ID ORACLELINUX_ELSA-2012-1131.NASL Type nessus Reporter Tenable Modified 2016-05-06T00:00:00
Description
From Red Hat Security Advisory 2012:1131 :
Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).
An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)
A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.
(CVE-2012-1013)
Red Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.
All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2012:1131 and
# Oracle Linux Security Advisory ELSA-2012-1131 respectively.
#
include("compat.inc");
if (description)
{
script_id(68589);
script_version("$Revision: 1.5 $");
script_cvs_date("$Date: 2016/05/06 17:02:15 $");
script_cve_id("CVE-2012-1013", "CVE-2012-1015");
script_bugtraq_id(53784, 54750);
script_osvdb_id(82650, 84423);
script_xref(name:"RHSA", value:"2012:1131");
script_name(english:"Oracle Linux 6 : krb5 (ELSA-2012-1131)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"From Red Hat Security Advisory 2012:1131 :
Updated krb5 packages that fix two security issues are now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).
An uninitialized pointer use flaw was found in the way the MIT
Kerberos KDC handled initial authentication requests (AS-REQ). A
remote, unauthenticated attacker could use this flaw to crash the KDC
via a specially crafted AS-REQ request. (CVE-2012-1015)
A NULL pointer dereference flaw was found in the MIT Kerberos
administration daemon, kadmind. A Kerberos administrator who has the
'create' privilege could use this flaw to crash kadmind.
(CVE-2012-1013)
Red Hat would like to thank the MIT Kerberos project for reporting
CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as
the original reporter of CVE-2012-1015.
All krb5 users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the
updated packages, the krb5kdc and kadmind daemons will be restarted
automatically."
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-pkinit-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-workstation");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"patch_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL6", reference:"krb5-devel-1.9-33.el6_3.2")) flag++;
if (rpm_check(release:"EL6", reference:"krb5-libs-1.9-33.el6_3.2")) flag++;
if (rpm_check(release:"EL6", reference:"krb5-pkinit-openssl-1.9-33.el6_3.2")) flag++;
if (rpm_check(release:"EL6", reference:"krb5-server-1.9-33.el6_3.2")) flag++;
if (rpm_check(release:"EL6", reference:"krb5-server-ldap-1.9-33.el6_3.2")) flag++;
if (rpm_check(release:"EL6", reference:"krb5-workstation-1.9-33.el6_3.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc");
}
{"published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2012-1131.NASL", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:56", "bulletin": {"enchantments": {}, "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2012-1131.NASL", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "cpe": [], "hash": "4691d4b236d44909c4400e22fa629da6ac3f6c7126b7565f4de862b3e428a536", "description": "From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "type": "nessus", "pluginID": "68589", "lastseen": "2016-09-26T17:23:56", "edition": 1, "title": "Oracle Linux 6 : krb5 (ELSA-2012-1131)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68589", "modified": "2016-05-06T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "references": ["https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"], "naslFamily": "Oracle Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# Oracle Linux Security Advisory ELSA-2012-1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68589);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/06 17:02:15 $\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784, 54750);\n script_osvdb_id(82650, 84423);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2012-1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "hashmap": [{"hash": "836f1184b14682aed3e69ad1ea9ba8c2", "key": "cvelist"}, {"hash": "fbf01356bcde2c97e7cc267814916f91", "key": "references"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "25c5b42bc30232d09aaaae5d5a2054ba", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "61d5480c14d50c862b96067eac120e3c", "key": "title"}, {"hash": "988d3ff91a3440b68c4af2c2e0628c98", "key": "description"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "02fd001a0304d1a0b2355a80160b5758", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "08c2ac946c35e44852c379a843c258b8", "key": "href"}, {"hash": "62f567f562bbeddeaf1e6db6eec3283c", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "hash": "815aec0fff2240494dddb0014db0f56abf5b661fdecf6241697b7485a45f7af7", "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "pluginID": "68589", "lastseen": "2017-10-29T13:35:57", "edition": 2, "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-pkinit-openssl", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation"], "title": "Oracle Linux 6 : krb5 (ELSA-2012-1131)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68589", "modified": "2016-05-06T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "references": ["https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html"], "naslFamily": "Oracle Linux Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1131 and \n# Oracle Linux Security Advisory ELSA-2012-1131 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68589);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/06 17:02:15 $\");\n\n script_cve_id(\"CVE-2012-1013\", \"CVE-2012-1015\");\n script_bugtraq_id(53784, 54750);\n script_osvdb_id(82650, 84423);\n script_xref(name:\"RHSA\", value:\"2012:1131\");\n\n script_name(english:\"Oracle Linux 6 : krb5 (ELSA-2012-1131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1131 :\n\nUpdated krb5 packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled initial authentication requests (AS-REQ). A\nremote, unauthenticated attacker could use this flaw to crash the KDC\nvia a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as\nthe original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the\nupdated packages, the krb5kdc and kadmind daemons will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002964.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"krb5-devel-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-libs-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-pkinit-openssl-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-server-ldap-1.9-33.el6_3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"krb5-workstation-1.9-33.el6_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc\");\n}\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "e90120bf1041ad069eb3ca6e6ea7cf84", "key": "cpe"}, {"hash": "836f1184b14682aed3e69ad1ea9ba8c2", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "988d3ff91a3440b68c4af2c2e0628c98", "key": "description"}, {"hash": "08c2ac946c35e44852c379a843c258b8", "key": "href"}, {"hash": "62f567f562bbeddeaf1e6db6eec3283c", "key": "modified"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "02fd001a0304d1a0b2355a80160b5758", "key": "pluginID"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "fbf01356bcde2c97e7cc267814916f91", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "25c5b42bc30232d09aaaae5d5a2054ba", "key": "sourceData"}, {"hash": "61d5480c14d50c862b96067eac120e3c", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}
{"result": {"cve": [{"id": "CVE-2012-1013", "type": "cve", "title": "CVE-2012-1013", "description": "The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.", "published": "2012-06-07T15:55:07", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1013", "cvelist": ["CVE-2012-1013"], "lastseen": "2016-09-03T16:18:54"}, {"id": "CVE-2012-1015", "type": "cve", "title": "CVE-2012-1015", "description": "The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.", "published": "2012-08-06T12:55:01", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1015", "cvelist": ["CVE-2012-1015"], "lastseen": "2016-09-03T16:18:57"}], "nessus": [{"id": "MANDRIVA_MDVSA-2012-102.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2012:102)", "description": "A vulnerability has been discovered and corrected in krb5 :\n\nFix a kadmind denial of service issue (NULL pointer dereference), which could only be triggered by an administrator with the create privilege (CVE-2012-1013).\n\nThe updated packages have been patched to correct this issue.", "published": "2012-07-07T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59860", "cvelist": ["CVE-2012-1013"], "lastseen": "2017-10-29T13:43:53"}, {"id": "FEDORA_2012-8805.NASL", "type": "nessus", "title": "Fedora 15 : krb5-1.9.3-2.fc15 (2012-8805)", "description": "This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-06-14T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59486", "cvelist": ["CVE-2012-1013"], "lastseen": "2017-10-29T13:41:11"}, {"id": "OPENSUSE-2012-360.NASL", "type": "nessus", "title": "openSUSE Security Update : krb5 (openSUSE-SU-2012:0834-1)", "description": "Fixing CVE-2012-1013 (krb5 kadmind denial of service via NULL pointer dereference)", "published": "2014-06-13T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74662", "cvelist": ["CVE-2012-1013"], "lastseen": "2017-10-29T13:37:36"}, {"id": "FEDORA_2012-8784.NASL", "type": "nessus", "title": "Fedora 17 : krb5-1.10-7.fc17 (2012-8784)", "description": "This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-06-14T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59484", "cvelist": ["CVE-2012-1013"], "lastseen": "2017-10-29T13:46:04"}, {"id": "FEDORA_2012-8803.NASL", "type": "nessus", "title": "Fedora 16 : krb5-1.9.3-2.fc16 (2012-8803)", "description": "This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-06-14T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59485", "cvelist": ["CVE-2012-1013"], "lastseen": "2017-10-29T13:33:13"}, {"id": "ALA_ALAS-2012-114.NASL", "type": "nessus", "title": "Amazon Linux AMI : krb5 (ALAS-2012-114)", "description": "An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)", "published": "2013-09-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69604", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2018-04-19T08:07:27"}, {"id": "SL_20120731_KRB5_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : krb5 on SL6.x i386/x86_64", "description": "Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "published": "2012-08-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61407", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2017-10-29T13:36:59"}, {"id": "REDHAT-RHSA-2012-1131.NASL", "type": "nessus", "title": "RHEL 6 : krb5 (RHSA-2012:1131)", "description": "Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "published": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61377", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2017-10-29T13:36:49"}, {"id": "CENTOS_RHSA-2012-1131.NASL", "type": "nessus", "title": "CentOS 6 : krb5 (CESA-2012:1131)", "description": "Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind.\n(CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.", "published": "2013-06-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67093", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2017-10-29T13:44:34"}, {"id": "MANDRIVA_MDVSA-2013-042.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2013:042)", "description": "Multiple vulnerabilities has been discovered and corrected in krb5 :\n\nFix a kadmind denial of service issue (NULL pointer dereference), which could only be triggered by an administrator with the create privilege (CVE-2012-1013).\n\nThe MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability (CVE-2012-1015).\n\nIt was reported that the KDC plugin for PKINIT could dereference a NULL pointer when a malformed packet caused processing to terminate early, which led to a crash of the KDC process. An attacker would require a valid PKINIT certificate or have observed a successful PKINIT authentication to execute a successful attack. In addition, an unauthenticated attacker could execute the attack of anonymouse PKINIT was enabled (CVE-2013-1415).\n\nThe updated packages have been patched to correct these issues.", "published": "2013-04-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66056", "cvelist": ["CVE-2012-1013", "CVE-2013-1415", "CVE-2012-1015"], "lastseen": "2017-10-29T13:43:30"}], "openvas": [{"id": "OPENVAS:831693", "type": "openvas", "title": "Mandriva Update for krb5 MDVSA-2012:102 (krb5)", "description": "Check for the Version of krb5", "published": "2012-07-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831693", "cvelist": ["CVE-2012-1013"], "lastseen": "2018-01-08T12:56:45"}, {"id": "OPENVAS:864451", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2012-8784", "description": "Check for the Version of krb5", "published": "2012-08-30T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=864451", "cvelist": ["CVE-2012-1013"], "lastseen": "2018-01-08T12:57:49"}, {"id": "OPENVAS:1361412562310831693", "type": "openvas", "title": "Mandriva Update for krb5 MDVSA-2012:102 (krb5)", "description": "Check for the Version of krb5", "published": "2012-07-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831693", "cvelist": ["CVE-2012-1013"], "lastseen": "2018-04-06T11:17:09"}, {"id": "OPENVAS:1361412562310864451", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2012-8784", "description": "Check for the Version of krb5", "published": "2012-08-30T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864451", "cvelist": ["CVE-2012-1013"], "lastseen": "2018-04-06T11:18:56"}, {"id": "OPENVAS:870803", "type": "openvas", "title": "RedHat Update for krb5 RHSA-2012:1131-01", "description": "Check for the Version of krb5", "published": "2012-08-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870803", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2018-01-08T12:56:17"}, {"id": "OPENVAS:1361412562310864450", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2012-8803", "description": "Check for the Version of krb5", "published": "2012-06-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864450", "cvelist": ["CVE-2011-1530", "CVE-2012-1013"], "lastseen": "2018-04-06T11:19:39"}, {"id": "OPENVAS:881460", "type": "openvas", "title": "CentOS Update for krb5-devel CESA-2012:1131 centos6 ", "description": "Check for the Version of krb5-devel", "published": "2012-08-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881460", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2018-01-02T10:57:05"}, {"id": "OPENVAS:1361412562310881460", "type": "openvas", "title": "CentOS Update for krb5-devel CESA-2012:1131 centos6 ", "description": "Check for the Version of krb5-devel", "published": "2012-08-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881460", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2018-04-06T11:17:52"}, {"id": "OPENVAS:864450", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2012-8803", "description": "Check for the Version of krb5", "published": "2012-06-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=864450", "cvelist": ["CVE-2011-1530", "CVE-2012-1013"], "lastseen": "2018-01-08T12:58:12"}, {"id": "OPENVAS:1361412562310123852", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1131", "description": "Oracle Linux Local Security Checks ELSA-2012-1131", "published": "2015-10-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123852", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2017-07-24T12:52:21"}], "amazon": [{"id": "ALAS-2012-114", "type": "amazon", "title": "Important: krb5", "description": "**Issue Overview:**\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. ([CVE-2012-1015 __](<https://access.redhat.com/security/cve/CVE-2012-1015>))\n\nA NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the \"create\" privilege could use this flaw to crash kadmind. ([CVE-2012-1013 __](<https://access.redhat.com/security/cve/CVE-2012-1013>))\n\n \n**Affected Packages:** \n\n\nkrb5\n\n \n**Issue Correction:** \nRun _yum update krb5_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n krb5-pkinit-openssl-1.9-33.22.amzn1.i686 \n krb5-server-ldap-1.9-33.22.amzn1.i686 \n krb5-debuginfo-1.9-33.22.amzn1.i686 \n krb5-devel-1.9-33.22.amzn1.i686 \n krb5-workstation-1.9-33.22.amzn1.i686 \n krb5-libs-1.9-33.22.amzn1.i686 \n krb5-server-1.9-33.22.amzn1.i686 \n \n src: \n krb5-1.9-33.22.amzn1.src \n \n x86_64: \n krb5-server-ldap-1.9-33.22.amzn1.x86_64 \n krb5-workstation-1.9-33.22.amzn1.x86_64 \n krb5-libs-1.9-33.22.amzn1.x86_64 \n krb5-pkinit-openssl-1.9-33.22.amzn1.x86_64 \n krb5-devel-1.9-33.22.amzn1.x86_64 \n krb5-server-1.9-33.22.amzn1.x86_64 \n krb5-debuginfo-1.9-33.22.amzn1.x86_64 \n \n \n", "published": "2012-08-03T15:55:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2012-114.html", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2016-09-28T21:04:09"}], "redhat": [{"id": "RHSA-2012:1131", "type": "redhat", "title": "(RHSA-2012:1131) Important: krb5 security update", "description": "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC\nhandled initial authentication requests (AS-REQ). A remote,\nunauthenticated attacker could use this flaw to crash the KDC via a\nspecially-crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n\"create\" privilege could use this flaw to crash kadmind. (CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the\noriginal reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the krb5kdc and kadmind daemons will be restarted automatically.\n", "published": "2012-07-31T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1131", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2018-06-12T21:09:20"}, {"id": "RHSA-2012:1200", "type": "redhat", "title": "(RHSA-2012:1200) Moderate: rhev-hypervisor6 security and bug fix update", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nMultiple errors in glibc's formatted printing functionality could allow an\nattacker to bypass FORTIFY_SOURCE protections and execute arbitrary code\nusing a format string flaw in an application, even though these protections\nare expected to limit the impact of such flaws to an application abort.\n(CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-3817 (bind issue)\n\nCVE-2012-3571 and CVE-2012-3954 (dhcp issues)\n\nCVE-2011-1078 and CVE-2012-2383 (kernel issues)\n\nCVE-2012-1013 and CVE-2012-1015 (krb5 issues)\n\nCVE-2012-0441 (nss issue)\n\nCVE-2012-2668 (openldap issue)\n\nCVE-2012-2337 (sudo issue)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "published": "2012-08-23T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1200", "cvelist": ["CVE-2011-1078", "CVE-2012-0441", "CVE-2012-1013", "CVE-2012-1015", "CVE-2012-2337", "CVE-2012-2383", "CVE-2012-2668", "CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3571", "CVE-2012-3817", "CVE-2012-3954"], "lastseen": "2018-06-07T05:58:52"}], "oraclelinux": [{"id": "ELSA-2012-1131", "type": "oraclelinux", "title": "krb5 security update", "description": "[1.9-33.2]\n- pull up the patch to correct a possible NULL pointer dereference in\n kadmind (CVE-2012-1013, #827517)\n[1.9-33.1]\n- add candidate patch from upstream to fix freeing uninitialized pointer in\n the KDC (MITKRB5-SA-2012-001, CVE-2012-1015, #839859)", "published": "2012-07-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-1131.html", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2016-09-04T11:16:40"}], "centos": [{"id": "CESA-2012:1131", "type": "centos", "title": "krb5 security update", "description": "**CentOS Errata and Security Advisory** CESA-2012:1131\n\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third-party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC\nhandled initial authentication requests (AS-REQ). A remote,\nunauthenticated attacker could use this flaw to crash the KDC via a\nspecially-crafted AS-REQ request. (CVE-2012-1015)\n\nA NULL pointer dereference flaw was found in the MIT Kerberos\nadministration daemon, kadmind. A Kerberos administrator who has the\n\"create\" privilege could use this flaw to crash kadmind. (CVE-2012-1013)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the\noriginal reporter of CVE-2012-1015.\n\nAll krb5 users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the krb5kdc and kadmind daemons will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018777.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-pkinit-openssl\nkrb5-server\nkrb5-server-ldap\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1131.html", "published": "2012-07-31T19:18:36", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2012-July/018777.html", "cvelist": ["CVE-2012-1013", "CVE-2012-1015"], "lastseen": "2017-10-03T18:25:56"}], "ubuntu": [{"id": "USN-1520-1", "type": "ubuntu", "title": "Kerberos vulnerabilities", "description": "Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2012-1015)\n\nEmmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014)\n\nSimo Sorce discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference a NULL pointer when handling a malformed TGS-REQ message. A remote authenticated attacker could use this to cause a denial of service. (CVE-2012-1013)\n\nIt was discovered that the kadmin protocol implementation in MIT krb5 did not properly restrict access to the SET_STRING and GET_STRINGS operations. A remote authenticated attacker could use this to expose or modify sensitive information. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1012)", "published": "2012-07-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1520-1/", "cvelist": ["CVE-2012-1013", "CVE-2012-1014", "CVE-2012-1012", "CVE-2012-1015"], "lastseen": "2018-03-29T18:18:54"}], "debian": [{"id": "DSA-2518", "type": "debian", "title": "krb5 -- denial of service and remote code execution", "description": "Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol.\n\n * [CVE-2012-1014](<https://security-tracker.debian.org/tracker/CVE-2012-1014>)\n\nBy sending specially crafted AS-REQ (Authentication Service Request) to a KDC (Key Distribution Center), an attacker could make it free an uninitialized pointer, corrupting the heap. This can lead to process crash or even arbitrary code execution.\n\nThis CVE only affects testing (wheezy) and unstable (sid) distributions.\n\n * [CVE-2012-1015](<https://security-tracker.debian.org/tracker/CVE-2012-1015>)\n\nBy sending specially crafted AS-REQ to a KDC, an attacker could make it dereference an uninitialized pointer, leading to process crash or even arbitrary code execution\n\nIn both cases, arbitrary code execution is believed to be difficult to achieve, but might not be impossible.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 1.8.3+dfsg-4squeeze6.\n\nFor the testing distribution (wheezy), this problem has been fixed in version 1.10.1+dfsg-2.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.10.1+dfsg-2.\n\nWe recommend that you upgrade your krb5 packages.", "published": "2012-07-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2518", "cvelist": ["CVE-2012-1014", "CVE-2012-1015"], "lastseen": "2016-09-02T18:31:09"}], "gentoo": [{"id": "GLSA-201312-12", "type": "gentoo", "title": "MIT Kerberos 5: Multiple vulnerabilities", "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Additionally, a remote attacker could impersonate a kadmind server and send a specially crafted packet to the password change port, which can result in a ping-pong condition and a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.11.4\"", "published": "2013-12-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201312-12", "cvelist": ["CVE-2012-1014", "CVE-2013-1416", "CVE-2013-1418", "CVE-2012-1015", "CVE-2013-1417", "CVE-2002-2443", "CVE-2013-6800"], "lastseen": "2016-09-06T19:46:44"}]}}
