-1.12.5-16.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-mini / krb5-mini-debuginfo / krb5-mini-debugsource / etc");
}
VendorProductVersionCPE
novellopensusekrb5p-cpe:/a:novell:opensuse:krb5
novellopensusekrb5-32bitp-cpe:/a:novell:opensuse:krb5-32bit
novellopensusekrb5-clientp-cpe:/a:novell:opensuse:krb5-client
novellopensusekrb5-client-debuginfop-cpe:/a:novell:opensuse:krb5-client-debuginfo
novellopensusekrb5-debuginfop-cpe:/a:novell:opensuse:krb5-debuginfo
novellopensusekrb5-debuginfo-32bitp-cpe:/a:novell:opensuse:krb5-debuginfo-32bit
novellopensusekrb5-debugsourcep-cpe:/a:novell:opensuse:krb5-debugsource
novellopensusekrb5-develp-cpe:/a:novell:opensuse:krb5-devel
novellopensusekrb5-devel-32bitp-cpe:/a:novell:opensuse:krb5-devel-32bit
novellopensusekrb5-minip-cpe:/a:novell:opensuse:krb5-mini
Rows per page:
1-10 of 221

Related

suse 1
ibm 7
nessus 28
altlinux 1
fedora 2
oraclelinux 1
openvas 13
amazon 2
redhat 1
centos 1
archlinux 1
debian 2
mageia 1
osv 4
debiancve 2
redhatcve 3
veracode 2
ubuntucve 3
prion 2
cve 2
cvelist 2
photon 10
avleonov 1
suse
suse
Security update for krb5 (important)
2019-02-05 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by krb5 vulnerabilities (CVE-2018-5730 and CVE-2018-5729)
2019-02-20 16:35:01
Security Bulletin: Vulnerabilities in krb5 affect PowerKVM
2018-12-17 14:20:01
Security Bulletin: Vulnerability in Kerberos affects Power Hardware Management Console ( CVE-2018-5730 CVE-2018-5729)
2021-09-22 23:05:38
nessus
nessus
EulerOS Virtualization 2.5.3 : krb5 (EulerOS-SA-2019-1184)
2019-04-09 00:00:00
Scientific Linux Security Update : krb5 on SL7.x x86_64 (20181030)
2018-11-27 00:00:00
Amazon Linux 2 : krb5 (ALAS-2018-1129)
2018-12-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package krb5 version 1.16.1-alt1.S1
2018-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: krb5-1.15.2-7.fc26
2018-03-01 15:58:24
[SECURITY] Fedora 27 Update: krb5-1.15.2-7.fc27
2018-02-20 17:20:51
oraclelinux
oraclelinux
krb5 security, bug fix, and enhancement update
2018-11-05 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2018-1425)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-1383)
2020-01-23 00:00:00
openSUSE: Security Advisory for krb5 (openSUSE-SU-2019:0139-1)
2019-02-06 00:00:00
amazon
amazon
Low: krb5
2018-12-13 20:20:00
Low: krb5
2019-01-23 18:58:00
redhat
redhat
(RHSA-2018:3071) Low: krb5 security, bug fix, and enhancement update
2018-10-30 04:15:51
centos
centos
krb5, libkadm5 security update
2018-11-15 18:48:14
archlinux
archlinux
[ASA-201806-3] krb5: insufficient validation
2018-06-05 00:00:00
debian
debian
[SECURITY] [DLA 1643-1] krb5 security update
2019-01-25 22:50:28
[SECURITY] [DLA 2771-1] krb5 security update
2021-09-30 20:09:16
mageia
mageia
Updated krb5 packages fix security vulnerabilities
2018-03-02 00:27:52
osv
osv
krb5 - security update
2019-01-25 00:00:00
CVE-2018-5729
2018-03-06 20:29:00
krb5 - security update
2021-09-30 00:00:00
debiancve
debiancve
CVE-2018-5729
2018-03-06 20:29:00
CVE-2018-5730
2018-03-06 20:29:00
redhatcve
redhatcve
CVE-2018-5729
2018-03-02 17:18:59
CVE-2018-5730
2018-03-02 17:19:15
CVE-2018-5710
2018-01-17 16:19:39
veracode
veracode
Denial Of Service (DoS) Through Null Pointer Dereference
2018-04-27 08:03:30
Container Check Bypass
2018-05-17 07:29:23
ubuntucve
ubuntucve
CVE-2018-5729
2018-03-06 00:00:00
CVE-2018-5730
2018-03-06 00:00:00
CVE-2018-5710
2018-01-16 00:00:00
prion
prion
Null pointer dereference
2018-03-06 20:29:00
Code injection
2018-03-06 20:29:00
cve
cve
CVE-2018-5729
2018-03-06 20:29:00
CVE-2018-5730
2018-03-06 20:29:00
cvelist
cvelist
CVE-2018-5729
2018-03-06 20:00:00
CVE-2018-5730
2018-03-06 20:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0177
2018-08-17 00:00:00
Moderate Photon OS Security Update - PHSA-2018-0177
2018-08-17 00:00:00
Moderate Photon OS Security Update - PHSA-2019-0020
2019-06-17 00:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13
JSON
Related for OPENSUSE-2018-328.NASL
suse1ibm7nessus28altlinux1fedora2oraclelinux1openvas13amazon2redhat1centos1archlinux1debian2mageia1osv4debiancve2redhatcve3veracode2ubuntucve3prion2cve2cvelist2photon10avleonov1