{"id": "ORACLELINUX_ELSA-2012-1131.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 6 : krb5 (ELSA-2012-1131)", "description": "From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "published": "2013-07-12T00:00:00", "modified": "2018-07-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68589", "reporter": "Tenable", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"], "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "type": "nessus", "lastseen": "2019-02-21T01:19:37", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-pkinit-openssl", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation"], "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "be920358dd5946c8aa8b2c153cda604f0de83a6bcebc431e54513cdf13cce960", "hashmap": [{"hash": "836f1184b14682aed3e69ad1ea9ba8c2", "key": "cvelist"}, {"hash": "fbf01356bcde2c97e7cc267814916f91", "key": "references"}, {"hash": "e90120bf1041ad069eb3ca6e6ea7cf84", "key": "cpe"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "61d5480c14d50c862b96067eac120e3c", "key": "title"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "988d3ff91a3440b68c4af2c2e0628c98", "key": "description"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "a4f7069bb8dc074a6bf9f4e7f56123c9", "key": "sourceData"}, {"hash": "02fd001a0304d1a0b2355a80160b5758", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "08c2ac946c35e44852c379a843c258b8", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68589", "id": "ORACLELINUX_ELSA-2012-1131.NASL", "lastseen": "2018-09-01T23:39:48", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68589", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# Oracle Linux Security Advisory ELSA-2012-1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68589);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784, 54750);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2012-1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "title": "Oracle Linux 6 : krb5 (ELSA-2012-1131)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:39:48"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-pkinit-openssl", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation"], "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:16:49", "references": [{"idList": ["SECURITYVULNS:DOC:28343", "SECURITYVULNS:VULN:12500", "SECURITYVULNS:VULN:12447"], "type": "securityvulns"}, {"idList": ["SL_20120731_KRB5_ON_SL6_X.NASL", "MANDRIVA_MDVSA-2012-120.NASL", "OPENSUSE-2012-360.NASL", "MANDRIVA_MDVSA-2012-102.NASL", "FEDORA_2012-8784.NASL", "REDHAT-RHSA-2012-1131.NASL", "UBUNTU_USN-1520-1.NASL", "ALA_ALAS-2012-114.NASL", "MANDRIVA_MDVSA-2013-042.NASL", "CENTOS_RHSA-2012-1131.NASL"], "type": "nessus"}, {"idList": ["USN-1520-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:870803", "OPENVAS:1361412562310881460", "OPENVAS:841097", "OPENVAS:1361412562310123852", "OPENVAS:864604", "OPENVAS:1361412562310870803", "OPENVAS:1361412562310120072", "OPENVAS:1361412562310841097", "OPENVAS:881460", "OPENVAS:1361412562310864604"], "type": "openvas"}, {"idList": ["CVE-2012-1013", "CVE-2012-1015"], "type": "cve"}, {"idList": ["RHSA-2012:1200", "RHSA-2012:1131"], "type": "redhat"}, {"idList": ["DEBIAN:DSA-2518-1:1BFBF"], "type": "debian"}, {"idList": ["GLSA-201312-12"], "type": "gentoo"}, {"idList": ["CESA-2012:1131"], "type": "centos"}, {"idList": ["ALAS-2012-114"], "type": "amazon"}, {"idList": ["ELSA-2012-1131"], "type": "oraclelinux"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "72a42fd9f345d0bd364629bea9bd1ea1673d3eb536787720f0e160c2ad4362da", "hashmap": [{"hash": "836f1184b14682aed3e69ad1ea9ba8c2", "key": "cvelist"}, {"hash": "fbf01356bcde2c97e7cc267814916f91", "key": "references"}, {"hash": "e90120bf1041ad069eb3ca6e6ea7cf84", "key": "cpe"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "518207d1290d884c741ee1c75707bab2", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "61d5480c14d50c862b96067eac120e3c", "key": "title"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "a4f7069bb8dc074a6bf9f4e7f56123c9", "key": "sourceData"}, {"hash": "02fd001a0304d1a0b2355a80160b5758", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "08c2ac946c35e44852c379a843c258b8", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68589", "id": "ORACLELINUX_ELSA-2012-1131.NASL", "lastseen": "2019-01-16T20:16:49", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68589", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# Oracle Linux Security Advisory ELSA-2012-1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68589);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784, 54750);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2012-1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "title": "Oracle Linux 6 : krb5 (ELSA-2012-1131)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:16:49"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "edition": 1, "enchantments": {}, "hash": "4691d4b236d44909c4400e22fa629da6ac3f6c7126b7565f4de862b3e428a536", "hashmap": [{"hash": "836f1184b14682aed3e69ad1ea9ba8c2", "key": "cvelist"}, {"hash": "fbf01356bcde2c97e7cc267814916f91", "key": "references"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "25c5b42bc30232d09aaaae5d5a2054ba", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "61d5480c14d50c862b96067eac120e3c", "key": "title"}, {"hash": "988d3ff91a3440b68c4af2c2e0628c98", "key": "description"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "02fd001a0304d1a0b2355a80160b5758", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "08c2ac946c35e44852c379a843c258b8", "key": "href"}, {"hash": "62f567f562bbeddeaf1e6db6eec3283c", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68589", "id": "ORACLELINUX_ELSA-2012-1131.NASL", "lastseen": "2016-09-26T17:23:56", "modified": "2016-05-06T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "68589", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# Oracle Linux Security Advisory ELSA-2012-1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68589);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/06 17:02:15 $\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784, 54750);\n script_osvdb_id(82650, 84423);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2012-1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "title": "Oracle Linux 6 : krb5 (ELSA-2012-1131)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-pkinit-openssl", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation"], "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ae7a5c903a2397e62597ee99f73d034e9b7cd40392a8ac82a12d498f07fda18b", "hashmap": [{"hash": "836f1184b14682aed3e69ad1ea9ba8c2", "key": "cvelist"}, {"hash": "fbf01356bcde2c97e7cc267814916f91", "key": "references"}, {"hash": "e90120bf1041ad069eb3ca6e6ea7cf84", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "61d5480c14d50c862b96067eac120e3c", "key": "title"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "988d3ff91a3440b68c4af2c2e0628c98", "key": "description"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "a4f7069bb8dc074a6bf9f4e7f56123c9", "key": "sourceData"}, {"hash": "02fd001a0304d1a0b2355a80160b5758", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "08c2ac946c35e44852c379a843c258b8", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68589", "id": "ORACLELINUX_ELSA-2012-1131.NASL", "lastseen": "2018-08-30T19:35:26", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68589", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# Oracle Linux Security Advisory ELSA-2012-1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68589);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784, 54750);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2012-1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "title": "Oracle Linux 6 : krb5 (ELSA-2012-1131)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:35:26"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-pkinit-openssl", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation"], "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "815aec0fff2240494dddb0014db0f56abf5b661fdecf6241697b7485a45f7af7", "hashmap": [{"hash": "836f1184b14682aed3e69ad1ea9ba8c2", "key": "cvelist"}, {"hash": "fbf01356bcde2c97e7cc267814916f91", "key": "references"}, {"hash": "e90120bf1041ad069eb3ca6e6ea7cf84", "key": "cpe"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "25c5b42bc30232d09aaaae5d5a2054ba", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "61d5480c14d50c862b96067eac120e3c", "key": "title"}, {"hash": "988d3ff91a3440b68c4af2c2e0628c98", "key": "description"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "02fd001a0304d1a0b2355a80160b5758", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "08c2ac946c35e44852c379a843c258b8", "key": "href"}, {"hash": "62f567f562bbeddeaf1e6db6eec3283c", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68589", "id": "ORACLELINUX_ELSA-2012-1131.NASL", "lastseen": "2017-10-29T13:35:57", "modified": "2016-05-06T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68589", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# Oracle Linux Security Advisory ELSA-2012-1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68589);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/06 17:02:15 $\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784, 54750);\n script_osvdb_id(82650, 84423);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2012-1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "title": "Oracle Linux 6 : krb5 (ELSA-2012-1131)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:35:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-pkinit-openssl", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation"], "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "be920358dd5946c8aa8b2c153cda604f0de83a6bcebc431e54513cdf13cce960", "hashmap": [{"hash": "836f1184b14682aed3e69ad1ea9ba8c2", "key": "cvelist"}, {"hash": "fbf01356bcde2c97e7cc267814916f91", "key": "references"}, {"hash": "e90120bf1041ad069eb3ca6e6ea7cf84", "key": "cpe"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "61d5480c14d50c862b96067eac120e3c", "key": "title"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "988d3ff91a3440b68c4af2c2e0628c98", "key": "description"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "a4f7069bb8dc074a6bf9f4e7f56123c9", "key": "sourceData"}, {"hash": "02fd001a0304d1a0b2355a80160b5758", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "08c2ac946c35e44852c379a843c258b8", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=68589", "id": "ORACLELINUX_ELSA-2012-1131.NASL", "lastseen": "2018-07-21T07:54:52", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "68589", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# Oracle Linux Security Advisory ELSA-2012-1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68589);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784, 54750);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2012-1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "title": "Oracle Linux 6 : krb5 (ELSA-2012-1131)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-21T07:54:52"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "e90120bf1041ad069eb3ca6e6ea7cf84"}, {"key": "cvelist", "hash": "836f1184b14682aed3e69ad1ea9ba8c2"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "988d3ff91a3440b68c4af2c2e0628c98"}, {"key": "href", "hash": "08c2ac946c35e44852c379a843c258b8"}, {"key": "modified", "hash": "2e3c438f66403fd816adabf5a1b82b29"}, {"key": "naslFamily", "hash": "e31ed89ab0cbb68ce2c40f17ec1e5483"}, {"key": "pluginID", "hash": "02fd001a0304d1a0b2355a80160b5758"}, {"key": "published", "hash": "0db193a0effe2d65dffecdb5e4d9c241"}, {"key": "references", "hash": "fbf01356bcde2c97e7cc267814916f91"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "a4f7069bb8dc074a6bf9f4e7f56123c9"}, {"key": "title", "hash": "61d5480c14d50c862b96067eac120e3c"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "be920358dd5946c8aa8b2c153cda604f0de83a6bcebc431e54513cdf13cce960", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1013", "CVE-2012-1015"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881460", "OPENVAS:1361412562310123852", "OPENVAS:1361412562310870803", "OPENVAS:870803", "OPENVAS:1361412562310120072", "OPENVAS:881460", "OPENVAS:1361412562310864604", "OPENVAS:864604", "OPENVAS:841097", "OPENVAS:1361412562310841097"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1131"]}, {"type": "amazon", "idList": ["ALAS-2012-114"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2012-1131.NASL", "ALA_ALAS-2012-114.NASL", "SL_20120731_KRB5_ON_SL6_X.NASL", "REDHAT-RHSA-2012-1131.NASL", "MANDRIVA_MDVSA-2013-042.NASL", "UBUNTU_USN-1520-1.NASL", "MANDRIVA_MDVSA-2012-120.NASL", "FEDORA_2012-8803.NASL", "FEDORA_2012-8805.NASL", "FEDORA_2012-8784.NASL"]}, {"type": "redhat", "idList": ["RHSA-2012:1131", "RHSA-2012:1200"]}, {"type": "centos", "idList": ["CESA-2012:1131"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28343", "SECURITYVULNS:VULN:12447", "SECURITYVULNS:VULN:12500"]}, {"type": "ubuntu", "idList": ["USN-1520-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2518-1:1BFBF"]}, {"type": "gentoo", "idList": ["GLSA-201312-12"]}], "modified": "2019-02-21T01:19:37"}, "score": {"value": 7.5, "vector": "NONE", "modified": "2019-02-21T01:19:37"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# Oracle Linux Security Advisory ELSA-2012-1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68589);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784, 54750);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2012-1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "68589", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-pkinit-openssl", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:12:20", "bulletinFamily": "NVD", "description": "The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.\nPer: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n'CWE-476: NULL Pointer Dereference'", "modified": "2013-04-02T03:15:00", "id": "CVE-2012-1013", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1013", "published": "2012-06-07T19:55:00", "title": "CVE-2012-1013", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:12:20", "bulletinFamily": "NVD", "description": "The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.", "modified": "2013-04-05T03:08:00", "id": "CVE-2012-1015", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1015", "published": "2012-08-06T16:55:00", "title": "CVE-2012-1015", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:19:07", "bulletinFamily": "scanner", "description": "Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2012-1131.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67093", "published": "2013-06-29T00:00:00", "title": "CentOS 6 : krb5 (CESA-2012:1131)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# CentOS Errata and Security Advisory 2012:1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67093);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"CentOS 6 : krb5 (CESA-2012:1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018777.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f2b7d73\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:24", "bulletinFamily": "scanner", "description": "Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2012-1131.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61377", "published": "2012-08-01T00:00:00", "title": "RHEL 6 : krb5 (RHSA-2012:1131)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1131. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61377);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"RHEL 6 : krb5 (RHSA-2012:1131)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1015\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1131\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"krb5-debuginfo-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit-openssl / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:24", "bulletinFamily": "scanner", "description": "Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "modified": "2018-12-31T00:00:00", "id": "SL_20120731_KRB5_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61407", "published": "2012-08-03T00:00:00", "title": "Scientific Linux Security Update : krb5 on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61407);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n\n script_name(english:\"Scientific Linux Security Update : krb5 on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1208&L=scientific-linux-errata&T=0&P=209\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b5ec1d4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"krb5-debuginfo-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:56", "bulletinFamily": "scanner", "description": "An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2012-114.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69604", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : krb5 (ALAS-2012-114)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-114.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69604);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_xref(name:\"ALAS\", value:\"2012-114\");\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Amazon Linux AMI : krb5 (ALAS-2012-114)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-114.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update krb5' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"krb5-debuginfo-1.9-33.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-devel-1.9-33.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-libs-1.9-33.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-pkinit-openssl-1.9-33.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-server-1.9-33.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-server-ldap-1.9-33.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"krb5-workstation-1.9-33.22.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit-openssl / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:18:49", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in krb5 :\n\nFix a kadmind denial of service issue (NULL pointer dereference), which could only be triggered by an administrator with the create privilege (CVE-2012-1013).\n\nThe MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability (CVE-2012-1015).\n\nIt was reported that the KDC plugin for PKINIT could dereference a NULL pointer when a malformed packet caused processing to terminate early, which led to a crash of the KDC process. An attacker would require a valid PKINIT certificate or have observed a successful PKINIT authentication to execute a successful attack. In addition, an unauthenticated attacker could execute the attack of anonymouse PKINIT was enabled (CVE-2013-1415).\n\nThe updated packages have been patched to correct these issues.", "modified": "2019-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2013-042.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66056", "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2013:042)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:042. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66056);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\", \"CVE-2013-1415\");\n script_bugtraq_id(53784, 54750, 58144);\n script_xref(name:\"MDVSA\", value:\"2013:042\");\n script_xref(name:\"MGASA\", value:\"2013-0087\");\n\n script_name(english:\"Mandriva Linux Security Advisory : krb5 (MDVSA-2013:042)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in krb5 :\n\nFix a kadmind denial of service issue (NULL pointer dereference),\nwhich could only be triggered by an administrator with the create\nprivilege (CVE-2012-1013).\n\nThe MIT krb5 KDC (Key Distribution Center) daemon can free an\nuninitialized pointer while processing an unusual AS-REQ, corrupting\nthe process heap and possibly causing the daemon to abnormally\nterminate. An attacker could use this vulnerability to execute\nmalicious code, but exploiting frees of uninitialized pointers to\nexecute code is believed to be difficult. It is possible that a\nlegitimate client that is misconfigured in an unusual way could\ntrigger this vulnerability (CVE-2012-1015).\n\nIt was reported that the KDC plugin for PKINIT could dereference a\nNULL pointer when a malformed packet caused processing to terminate\nearly, which led to a crash of the KDC process. An attacker would\nrequire a valid PKINIT certificate or have observed a successful\nPKINIT authentication to execute a successful attack. In addition, an\nunauthenticated attacker could execute the attack of anonymouse PKINIT\nwas enabled (CVE-2013-1415).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-1.9.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-pkinit-openssl-1.9.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-server-1.9.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-server-ldap-1.9.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"krb5-workstation-1.9.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64krb53-1.9.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.9.2-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:24", "bulletinFamily": "scanner", "description": "Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code.\n(CVE-2012-1015)\n\nEmmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014)\n\nSimo Sorce discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference a NULL pointer when handling a malformed TGS-REQ message. A remote authenticated attacker could use this to cause a denial of service. (CVE-2012-1013)\n\nIt was discovered that the kadmin protocol implementation in MIT krb5 did not properly restrict access to the SET_STRING and GET_STRINGS operations. A remote authenticated attacker could use this to expose or modify sensitive information. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1012).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1520-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61379", "published": "2012-08-01T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : krb5 vulnerabilities (USN-1520-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1520-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61379);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-1012\", \"CVE-2012-1013\", \"CVE-2012-1014\", \"CVE-2012-1015\");\n script_bugtraq_id(53784);\n script_xref(name:\"USN\", value:\"1520-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : krb5 vulnerabilities (USN-1520-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center\n(KDC) daemon could free an uninitialized pointer when handling a\nmalformed AS-REQ message. A remote unauthenticated attacker could use\nthis to cause a denial of service or possibly execute arbitrary code.\n(CVE-2012-1015)\n\nEmmanuel Bouillon discovered that the MIT krb5 Key Distribution Center\n(KDC) daemon could dereference an uninitialized pointer while handling\na malformed AS-REQ message. A remote unauthenticated attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014)\n\nSimo Sorce discovered that the MIT krb5 Key Distribution Center (KDC)\ndaemon could dereference a NULL pointer when handling a malformed\nTGS-REQ message. A remote authenticated attacker could use this to\ncause a denial of service. (CVE-2012-1013)\n\nIt was discovered that the kadmin protocol implementation in MIT krb5\ndid not properly restrict access to the SET_STRING and GET_STRINGS\noperations. A remote authenticated attacker could use this to expose\nor modify sensitive information. This issue only affected Ubuntu 12.04\nLTS. (CVE-2012-1012).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1520-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected krb5-admin-server, krb5-kdc and / or krb5-kdc-ldap\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.8.1+dfsg-2ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-kdc\", pkgver:\"1.8.1+dfsg-2ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.8.1+dfsg-2ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.8.3+dfsg-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"krb5-kdc\", pkgver:\"1.8.3+dfsg-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.8.3+dfsg-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.9.1+dfsg-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"krb5-kdc\", pkgver:\"1.9.1+dfsg-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.9.1+dfsg-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"krb5-kdc\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.10+dfsg~beta1-2ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-kdc / krb5-kdc-ldap\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:33", "bulletinFamily": "scanner", "description": "A vulnerability has been discovered and corrected in krb5 :\n\nThe MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability (CVE-2012-1015).\n\nThe updated packages have been patched to correct this issue.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2012-120.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61970", "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2012:120)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:120. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61970);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2012-1015\");\n script_xref(name:\"MDVSA\", value:\"2012:120\");\n\n script_name(english:\"Mandriva Linux Security Advisory : krb5 (MDVSA-2012:120)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in krb5 :\n\nThe MIT krb5 KDC (Key Distribution Center) daemon can free an\nuninitialized pointer while processing an unusual AS-REQ, corrupting\nthe process heap and possibly causing the daemon to abnormally\nterminate. An attacker could use this vulnerability to execute\nmalicious code, but exploiting frees of uninitialized pointers to\nexecute code is believed to be difficult. It is possible that a\nlegitimate client that is misconfigured in an unusual way could\ntrigger this vulnerability (CVE-2012-1015).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"krb5-1.9.1-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"krb5-pkinit-openssl-1.9.1-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"krb5-server-1.9.1-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"krb5-server-ldap-1.9.1-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"krb5-workstation-1.9.1-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64krb53-1.9.1-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.9.1-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkrb53-1.9.1-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libkrb53-devel-1.9.1-1.4-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:47", "bulletinFamily": "scanner", "description": "This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-8803.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59485", "published": "2012-06-14T00:00:00", "title": "Fedora 16 : krb5-1.9.3-2.fc16 (2012-8803)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8803.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59485);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-1013\");\n script_bugtraq_id(53784);\n script_xref(name:\"FEDORA\", value:\"2012-8803\");\n\n script_name(english:\"Fedora 16 : krb5-1.9.3-2.fc16 (2012-8803)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates the upstream fix to correct a possible NULL\npointer dereference in kadmind (CVE-2012-1013).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=827517\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082186.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b5319ea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"krb5-1.9.3-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:47", "bulletinFamily": "scanner", "description": "This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-8805.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59486", "published": "2012-06-14T00:00:00", "title": "Fedora 15 : krb5-1.9.3-2.fc15 (2012-8805)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8805.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59486);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-1013\");\n script_bugtraq_id(53784);\n script_xref(name:\"FEDORA\", value:\"2012-8805\");\n\n script_name(english:\"Fedora 15 : krb5-1.9.3-2.fc15 (2012-8805)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates the upstream fix to correct a possible NULL\npointer dereference in kadmind (CVE-2012-1013).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=827517\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082194.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f2df5c0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"krb5-1.9.3-2.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:47", "bulletinFamily": "scanner", "description": "This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-8784.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59484", "published": "2012-06-14T00:00:00", "title": "Fedora 17 : krb5-1.10-7.fc17 (2012-8784)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8784.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59484);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-1013\");\n script_bugtraq_id(53784);\n script_xref(name:\"FEDORA\", value:\"2012-8784\");\n\n script_name(english:\"Fedora 17 : krb5-1.10-7.fc17 (2012-8784)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates the upstream fix to correct a possible NULL\npointer dereference in kadmind (CVE-2012-1013).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=827517\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082183.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3679fa64\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"krb5-1.10-7.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:52", "bulletinFamily": "unix", "description": "[1.9-33.2]\n- pull up the patch to correct a possible NULL pointer dereference in\n kadmind (CVE-2012-1013, #827517)\n[1.9-33.1]\n- add candidate patch from upstream to fix freeing uninitialized pointer in\n the KDC (MITKRB5-SA-2012-001, CVE-2012-1015, #839859)", "modified": "2012-07-31T00:00:00", "published": "2012-07-31T00:00:00", "id": "ELSA-2012-1131", "href": "http://linux.oracle.com/errata/ELSA-2012-1131.html", "title": "krb5 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2019-05-29T17:22:44", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. ([CVE-2012-1015 __](<https://access.redhat.com/security/cve/CVE-2012-1015>))\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the \"create\" privilege could use this flaw to crash kadmind. ([CVE-2012-1013 __](<https://access.redhat.com/security/cve/CVE-2012-1013>))\n\n \n**Affected Packages:** \n\n\nkrb5\n\n \n**Issue Correction:** \nRun _yum update krb5_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n krb5-pkinit-openssl-1.9-33.22.amzn1.i686 \n krb5-server-ldap-1.9-33.22.amzn1.i686 \n krb5-debuginfo-1.9-33.22.amzn1.i686 \n krb5-devel-1.9-33.22.amzn1.i686 \n krb5-workstation-1.9-33.22.amzn1.i686 \n krb5-libs-1.9-33.22.amzn1.i686 \n krb5-server-1.9-33.22.amzn1.i686 \n \n src: \n krb5-1.9-33.22.amzn1.src \n \n x86_64: \n krb5-server-ldap-1.9-33.22.amzn1.x86_64 \n krb5-workstation-1.9-33.22.amzn1.x86_64 \n krb5-libs-1.9-33.22.amzn1.x86_64 \n krb5-pkinit-openssl-1.9-33.22.amzn1.x86_64 \n krb5-devel-1.9-33.22.amzn1.x86_64 \n krb5-server-1.9-33.22.amzn1.x86_64 \n krb5-debuginfo-1.9-33.22.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T16:48:00", "published": "2014-09-14T16:48:00", "id": "ALAS-2012-114", "href": "https://alas.aws.amazon.com/ALAS-2012-114.html", "title": "Important: krb5", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-1131", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123852", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123852", "title": "Oracle Linux Local Check: ELSA-2012-1131", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1131.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123852\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:25 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1131\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1131 - krb5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1131\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1131.html\");\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.9~33.el6_3.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.9~33.el6_3.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.9~33.el6_3.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.9~33.el6_3.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.9~33.el6_3.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.9~33.el6_3.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310881460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881460", "title": "CentOS Update for krb5-devel CESA-2012:1131 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2012:1131 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-July/018777.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881460\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:16:57 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1131\");\n script_name(\"CentOS Update for krb5-devel CESA-2012:1131 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'krb5-devel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"krb5-devel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third-party, the Key Distribution Center (KDC).\n\n An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC\n handled initial authentication requests (AS-REQ). A remote,\n unauthenticated attacker could use this flaw to crash the KDC via a\n specially-crafted AS-REQ request. (CVE-2012-1015)\n\n A NULL pointer dereference flaw was found in the MIT Kerberos\n administration daemon, kadmind. A Kerberos administrator who has the\n 'create' privilege could use this flaw to crash kadmind. (CVE-2012-1013)\n\n Red Hat would like to thank the MIT Kerberos project for reporting\n CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the\n original reporter of CVE-2012-1015.\n\n All krb5 users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the krb5kdc and kadmind daemons will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:05", "bulletinFamily": "scanner", "description": "Check for the Version of krb5-devel", "modified": "2018-01-02T00:00:00", "published": "2012-08-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881460", "id": "OPENVAS:881460", "title": "CentOS Update for krb5-devel CESA-2012:1131 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2012:1131 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third-party, the Key Distribution Center (KDC).\n\n An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC\n handled initial authentication requests (AS-REQ). A remote,\n unauthenticated attacker could use this flaw to crash the KDC via a\n specially-crafted AS-REQ request. (CVE-2012-1015)\n \n A NULL pointer dereference flaw was found in the MIT Kerberos\n administration daemon, kadmind. A Kerberos administrator who has the\n &quot;create&quot; privilege could use this flaw to crash kadmind. (CVE-2012-1013)\n \n Red Hat would like to thank the MIT Kerberos project for reporting\n CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the\n original reporter of CVE-2012-1015.\n \n All krb5 users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the krb5kdc and kadmind daemons will be restarted automatically.\";\n\ntag_affected = \"krb5-devel on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018777.html\");\n script_id(881460);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:16:57 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1131\");\n script_name(\"CentOS Update for krb5-devel CESA-2012:1131 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.9~33.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:37", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120072", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120072", "title": "Amazon Linux Local Check: ALAS-2012-114", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2012-114.nasl 6578 2017-07-06 13:44:33Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120072\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:16:49 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2012-114\");\n script_tag(name:\"insight\", value:\"An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. (CVE-2012-1015 )A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the create privilege could use this flaw to crash kadmind. (CVE-2012-1013 )\");\n script_tag(name:\"solution\", value:\"Run yum update krb5 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-114.html\");\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.9~33.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.9~33.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.9~33.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.9~33.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.9~33.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.9~33.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.9~33.22.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310870803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870803", "title": "RedHat Update for krb5 RHSA-2012:1131-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for krb5 RHSA-2012:1131-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00032.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870803\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:16:02 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1131-01\");\n script_name(\"RedHat Update for krb5 RHSA-2012:1131-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'krb5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"krb5 on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third-party, the Key Distribution Center (KDC).\n\n An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC\n handled initial authentication requests (AS-REQ). A remote,\n unauthenticated attacker could use this flaw to crash the KDC via a\n specially-crafted AS-REQ request. (CVE-2012-1015)\n\n A NULL pointer dereference flaw was found in the MIT Kerberos\n administration daemon, kadmind. A Kerberos administrator who has the\n 'create' privilege could use this flaw to crash kadmind. (CVE-2012-1013)\n\n Red Hat would like to thank the MIT Kerberos project for reporting\n CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the\n original reporter of CVE-2012-1015.\n\n All krb5 users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the krb5kdc and kadmind daemons will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:56:17", "bulletinFamily": "scanner", "description": "Check for the Version of krb5", "modified": "2018-01-08T00:00:00", "published": "2012-08-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870803", "id": "OPENVAS:870803", "title": "RedHat Update for krb5 RHSA-2012:1131-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for krb5 RHSA-2012:1131-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other using symmetric encryption and a\n trusted third-party, the Key Distribution Center (KDC).\n\n An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC\n handled initial authentication requests (AS-REQ). A remote,\n unauthenticated attacker could use this flaw to crash the KDC via a\n specially-crafted AS-REQ request. (CVE-2012-1015)\n\n A NULL pointer dereference flaw was found in the MIT Kerberos\n administration daemon, kadmind. A Kerberos administrator who has the\n &quot;create&quot; privilege could use this flaw to crash kadmind. (CVE-2012-1013)\n\n Red Hat would like to thank the MIT Kerberos project for reporting\n CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the\n original reporter of CVE-2012-1015.\n\n All krb5 users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the krb5kdc and kadmind daemons will be restarted automatically.\";\n\ntag_affected = \"krb5 on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00032.html\");\n script_id(870803);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:16:02 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1131-01\");\n script_name(\"RedHat Update for krb5 RHSA-2012:1131-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.9~33.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:23", "bulletinFamily": "scanner", "description": "Check for the Version of krb5", "modified": "2017-12-27T00:00:00", "published": "2012-08-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864604", "id": "OPENVAS:864604", "title": "Fedora Update for krb5 FEDORA-2012-11370", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2012-11370\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 16\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084799.html\");\n script_id(864604);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:36:40 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-1015\", \"CVE-2012-1013\", \"CVE-2011-1530\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-11370\");\n script_name(\"Fedora Update for krb5 FEDORA-2012-11370\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.9.4~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-14T00:00:00", "id": "OPENVAS:1361412562310864604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864604", "title": "Fedora Update for krb5 FEDORA-2012-11370", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2012-11370\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084799.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864604\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:36:40 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-1015\", \"CVE-2012-1013\", \"CVE-2011-1530\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-11370\");\n script_name(\"Fedora Update for krb5 FEDORA-2012-11370\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'krb5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"krb5 on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.9.4~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:19:47", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1520-1", "modified": "2017-12-01T00:00:00", "published": "2012-08-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841097", "id": "OPENVAS:841097", "title": "Ubuntu Update for krb5 USN-1520-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1520_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for krb5 USN-1520-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center\n (KDC) daemon could free an uninitialized pointer when handling a\n malformed AS-REQ message. A remote unauthenticated attacker could\n use this to cause a denial of service or possibly execute arbitrary\n code. (CVE-2012-1015)\n\n Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center\n (KDC) daemon could dereference an uninitialized pointer while handling\n a malformed AS-REQ message. A remote unauthenticated attacker could\n use this to cause a denial of service or possibly execute arbitrary\n code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014)\n\n Simo Sorce discovered that the MIT krb5 Key Distribution Center (KDC)\n daemon could dereference a NULL pointer when handling a malformed\n TGS-REQ message. A remote authenticated attacker could use this to\n cause a denial of service. (CVE-2012-1013)\n\n It was discovered that the kadmin protocol implementation in MIT krb5\n did not properly restrict access to the SET_STRING and GET_STRINGS\n operations. A remote authenticated attacker could use this to expose\n or modify sensitive information. This issue only affected Ubuntu\n 12.04 LTS. (CVE-2012-1012)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1520-1\";\ntag_affected = \"krb5 on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1520-1/\");\n script_id(841097);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:17:37 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1015\", \"CVE-2012-1014\", \"CVE-2012-1013\", \"CVE-2012-1012\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1520-1\");\n script_name(\"Ubuntu Update for krb5 USN-1520-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.8.1+dfsg-2ubuntu0.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.8.1+dfsg-2ubuntu0.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.8.1+dfsg-2ubuntu0.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.10+dfsg~beta1-2ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.10+dfsg~beta1-2ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.10+dfsg~beta1-2ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.9.1+dfsg-1ubuntu2.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.9.1+dfsg-1ubuntu2.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.9.1+dfsg-1ubuntu2.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.8.3+dfsg-5ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.8.3+dfsg-5ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.8.3+dfsg-5ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:04", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1520-1", "modified": "2019-03-13T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310841097", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841097", "title": "Ubuntu Update for krb5 USN-1520-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1520_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for krb5 USN-1520-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1520-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841097\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:17:37 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1015\", \"CVE-2012-1014\", \"CVE-2012-1013\", \"CVE-2012-1012\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1520-1\");\n script_name(\"Ubuntu Update for krb5 USN-1520-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1520-1\");\n script_tag(name:\"affected\", value:\"krb5 on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center\n (KDC) daemon could free an uninitialized pointer when handling a\n malformed AS-REQ message. A remote unauthenticated attacker could\n use this to cause a denial of service or possibly execute arbitrary\n code. (CVE-2012-1015)\n\n Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center\n (KDC) daemon could dereference an uninitialized pointer while handling\n a malformed AS-REQ message. A remote unauthenticated attacker could\n use this to cause a denial of service or possibly execute arbitrary\n code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014)\n\n Simo Sorce discovered that the MIT krb5 Key Distribution Center (KDC)\n daemon could dereference a NULL pointer when handling a malformed\n TGS-REQ message. A remote authenticated attacker could use this to\n cause a denial of service. (CVE-2012-1013)\n\n It was discovered that the kadmin protocol implementation in MIT krb5\n did not properly restrict access to the SET_STRING and GET_STRINGS\n operations. A remote authenticated attacker could use this to expose\n or modify sensitive information. This issue only affected Ubuntu\n 12.04 LTS. (CVE-2012-1012)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.8.1+dfsg-2ubuntu0.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.8.1+dfsg-2ubuntu0.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.8.1+dfsg-2ubuntu0.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.10+dfsg~beta1-2ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.10+dfsg~beta1-2ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.10+dfsg~beta1-2ubuntu0.3\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.9.1+dfsg-1ubuntu2.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.9.1+dfsg-1ubuntu2.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.9.1+dfsg-1ubuntu2.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.8.3+dfsg-5ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.8.3+dfsg-5ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.8.3+dfsg-5ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:49", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:1131\n\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC\nhandled initial authentication requests (AS-REQ). A remote,\nunauthenticated attacker could use this flaw to crash the KDC via a\nspecially-crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n\"create\" privilege could use this flaw to crash kadmind. (CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the\noriginal reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the krb5kdc and kadmind daemons will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018777.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-pkinit-openssl\nkrb5-server\nkrb5-server-ldap\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1131.html", "modified": "2012-07-31T19:18:36", "published": "2012-07-31T19:18:36", "href": "http://lists.centos.org/pipermail/centos-announce/2012-July/018777.html", "id": "CESA-2012:1131", "title": "krb5 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:36", "bulletinFamily": "unix", "description": "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC\nhandled initial authentication requests (AS-REQ). A remote,\nunauthenticated attacker could use this flaw to crash the KDC via a\nspecially-crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n\"create\" privilege could use this flaw to crash kadmind. (CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the\noriginal reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the krb5kdc and kadmind daemons will be restarted automatically.\n", "modified": "2018-06-06T20:24:35", "published": "2012-07-31T04:00:00", "id": "RHSA-2012:1131", "href": "https://access.redhat.com/errata/RHSA-2012:1131", "type": "redhat", "title": "(RHSA-2012:1131) Important: krb5 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:49", "bulletinFamily": "unix", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nMultiple errors in glibc's formatted printing functionality could allow an\nattacker to bypass FORTIFY_SOURCE protections and execute arbitrary code\nusing a format string flaw in an application, even though these protections\nare expected to limit the impact of such flaws to an application abort.\n(CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-3817 (bind issue)\n\nCVE-2012-3571 and CVE-2012-3954 (dhcp issues)\n\nCVE-2011-1078 and CVE-2012-2383 (kernel issues)\n\nCVE-2012-1013 and CVE-2012-1015 (krb5 issues)\n\nCVE-2012-0441 (nss issue)\n\nCVE-2012-2668 (openldap issue)\n\nCVE-2012-2337 (sudo issue)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2018-06-07T08:59:35", "published": "2012-08-23T04:00:00", "id": "RHSA-2012:1200", "href": "https://access.redhat.com/errata/RHSA-2012:1200", "type": "redhat", "title": "(RHSA-2012:1200) Moderate: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nMITKRB5-SA-2012-001\r\n\r\nMIT krb5 Security Advisory 2012-001\r\nOriginal release: 2012-07-31\r\n\r\nTopic: KDC heap corruption and crash vulnerabilities\r\n\r\nCVE-2012-1015: KDC frees uninitialized pointer\r\n\r\nCVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C\r\n\r\nCVSSv2 Base Score: 9.3\r\n\r\nAccess Vector: Network\r\nAccess Complexity: Medium\r\nAuthentication: None\r\nConfidentiality Impact: Complete\r\nIntegrity Impact: Complete\r\nAvailability Impact: Complete\r\n\r\nCVSSv2 Temporal Score: 7.3\r\n\r\nExploitability: Proof-of-Concept\r\nRemediation Level: Official Fix\r\nReport Confidence: Confirmed\r\n\r\nCVE-2012-1014: KDC dereferences uninitialized pointer\r\n\r\nCVSSv2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C/E:POC/RL:OF/RC:C\r\nCVSSv2 Base Score: 9\r\nCVSSv2 Temporal Score: 7\r\n\r\nSUMMARY\r\n=======\r\n\r\nCVE-2012-1015: The MIT krb5 KDC &#40;Key Distribution Center&#41; daemon can\r\nfree an uninitialized pointer while processing an unusual AS-REQ,\r\ncorrupting the process heap and possibly causing the daemon to\r\nabnormally terminate. An attacker could use this vulnerability to\r\nexecute malicious code, but exploiting frees of uninitialized pointers\r\nto execute code is believed to be difficult. It is possible that a\r\nlegitimate client that is misconfigured in an unusual way could\r\ntrigger this vulnerability.\r\n\r\nCVE-2012-1014: The MIT krb5 KDC daemon can dereference an\r\nuninitialized pointer while processing a malformed AS-REQ, causing the\r\ndaemon to abnormally terminate. This vulnerability could\r\ntheoretically lead to the execution of malicious code, but that is\r\nbelieved to be very difficult.\r\n\r\nNo known exploit exists that is capable of executing malicious code\r\nfor either vulnerability, but it is also not difficult to trigger a\r\ndenial of service with either vulnerability.\r\n\r\nIMPACT\r\n======\r\n\r\nCVE-2012-1015: By sending a specially crafted AS-REQ, an\r\nunauthenticated remote attacker can cause the KDC to abnormally\r\nterminate or to execute malicious code.\r\n\r\nCVE-2012-1014: By sending a malformed AS-REQ, an unauthenticated\r\nremote attacker can cause the KDC to abnormally terminate. It is\r\ntheoretically possible, but unlikely, for this vulnerability to lead\r\nto the execution of malicious code.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* The KDC in releases krb5-1.8 and later is vulnerable to\r\n CVE-2012-1015.\r\n\r\n* The KDC in releases krb5-1.10 and later is vulnerable to\r\n CVE-2012-1014.\r\n\r\n* Some platforms detect attempts to free invalid pointers and\r\n protectively terminate the process, preventing arbitrary code\r\n execution on those platforms.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.10.3 release will contain a fix for\r\n CVE-2012-1014 and CVE-2012-1015.\r\n\r\n* The upcoming krb5-1.9.5 release will contain a fix for\r\n CVE-2012-1015.\r\n\r\n* Apply the following patch:\r\n\r\ndiff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c\r\nindex 23623fe..8ada9d0 100644\r\n- --- a/src/kdc/do_as_req.c\r\n+++ b/src/kdc/do_as_req.c\r\n@@ -463,7 +463,7 @@ process_as_req&#40;krb5_kdc_req *request, krb5_data *req_pkt,\r\n krb5_enctype useenctype;\r\n struct as_req_state *state;\r\n \r\n- - state = malloc&#40;sizeof&#40;*state&#41;&#41;;\r\n+ state = calloc&#40;sizeof&#40;*state&#41;, 1&#41;;\r\n if &#40;!state&#41; {\r\n &#40;*respond&#41;&#40;arg, ENOMEM, NULL&#41;;\r\n return;\r\n@@ -486,6 +486,7 @@ process_as_req&#40;krb5_kdc_req *request, krb5_data *req_pkt,\r\n state-&gt;authtime = 0;\r\n state-&gt;c_flags = 0;\r\n state-&gt;req_pkt = req_pkt;\r\n+ state-&gt;inner_body = NULL;\r\n state-&gt;rstate = NULL;\r\n state-&gt;sname = 0;\r\n state-&gt;cname = 0;\r\ndiff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c\r\nindex 9d8cb34..d4ece3f 100644\r\n- --- a/src/kdc/kdc_preauth.c\r\n+++ b/src/kdc/kdc_preauth.c\r\n@@ -1438,7 +1438,8 @@ etype_info_helper&#40;krb5_context context, krb5_kdc_req *request,\r\n continue;\r\n \r\n }\r\n- - if &#40;request_contains_enctype&#40;context, request, db_etype&#41;&#41; {\r\n+ if &#40;krb5_is_permitted_enctype&#40;context, db_etype&#41; &amp;&amp;\r\n+ request_contains_enctype&#40;context, request, db_etype&#41;&#41; {\r\n retval = _make_etype_info_entry&#40;context, client-&gt;princ,\r\n client_key, db_etype,\r\n &amp;entry[i], etype_info2&#41;;\r\ndiff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c\r\nindex a43b291..94dad3a 100644\r\n- --- a/src/kdc/kdc_util.c\r\n+++ b/src/kdc/kdc_util.c\r\n@@ -2461,6 +2461,7 @@ kdc_handle_protected_negotiation&#40;krb5_data *req_pkt, krb5_kdc_req *request,\r\n return 0;\r\n pa.magic = KV5M_PA_DATA;\r\n pa.pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;\r\n+ memset&#40;&amp;checksum, 0, sizeof&#40;checksum&#41;&#41;;\r\n retval = krb5_c_make_checksum&#40;kdc_context,0, reply_key,\r\n KRB5_KEYUSAGE_AS_REQ, req_pkt, &amp;checksum&#41;;\r\n if &#40;retval != 0&#41;\r\ndiff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c\r\nindex c4bf92e..367c894 100644\r\n- --- a/src/lib/kdb/kdb_default.c\r\n+++ b/src/lib/kdb/kdb_default.c\r\n@@ -61,6 +61,9 @@ krb5_dbe_def_search_enctype&#40;kcontext, dbentp, start, ktype, stype, kvno, kdatap&#41;\r\n krb5_boolean saw_non_permitted = FALSE;\r\n \r\n ret = 0;\r\n+ if &#40;ktype != -1 &amp;&amp; !krb5_is_permitted_enctype&#40;kcontext, ktype&#41;&#41;\r\n+ return KRB5_KDB_NO_PERMITTED_KEY;\r\n+\r\n if &#40;kvno == -1 &amp;&amp; stype == -1 &amp;&amp; ktype == -1&#41;\r\n kvno = 0;\r\n \r\n\r\n\r\n This patch is also available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2012-001-patch.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2012-001-patch.txt.asc\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement is posted at:\r\n\r\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVSSv2:\r\n\r\n http://www.first.org/cvss/cvss-guide.html\r\n http://nvd.nist.gov/cvss.cfm?calculator&amp;adv&amp;version=2\r\n\r\nCVE: CVE-2012-1014\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014\r\n\r\nCVE: CVE-2012-1015\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nWe thank Emmanuel Bouillon &#40;NCI Agency&#41; for discovering and reporting\r\nthese vulnerabilities.\r\n\r\nCONTACT\r\n=======\r\n\r\nThe MIT Kerberos Team security contact address is\r\n&lt;krbcore-security@mit.edu&gt;. When sending sensitive information,\r\nplease PGP-encrypt it using the following key:\r\n\r\npub 2048R/07566CE5 2012-01-27 [expires: 2013-02-01]\r\nuid MIT Kerberos Team Security Contact &lt;krbcore-security@mit.edu&gt;\r\n\r\nDETAILS\r\n=======\r\n\r\nCVE-2012-1015: KDC frees uninitialized pointer\r\n\r\nThe KDC function kdc_handle_protected_negotiation&#40;&#41;, which handles the\r\nprotected negotiation feature of the FAST Kerberos protocol extension,\r\ncan attempt to create a checksum using a key type that is invalid for\r\nproducing checksums. This causes its call to krb5_c_make_checksum&#40;&#41;\r\nto fail, which leads to the cleanup code in\r\nkdc_handle_protected_negotiation&#40;&#41; freeing an uninitialized pointer.\r\n\r\nIt is possible, but unlikely, for a legitimate client to be\r\nmisconfigured in a way that causes the KDC to attempt to use such an\r\ninvalid key type in this code.\r\n\r\nCVE-2012-1014: KDC dereferences uninitialized pointer\r\n\r\nCVSSv2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C/E:POC/RL:OF/RC:C\r\n\r\nCVSSv2 Base Score: 9\r\n\r\nAccess Vector: Network\r\nAccess Complexity: Low\r\nAuthentication: None\r\nConfidentiality Impact: Partial\r\nIntegrity Impact: Partial\r\nAvailability Impact: Complete\r\n\r\nCVSSv2 Temporal Score: 7\r\n\r\nExploitability: Proof-of-Concept\r\nRemediation Level: Official Fix\r\nReport Confidence: Confirmed\r\n\r\nThe KDC function process_as_req&#40;&#41;, which handles incoming AS-REQ\r\nmessages, allocates a state object using malloc&#40;&#41; and initializes many\r\nfields within it. It fails to initialize state-&gt;inner_body, which is\r\na pointer to a krb5_data object. If the uninitialized value\r\nstate-&gt;inner_body is not null, a failure in process_as_req&#40;&#41; that\r\nprecedes the call to kdc_find_fast&#40;&#41; could cause error handling code\r\nin finish_process_as_req&#40;&#41; to pass the uninitialized state-&gt;inner_body\r\npointer to krb5_free_data&#40;&#41;, which would proceed to dereference the\r\nuninitialized pointer. The typical outcome is KDC process termination\r\ndue to a segmentation fault or similar memory fault.\r\n\r\nIt is theoretically possible for an attacker to manipulate the\r\ncontents of the heap so that the uninitialized pointer\r\nstate-&gt;inner_body would point to valid memory where\r\nstate-&gt;inner_body-&gt;data contains an attacker-chosen invalid pointer\r\nvalue. The krb5_free_data&#40;&#41; function would then pass this invalid\r\npointer to free&#40;&#41;. This could allow the attacker to overwrite memory\r\nor execute malicious code on some platforms, depending on the details\r\nof the malloc&#40;&#41; implementation. This indirect attack method seems\r\nmuch less likely to succeed than one where the attacker could directly\r\ncontrol the invalid pointer value that the program passes to free&#40;&#41;.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2012-07-31 original release\r\n\r\nCopyright &#40;C&#41; 2012 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 &#40;SunOS&#41;\r\n\r\niEYEARECAAYFAlAYHFcACgkQSO8fWy4vZo6GswCgi1sNmgLekPTxnHgOaiEmKeVF\r\n1TMAn2EoBKvxZBWhNTISWjM1jcV7sHrU\r\n=8oTe\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-08-06T00:00:00", "published": "2012-08-06T00:00:00", "id": "SECURITYVULNS:DOC:28343", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28343", "title": "MITKRB5-SA-2012-001: KDC heap corruption and crash [CVE-2012-1014 CVE-2012-1015]", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "description": "NULL pointer dereference", "modified": "2012-07-09T00:00:00", "published": "2012-07-09T00:00:00", "id": "SECURITYVULNS:VULN:12447", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12447", "title": "MIT Kerberos 5 kadmind DoS", "type": "securityvulns", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "description": "Uninitialized pointer free, DoS.", "modified": "2012-08-06T00:00:00", "published": "2012-08-06T00:00:00", "id": "SECURITYVULNS:VULN:12500", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12500", "title": "MIT Kerberos 5 security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:39", "bulletinFamily": "unix", "description": "Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2012-1015)\n\nEmmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014)\n\nSimo Sorce discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference a NULL pointer when handling a malformed TGS-REQ message. A remote authenticated attacker could use this to cause a denial of service. (CVE-2012-1013)\n\nIt was discovered that the kadmin protocol implementation in MIT krb5 did not properly restrict access to the SET_STRING and GET_STRINGS operations. A remote authenticated attacker could use this to expose or modify sensitive information. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1012)", "modified": "2012-07-31T00:00:00", "published": "2012-07-31T00:00:00", "id": "USN-1520-1", "href": "https://usn.ubuntu.com/1520-1/", "title": "Kerberos vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:34", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2518-1 security@debian.org\nhttp://www.debian.org/security/ Yves-Alexis Perez\nJuly 31, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : krb5\nVulnerability : denial of service and remote code execution\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-1014 CVE-2012-1015\nDebian Bug : 683429\n\nEmmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT\nKerberos, a daemon implementing the network authentication protocol.\n\nCVE-2012-1014\n\n\tBy sending specially crafted AS-REQ (Authentication Service Request) to a KDC\n\t(Key Distribution Center), an attacker could make it free an uninitialized\n\tpointer, corrupting the heap. This can lead to process crash or even arbitrary\n\tcode execution.\n\t.\n\tThis CVE only affects testing (wheezy) and unstable (sid) distributions.\n\nCVE-2012-1015\n\n\tBy sending specially crafted AS-REQ to a KDC, an attacker could make it\n\tdereference an uninitialized pointer, leading to process crash or even\n\tarbitrary code execution\n\nIn both cases, arbitrary code execution is believed to be difficult to achieve,\nbut might not be impossible.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.8.3+dfsg-4squeeze6.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.10.1+dfsg-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1+dfsg-2.\n\nWe recommend that you upgrade your krb5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-07-31T19:57:32", "published": "2012-07-31T19:57:32", "id": "DEBIAN:DSA-2518-1:1BFBF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00158.html", "title": "[SECURITY] [DSA 2518-1] krb5 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Additionally, a remote attacker could impersonate a kadmind server and send a specially crafted packet to the password change port, which can result in a ping-pong condition and a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.11.4\"", "modified": "2013-12-16T00:00:00", "published": "2013-12-16T00:00:00", "id": "GLSA-201312-12", "href": "https://security.gentoo.org/glsa/201312-12", "type": "gentoo", "title": "MIT Kerberos 5: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}