Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2004-350.NASL
HistorySep 01, 2004 - 12:00 a.m.

RHEL 3 : krb5 (RHSA-2004:350)

2004-09-0100:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

Updated krb5 packages that improve client responsiveness and fix several security issues are now available for Red Hat Enterprise Linux 3.

Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.

Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0642 and CVE-2004-0643 to these issues.

A double-free bug was also found in the krb524 server (CVE-2004-0772), however this issue does not affect Red Hat Enterprise Linux 3 Kerberos packages.

An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0644 to this issue.

When attempting to contact a KDC, the Kerberos libraries will iterate through the list of configured servers, attempting to contact each in turn. If one of the servers becomes unresponsive, the client will time out and contact the next configured server. When the library attempts to contact the next KDC, the entire process is repeated. For applications which must contact a KDC several times, the accumulated time spent waiting can become significant.

This update modifies the libraries, notes which server for a given realm last responded to a request, and attempts to contact that server first before contacting any of the other configured servers.

All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2004:350. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14595);
  script_version("1.32");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2004-0642", "CVE-2004-0643", "CVE-2004-0644", "CVE-2004-0772");
  script_xref(name:"RHSA", value:"2004:350");

  script_name(english:"RHEL 3 : krb5 (RHSA-2004:350)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated krb5 packages that improve client responsiveness and fix
several security issues are now available for Red Hat Enterprise Linux
3.

Kerberos is a networked authentication system that uses a trusted
third party (a KDC) to authenticate clients and servers to each other.

Several double-free bugs were found in the Kerberos 5 KDC and
libraries. A remote attacker could potentially exploit these flaws to
execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the names CVE-2004-0642 and
CVE-2004-0643 to these issues.

A double-free bug was also found in the krb524 server (CVE-2004-0772),
however this issue does not affect Red Hat Enterprise Linux 3 Kerberos
packages.

An infinite loop bug was found in the Kerberos 5 ASN.1 decoder
library. A remote attacker may be able to trigger this flaw and cause
a denial of service. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0644 to this issue.

When attempting to contact a KDC, the Kerberos libraries will iterate
through the list of configured servers, attempting to contact each in
turn. If one of the servers becomes unresponsive, the client will time
out and contact the next configured server. When the library attempts
to contact the next KDC, the entire process is repeated. For
applications which must contact a KDC several times, the accumulated
time spent waiting can become significant.

This update modifies the libraries, notes which server for a given
realm last responded to a request, and attempts to contact that server
first before contacting any of the other configured servers.

All users of krb5 should upgrade to these updated packages, which
contain backported security patches to resolve these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0643"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://web.mit.edu/kerberos/advisories/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2004:350"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/08/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2004:350";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL3", reference:"krb5-devel-1.2.7-28")) flag++;
  if (rpm_check(release:"RHEL3", reference:"krb5-libs-1.2.7-28")) flag++;
  if (rpm_check(release:"RHEL3", reference:"krb5-server-1.2.7-28")) flag++;
  if (rpm_check(release:"RHEL3", reference:"krb5-workstation-1.2.7-28")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-server / krb5-workstation");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxkrb5-develp-cpe:/a:redhat:enterprise_linux:krb5-devel
redhatenterprise_linuxkrb5-libsp-cpe:/a:redhat:enterprise_linux:krb5-libs
redhatenterprise_linuxkrb5-serverp-cpe:/a:redhat:enterprise_linux:krb5-server
redhatenterprise_linuxkrb5-workstationp-cpe:/a:redhat:enterprise_linux:krb5-workstation
redhatenterprise_linux3cpe:/o:redhat:enterprise_linux:3

Related

redhat 3
osv 1
openvas 8
nessus 13
securityvulns 4
gentoo 1
debian 2
cisco 1
freebsd 2
cert 4
cve 4
ubuntucve 4
debiancve 4
redhat
redhat
(RHSA-2004:448) krb5 security update
2004-08-31 00:00:00
(RHSA-2004:350) krb5 security update
2004-08-31 00:00:00
(RHSA-2003:052) krb5 security update
2003-03-27 00:00:00
osv
osv
krb5 -- several vulnerabilities
2004-08-31 00:00:00
openvas
openvas
Debian Security Advisory DSA 543-1 (krb5)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200409-09 (mit-krb5)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-543-1)
2008-01-17 00:00:00
nessus
nessus
RHEL 2.1 : krb5 (RHSA-2004:448)
2004-09-01 00:00:00
GLSA-200409-09 : MIT krb5: Multiple vulnerabilities
2004-09-06 00:00:00
Fedora Core 1 : krb5-1.3.4-5 (2004-276)
2004-08-31 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities
2004-09-01 00:00:00
US-CERT Technical Cyber Security Alert TA04-247A -- Vulnerabilities in MIT Kerberos 5
2004-09-04 00:00:00
MITKRB5-SA-2004-002: double-free vulnerabilities
2004-09-02 00:00:00
gentoo
gentoo
MIT krb5: Multiple vulnerabilities
2004-09-06 00:00:00
debian
debian
[SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities
2004-08-31 17:11:20
[SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities
2004-08-31 17:11:20
cisco
cisco
Vulnerabilities in Kerberos 5 Implementation
2004-08-31 18:30:00
freebsd
freebsd
krb5 -- double-free vulnerabilities
2004-08-31 00:00:00
krb5 -- ASN.1 decoder denial-of-service vulnerability
2004-08-31 00:00:00
cert
cert
MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free)
2004-09-02 00:00:00
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
2004-09-02 00:00:00
MIT Kerberos 5 ASN.1 decoding function asn1buf_skiptail() does not properly terminate loop
2004-09-02 00:00:00
cve
cve
CVE-2004-0643
2004-09-28 04:00:00
CVE-2004-0644
2004-09-28 04:00:00
CVE-2004-0642
2004-09-28 04:00:00
ubuntucve
ubuntucve
CVE-2004-0643
2004-09-28 00:00:00
CVE-2004-0644
2004-09-28 00:00:00
CVE-2004-0642
2004-09-28 00:00:00
debiancve
debiancve
CVE-2004-0644
2004-09-28 04:00:00
CVE-2004-0642
2004-09-28 04:00:00
CVE-2004-0643
2004-09-28 04:00:00
JSON
Related for REDHAT-RHSA-2004-350.NASL
redhat3osv1openvas8nessus13securityvulns4gentoo1debian2cisco1freebsd2cert4cve4ubuntucve4debiancve4