Oracle Linux 4 : mod_auth_kerb (ELSA-2006-0746)

🗓️ 12 Jul 2013 00:00:00Reported by TenableType

Security update for mod_auth_kerb in Red Hat Enterprise Linux 4

Reporter	Title	Published	Views	Family All 27
Tenable Nessus	Apache mod_auth_kerb <= 5.20 Buffer Overflow	22 Nov 200600:00	–	nessus
Tenable Nessus	CentOS 4 : mod_auth_kerb (CESA-2006:0746)	11 Dec 200600:00	–	nessus
Tenable Nessus	Debian DSA-1247-1 : libapache-mod-auth-kerb - heap overflow	16 May 200700:00	–	nessus
Tenable Nessus	Fedora Core 5 : mod_auth_kerb-5.3-2.fc5 (2006-1341)	17 Jan 200700:00	–	nessus
Tenable Nessus	GLSA-200701-14 : Mod_auth_kerb: Denial of Service	26 Jan 200700:00	–	nessus
Tenable Nessus	RHEL 4 : mod_auth_kerb (RHSA-2006:0746)	11 Dec 200600:00	–	nessus
Cent OS	mod_auth_kerb security update	6 Dec 200619:10	–	centos
CVE	CVE-2006-5989	20 Nov 200621:00	–	cve
Cvelist	CVE-2006-5989	20 Nov 200621:00	–	cvelist
Debian	[SECURITY] [DSA 1247-1] New libapache-mod-auth-kerb packages fix remote denial of service	8 Jan 200716:41	–	debian

Source	Link
oss	www.oss.oracle.com/pipermail/el-errata/2006-December/000030.html
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2006:0746 and 
# Oracle Linux Security Advisory ELSA-2006-0746 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67427);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-5989");
  script_xref(name:"RHSA", value:"2006:0746");

  script_name(english:"Oracle Linux 4 : mod_auth_kerb (ELSA-2006-0746)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2006:0746 :

Updated mod_auth_kerb packages that fix a security flaw and a bug in
multiple realm handling are now available for Red Hat Enterprise Linux
4.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

mod_auth_kerb is module for the Apache HTTP Server designed to provide
Kerberos authentication over HTTP.

An off by one flaw was found in the way mod_auth_kerb handles certain
Kerberos authentication messages. A remote client could send a
specially crafted authentication request which could crash an httpd
child process (CVE-2006-5989).

A bug in the handling of multiple realms configured using the
'KrbAuthRealms' directive has also been fixed.

All users of mod_auth_kerb should upgrade to these updated packages,
which contain backported patches that resolve these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2006-December/000030.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mod_auth_kerb package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_auth_kerb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL4", cpu:"i386", reference:"mod_auth_kerb-5.0-1.3")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"mod_auth_kerb-5.0-1.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_auth_kerb");
}

14 Jan 2021 00:00Current

5.3Medium risk

Vulners AI Score5.3

CVSS 25

EPSS0.04337