SuSE 10 Security Update : Kerberos (ZYPP Patch Number 4852)
2008-01-16T00:00:00
ID SUSE_KRB5-4852.NASL Type nessus Reporter Tenable Modified 2016-12-22T00:00:00
Description
This update fixes multiple vulnerabilties in krb5. It's unlikely that
those vulnerabilties can actually be exploited. (CVE-2007-5894 /
CVE-2007-5902 / CVE-2007-5971 / CVE-2007-5972)
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#
include("compat.inc");
if (description)
{
script_id(29992);
script_version ("$Revision: 1.16 $");
script_cvs_date("$Date: 2016/12/22 20:42:26 $");
script_cve_id("CVE-2007-5894", "CVE-2007-5902", "CVE-2007-5971", "CVE-2007-5972");
script_name(english:"SuSE 10 Security Update : Kerberos (ZYPP Patch Number 4852)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 10 host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes multiple vulnerabilties in krb5. It's unlikely that
those vulnerabilties can actually be exploited. (CVE-2007-5894 /
CVE-2007-5902 / CVE-2007-5971 / CVE-2007-5972)"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2007-5894.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2007-5902.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2007-5971.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2007-5972.html"
);
script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4852.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cwe_id(119, 189, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2007/12/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/16");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
flag = 0;
if (rpm_check(release:"SLED10", sp:1, reference:"krb5-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLED10", sp:1, reference:"krb5-client-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLED10", sp:1, reference:"krb5-devel-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"krb5-32bit-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"krb5-devel-32bit-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"krb5-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"krb5-apps-clients-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"krb5-apps-servers-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"krb5-client-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"krb5-devel-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"krb5-server-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"krb5-32bit-1.4.3-19.30.3")) flag++;
if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"krb5-devel-32bit-1.4.3-19.30.3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else exit(0, "The host is not affected.");
{"nessus": [{"lastseen": "2019-01-16T20:08:02", "bulletinFamily": "scanner", "description": "This update fixes multiple vulnerabilties in krb5. It's unlikely that\nthose vulnerabilties can actually be exploited. (CVE-2007-5894,\nCVE-2007-5902, CVE-2007-5971, CVE-2007-5972)", "modified": "2016-12-22T00:00:00", "published": "2008-01-16T00:00:00", "id": "SUSE_KRB5-4851.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29991", "title": "openSUSE 10 Security Update : krb5 (krb5-4851)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update krb5-4851.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29991);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:26 $\");\n\n script_cve_id(\"CVE-2007-5894\", \"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\");\n\n script_name(english:\"openSUSE 10 Security Update : krb5 (krb5-4851)\");\n script_summary(english:\"Check for the krb5-4851 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple vulnerabilties in krb5. It's unlikely that\nthose vulnerabilties can actually be exploited. (CVE-2007-5894,\nCVE-2007-5902, CVE-2007-5971, CVE-2007-5972)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-1.4.3-19.30.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-apps-clients-1.4.3-19.30.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-apps-servers-1.4.3-19.30.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-client-1.4.3-19.30.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-devel-1.4.3-19.30.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-server-1.4.3-19.30.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.30.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.4.3-19.30.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-1.5.1-23.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-apps-clients-1.5.1-23.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-apps-servers-1.5.1-23.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-client-1.5.1-23.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-devel-1.5.1-23.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-server-1.5.1-23.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"krb5-32bit-1.5.1-23.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.5.1-23.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"krb5-1.6.2-22.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"krb5-apps-clients-1.6.2-22.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"krb5-apps-servers-1.6.2-22.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"krb5-client-1.6.2-22.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"krb5-devel-1.6.2-22.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"krb5-server-1.6.2-22.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"krb5-32bit-1.6.2-22.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.6.2-22.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5 / krb5-32bit / krb5-apps-clients / krb5-apps-servers / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:10:38", "bulletinFamily": "scanner", "description": "It was discovered that Kerberos did not correctly free memory in the\nGSSAPI and kdb libraries. If a remote attacker were able to manipulate\nan application using these libraries carefully, the service could\ncrash, leading to a denial of service. (Only Ubuntu 6.06 LTS was\naffected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)\n\nJoel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos\ndid not correctly verify certain packet structures. An unauthenticated\nremote attacker could send specially crafted traffic to cause the KDC\nor kadmind services to crash, leading to a denial of service.\n(CVE-2010-1320, CVE-2010-1321).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2010-05-20T00:00:00", "id": "UBUNTU_USN-940-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46688", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 : krb5 vulnerabilities (USN-940-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-940-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46688);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\", \"CVE-2010-1320\", \"CVE-2010-1321\");\n script_bugtraq_id(26750, 39599);\n script_xref(name:\"USN\", value:\"940-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 : krb5 vulnerabilities (USN-940-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Kerberos did not correctly free memory in the\nGSSAPI and kdb libraries. If a remote attacker were able to manipulate\nan application using these libraries carefully, the service could\ncrash, leading to a denial of service. (Only Ubuntu 6.06 LTS was\naffected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)\n\nJoel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos\ndid not correctly verify certain packet structures. An unauthenticated\nremote attacker could send specially crafted traffic to cause the KDC\nor kadmind services to crash, leading to a denial of service.\n(CVE-2010-1320, CVE-2010-1321).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/940-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssrpc4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libk5crypto3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5srv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdb5-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5support0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-admin-server\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-clients\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-doc\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-ftpd\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-kdc\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-rsh-server\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-telnetd\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-user\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkadm55\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb5-dev\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb53\", pkgver:\"1.4.3-5ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-clients\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-doc\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-kdc\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-pkinit\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"krb5-user\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libgssapi-krb5-2\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libgssrpc4\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libk5crypto3\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkadm5clnt6\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkadm5srv6\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkdb5-4\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkrb5-3\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkrb5-dbg\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkrb5support0\", pkgver:\"1.7dfsg~beta3-1ubuntu0.6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-clients / krb5-doc / krb5-ftpd / krb5-kdc / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:50", "bulletinFamily": "scanner", "description": "Sol Jerome discovered that the Kerberos kadmind service did not\ncorrectly free memory. An unauthenticated remote attacker could send\nspecially crafted traffic to crash the kadmind process, leading to a\ndenial of service. (CVE-2010-0629)\n\nIt was discovered that Kerberos did not correctly free memory in the\nGSSAPI library. If a remote attacker were able to manipulate an\napplication using GSSAPI carefully, the service could crash, leading\nto a denial of service. (Ubuntu 8.10 was not affected.)\n(CVE-2007-5901, CVE-2007-5971)\n\nIt was discovered that Kerberos did not correctly free memory in the\nGSSAPI and kdb libraries. If a remote attacker were able to manipulate\nan application using these libraries carefully, the service could\ncrash, leading to a denial of service. (Only Ubuntu 8.04 LTS was\naffected.) (CVE-2007-5902, CVE-2007-5972).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2013-03-09T00:00:00", "id": "UBUNTU_USN-924-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65123", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : krb5 vulnerabilities (USN-924-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-924-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65123);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\", \"CVE-2010-0629\");\n script_bugtraq_id(26750);\n script_xref(name:\"USN\", value:\"924-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : krb5 vulnerabilities (USN-924-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sol Jerome discovered that the Kerberos kadmind service did not\ncorrectly free memory. An unauthenticated remote attacker could send\nspecially crafted traffic to crash the kadmind process, leading to a\ndenial of service. (CVE-2010-0629)\n\nIt was discovered that Kerberos did not correctly free memory in the\nGSSAPI library. If a remote attacker were able to manipulate an\napplication using GSSAPI carefully, the service could crash, leading\nto a denial of service. (Ubuntu 8.10 was not affected.)\n(CVE-2007-5901, CVE-2007-5971)\n\nIt was discovered that Kerberos did not correctly free memory in the\nGSSAPI and kdb libraries. If a remote attacker were able to manipulate\nan application using these libraries carefully, the service could\ncrash, leading to a denial of service. (Only Ubuntu 8.04 LTS was\naffected.) (CVE-2007-5902, CVE-2007-5972).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/924-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.3~beta1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.4~beta1-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-clients\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-doc\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-kdc\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"krb5-user\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkadm55\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb5-dbg\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkrb53\", pkgver:\"1.6.dfsg.4~beta1-5ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-clients / krb5-doc / krb5-ftpd / krb5-kdc / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:12", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200803-31\n(MIT Kerberos 5: Multiple vulnerabilities)\n\n Two vulnerabilities were found in the Kerberos 4 support in\n KDC: A global variable is not set for some incoming message types,\n leading to a NULL pointer dereference or a double free()\n (CVE-2008-0062) and unused portions of a buffer are not properly\n cleared when generating an error message, which results in stack\n content being contained in a reply (CVE-2008-0063).\n Jeff\n Altman (Secure Endpoints) discovered a buffer overflow in the RPC\n library server code, used in the kadmin server, caused when too many\n file descriptors are opened (CVE-2008-0947).\n Venustech AD-LAB\n discovered multiple vulnerabilities in the GSSAPI library: usage of a\n freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and\n a double free() vulnerability in the gss_krb5int_make_seal_token_v3()\n function (CVE-2007-5971).\nImpact :\n\n The first two vulnerabilities can be exploited by a remote\n unauthenticated attacker to execute arbitrary code on the host running\n krb5kdc, compromise the Kerberos key database or cause a Denial of\n Service. These bugs can only be triggered when Kerberos 4 support is\n enabled.\n The RPC related vulnerability can be exploited by a remote\n unauthenticated attacker to crash kadmind, and theoretically execute\n arbitrary code with root privileges or cause database corruption. This\n bug can only be triggered in configurations that allow large numbers of\n open file descriptors in a process.\n The GSSAPI vulnerabilities could be exploited by a remote attacker to\n cause Denial of Service conditions or possibly execute arbitrary code.\nWorkaround :\n\n Kerberos 4 support can be disabled via disabling the 'krb4' USE flag\n and recompiling the ebuild, or setting 'v4_mode=none' in the\n [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around\n the KDC related vulnerabilities.", "modified": "2018-08-10T00:00:00", "published": "2008-03-26T00:00:00", "id": "GENTOO_GLSA-200803-31.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31671", "title": "GLSA-200803-31 : MIT Kerberos 5: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-31.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31671);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2007-5894\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_xref(name:\"GLSA\", value:\"200803-31\");\n\n script_name(english:\"GLSA-200803-31 : MIT Kerberos 5: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-31\n(MIT Kerberos 5: Multiple vulnerabilities)\n\n Two vulnerabilities were found in the Kerberos 4 support in\n KDC: A global variable is not set for some incoming message types,\n leading to a NULL pointer dereference or a double free()\n (CVE-2008-0062) and unused portions of a buffer are not properly\n cleared when generating an error message, which results in stack\n content being contained in a reply (CVE-2008-0063).\n Jeff\n Altman (Secure Endpoints) discovered a buffer overflow in the RPC\n library server code, used in the kadmin server, caused when too many\n file descriptors are opened (CVE-2008-0947).\n Venustech AD-LAB\n discovered multiple vulnerabilities in the GSSAPI library: usage of a\n freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and\n a double free() vulnerability in the gss_krb5int_make_seal_token_v3()\n function (CVE-2007-5971).\n \nImpact :\n\n The first two vulnerabilities can be exploited by a remote\n unauthenticated attacker to execute arbitrary code on the host running\n krb5kdc, compromise the Kerberos key database or cause a Denial of\n Service. These bugs can only be triggered when Kerberos 4 support is\n enabled.\n The RPC related vulnerability can be exploited by a remote\n unauthenticated attacker to crash kadmind, and theoretically execute\n arbitrary code with root privileges or cause database corruption. This\n bug can only be triggered in configurations that allow large numbers of\n open file descriptors in a process.\n The GSSAPI vulnerabilities could be exploited by a remote attacker to\n cause Denial of Service conditions or possibly execute arbitrary code.\n \nWorkaround :\n\n Kerberos 4 support can be disabled via disabling the 'krb4' USE flag\n and recompiling the ebuild, or setting 'v4_mode=none' in the\n [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around\n the KDC related vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-31\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MIT Kerberos 5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.6.3-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mit-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/mit-krb5\", unaffected:make_list(\"ge 1.6.3-r1\"), vulnerable:make_list(\"lt 1.6.3-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MIT Kerberos 5\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:11", "bulletinFamily": "scanner", "description": "Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nRed Hat would like to thank MIT for reporting these issues.\n\nA double-free flaw was discovered in the GSSAPI library used by MIT\nKerberos. This flaw could possibly cause a crash of the application\nusing the GSSAPI library. (CVE-2007-5971)\n\nAll krb5 users are advised to update to these erratum packages which\ncontain backported fixes to correct these issues.", "modified": "2018-11-27T00:00:00", "published": "2008-03-19T00:00:00", "id": "REDHAT-RHSA-2008-0180.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31617", "title": "RHEL 4 : krb5 (RHSA-2008:0180)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0180. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31617);\n script_version (\"1.28\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\");\n script_bugtraq_id(26750, 28303);\n script_xref(name:\"RHSA\", value:\"2008:0180\");\n\n script_name(english:\"RHEL 4 : krb5 (RHSA-2008:0180)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nRed Hat would like to thank MIT for reporting these issues.\n\nA double-free flaw was discovered in the GSSAPI library used by MIT\nKerberos. This flaw could possibly cause a crash of the application\nusing the GSSAPI library. (CVE-2007-5971)\n\nAll krb5 users are advised to update to these erratum packages which\ncontain backported fixes to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0180\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0180\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-devel-1.3.4-54.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-libs-1.3.4-54.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-server-1.3.4-54.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-workstation-1.3.4-54.el4_6.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:12", "bulletinFamily": "scanner", "description": "Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nRed Hat would like to thank MIT for reporting these issues.\n\nA double-free flaw was discovered in the GSSAPI library used by MIT\nKerberos. This flaw could possibly cause a crash of the application\nusing the GSSAPI library. (CVE-2007-5971)\n\nAll krb5 users are advised to update to these erratum packages which\ncontain backported fixes to correct these issues.", "modified": "2018-11-10T00:00:00", "published": "2008-03-21T00:00:00", "id": "CENTOS_RHSA-2008-0180.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31627", "title": "CentOS 4 : krb5 (CESA-2008:0180)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0180 and \n# CentOS Errata and Security Advisory 2008:0180 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31627);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\");\n script_bugtraq_id(26750, 28303);\n script_xref(name:\"RHSA\", value:\"2008:0180\");\n\n script_name(english:\"CentOS 4 : krb5 (CESA-2008:0180)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nRed Hat would like to thank MIT for reporting these issues.\n\nA double-free flaw was discovered in the GSSAPI library used by MIT\nKerberos. This flaw could possibly cause a crash of the application\nusing the GSSAPI library. (CVE-2007-5971)\n\nAll krb5 users are advised to update to these erratum packages which\ncontain backported fixes to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014768.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e25e9b2d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014769.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c62e5686\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014774.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?001dd4ab\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-devel-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"krb5-devel-1.3.4-54.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-devel-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-libs-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"krb5-libs-1.3.4-54.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-libs-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-server-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"krb5-server-1.3.4-54.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-server-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"krb5-workstation-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"krb5-workstation-1.3.4-54.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"krb5-workstation-1.3.4-54.el4_6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:28", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0180 :\n\nUpdated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nRed Hat would like to thank MIT for reporting these issues.\n\nA double-free flaw was discovered in the GSSAPI library used by MIT\nKerberos. This flaw could possibly cause a crash of the application\nusing the GSSAPI library. (CVE-2007-5971)\n\nAll krb5 users are advised to update to these erratum packages which\ncontain backported fixes to correct these issues.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2008-0180.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67668", "title": "Oracle Linux 4 : krb5 (ELSA-2008-0180)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0180 and \n# Oracle Linux Security Advisory ELSA-2008-0180 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67668);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\");\n script_bugtraq_id(26750, 28303);\n script_xref(name:\"RHSA\", value:\"2008:0180\");\n\n script_name(english:\"Oracle Linux 4 : krb5 (ELSA-2008-0180)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0180 :\n\nUpdated krb5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nRed Hat would like to thank MIT for reporting these issues.\n\nA double-free flaw was discovered in the GSSAPI library used by MIT\nKerberos. This flaw could possibly cause a crash of the application\nusing the GSSAPI library. (CVE-2007-5971)\n\nAll krb5 users are advised to update to these erratum packages which\ncontain backported fixes to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000544.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"krb5-devel-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"krb5-devel-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"krb5-libs-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"krb5-libs-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"krb5-server-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"krb5-server-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"krb5-workstation-1.3.4-54.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"krb5-workstation-1.3.4-54.el4_6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:10", "bulletinFamily": "scanner", "description": "A memory management flaw was found in the GSSAPI library used by\nKerberos that could result in an attempt to free already freed memory,\npossibly leading to a crash or allowing the execution of arbitrary\ncode (CVE-2007-5971).\n\nA flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly %execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests (CVE-2008-0062, CVE-2008-0063).\n\nThis issue only affects krb5kdc when it has Kerberos v4 protocol\ncompatibility enabled, which is a compiled-in default in all Kerberos\nversions that Mandriva Linux ships prior to Mandriva Linux 2008.0.\nKerberos v4 protocol support can be disabled by adding v4_mode=none\n(without quotes) to the [kdcdefaults] section of\n/etc/kerberos/krb5kdc/kdc.conf.\n\nA flaw in the RPC library as used in Kerberos' kadmind was discovered\nby Jeff Altman of Secure Endpoints. An unauthenticated remote attacker\ncould use this vulnerability to crash kadmind or possibly execute\narbitrary code in systems with certain resource limits configured;\nthis does not affect the default resource limits used by Mandriva\nLinux (CVE-2008-0947).\n\nThe updated packages have been patched to correct these issues.", "modified": "2018-07-19T00:00:00", "published": "2009-04-23T00:00:00", "id": "MANDRIVA_MDVSA-2008-070.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37527", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2008:070)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:070. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37527);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_xref(name:\"MDVSA\", value:\"2008:070\");\n\n script_name(english:\"Mandriva Linux Security Advisory : krb5 (MDVSA-2008:070)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory management flaw was found in the GSSAPI library used by\nKerberos that could result in an attempt to free already freed memory,\npossibly leading to a crash or allowing the execution of arbitrary\ncode (CVE-2007-5971).\n\nA flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly %execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests (CVE-2008-0062, CVE-2008-0063).\n\nThis issue only affects krb5kdc when it has Kerberos v4 protocol\ncompatibility enabled, which is a compiled-in default in all Kerberos\nversions that Mandriva Linux ships prior to Mandriva Linux 2008.0.\nKerberos v4 protocol support can be disabled by adding v4_mode=none\n(without quotes) to the [kdcdefaults] section of\n/etc/kerberos/krb5kdc/kdc.conf.\n\nA flaw in the RPC library as used in Kerberos' kadmind was discovered\nby Jeff Altman of Secure Endpoints. An unauthenticated remote attacker\ncould use this vulnerability to crash kadmind or possibly execute\narbitrary code in systems with certain resource limits configured;\nthis does not affect the default resource limits used by Mandriva\nLinux (CVE-2008-0947).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"ftp-client-krb5-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"ftp-server-krb5-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"krb5-server-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"krb5-workstation-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libkrb53-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"telnet-client-krb5-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"telnet-server-krb5-1.4.3-7.4mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:28", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0164 :\n\nUpdated krb5 packages that resolve several issues and fix multiple\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library\nas used by MIT Kerberos kadmind server. An unauthenticated remote\nattacker could use this flaw to crash kadmind or possibly execute\narbitrary code. This issue only affected systems with certain resource\nlimits configured and did not affect systems using default resource\nlimits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nMultiple memory management flaws were discovered in the GSSAPI library\nused by MIT Kerberos. These flaws could possibly result in use of\nalready freed memory or an attempt to free already freed memory blocks\n(double-free flaw), possibly causing a crash or arbitrary code\nexecution. (CVE-2007-5901, CVE-2007-5971)\n\nIn addition to the security issues resolved above, the following bugs\nwere also fixed :\n\n* delegated krb5 credentials were not properly stored when SPNEGO was\nthe underlying mechanism during GSSAPI authentication. Consequently,\napplications attempting to copy delegated Kerberos 5 credentials into\na credential cache received an 'Invalid credential was supplied'\nmessage rather than a copy of the delegated credentials. With this\nupdate, SPNEGO credentials can be properly searched, allowing\napplications to copy delegated credentials as expected.\n\n* applications can initiate context acceptance (via\ngss_accept_sec_context) without passing a ret_flags value that would\nindicate that credentials were delegated. A delegated credential\nhandle should have been returned in such instances. This updated\npackage adds a temp_ret_flag that stores the credential status in the\nevent no other ret_flags value is passed by an application calling\ngss_accept_sec_context.\n\n* kpasswd did not fallback to TCP on receipt of certain errors, or\nwhen a packet was too big for UDP. This update corrects this.\n\n* when the libkrb5 password-routine generated a set-password or\nchange-password request, incorrect sequence numbers were generated for\nall requests subsequent to the first request. This caused password\nchange requests to fail if the primary server was unavailable. This\nupdated package corrects this by saving the sequence number value\nafter the AP-REQ data is built and restoring this value before the\nrequest is generated.\n\n* when a user's password expired, kinit would not prompt that user to\nchange the password, instead simply informing the user their password\nhad expired. This update corrects this behavior: kinit now prompts for\na new password to be set when a password has expired.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported fixes to address these vulnerabilities and fix\nthese bugs.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2008-0164.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67664", "title": "Oracle Linux 5 : krb5 (ELSA-2008-0164)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0164 and \n# Oracle Linux Security Advisory ELSA-2008-0164 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67664);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_bugtraq_id(26750, 28302, 28303);\n script_xref(name:\"RHSA\", value:\"2008:0164\");\n\n script_name(english:\"Oracle Linux 5 : krb5 (ELSA-2008-0164)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0164 :\n\nUpdated krb5 packages that resolve several issues and fix multiple\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the way the MIT Kerberos Authentication Service\nand Key Distribution Center server (krb5kdc) handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests. (CVE-2008-0062, CVE-2008-0063)\n\nThis issue only affected krb5kdc with Kerberos v4 protocol\ncompatibility enabled, which is the default setting on Red Hat\nEnterprise Linux 4. Kerberos v4 protocol support can be disabled by\nadding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]'\nsection of /var/kerberos/krb5kdc/kdc.conf.\n\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library\nas used by MIT Kerberos kadmind server. An unauthenticated remote\nattacker could use this flaw to crash kadmind or possibly execute\narbitrary code. This issue only affected systems with certain resource\nlimits configured and did not affect systems using default resource\nlimits used by Red Hat Enterprise Linux 5. (CVE-2008-0947)\n\nRed Hat would like to thank MIT for reporting these issues.\n\nMultiple memory management flaws were discovered in the GSSAPI library\nused by MIT Kerberos. These flaws could possibly result in use of\nalready freed memory or an attempt to free already freed memory blocks\n(double-free flaw), possibly causing a crash or arbitrary code\nexecution. (CVE-2007-5901, CVE-2007-5971)\n\nIn addition to the security issues resolved above, the following bugs\nwere also fixed :\n\n* delegated krb5 credentials were not properly stored when SPNEGO was\nthe underlying mechanism during GSSAPI authentication. Consequently,\napplications attempting to copy delegated Kerberos 5 credentials into\na credential cache received an 'Invalid credential was supplied'\nmessage rather than a copy of the delegated credentials. With this\nupdate, SPNEGO credentials can be properly searched, allowing\napplications to copy delegated credentials as expected.\n\n* applications can initiate context acceptance (via\ngss_accept_sec_context) without passing a ret_flags value that would\nindicate that credentials were delegated. A delegated credential\nhandle should have been returned in such instances. This updated\npackage adds a temp_ret_flag that stores the credential status in the\nevent no other ret_flags value is passed by an application calling\ngss_accept_sec_context.\n\n* kpasswd did not fallback to TCP on receipt of certain errors, or\nwhen a packet was too big for UDP. This update corrects this.\n\n* when the libkrb5 password-routine generated a set-password or\nchange-password request, incorrect sequence numbers were generated for\nall requests subsequent to the first request. This caused password\nchange requests to fail if the primary server was unavailable. This\nupdated package corrects this by saving the sequence number value\nafter the AP-REQ data is built and restoring this value before the\nrequest is generated.\n\n* when a user's password expired, kinit would not prompt that user to\nchange the password, instead simply informing the user their password\nhad expired. This update corrects this behavior: kinit now prompts for\na new password to be set when a password has expired.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported fixes to address these vulnerabilities and fix\nthese bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000547.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"krb5-devel-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-libs-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-server-1.6.1-17.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-workstation-1.6.1-17.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:14", "bulletinFamily": "scanner", "description": "Multiple memory management flaws were found in the GSSAPI library used\nby Kerberos that could result in the use of already freed memory or an\nattempt to free already freed memory, possibly leading to a crash or\nallowing the execution of arbitrary code (CVE-2007-5901,\nCVE-2007-5971).\n\nA flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly %execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests (CVE-2008-0062, CVE-2008-0063).\n\nThis issue only affects krb5kdc when it has Kerberos v4 protocol\ncompatibility enabled, which is a compiled-in default in all Kerberos\nversions that Mandriva Linux ships prior to Mandriva Linux 2008.0.\nKerberos v4 protocol support can be disabled by adding v4_mode=none\n(without quotes) to the [kdcdefaults] section of\n/etc/kerberos/krb5kdc/kdc.conf.\n\nA flaw in the RPC library as used in Kerberos' kadmind was discovered\nby Jeff Altman of Secure Endpoints. An unauthenticated remote attacker\ncould use this vulnerability to crash kadmind or possibly execute\narbitrary code in systems with certain resource limits configured;\nthis does not affect the default resource limits used by Mandriva\nLinux (CVE-2008-0947).\n\nThe updated packages have been patched to correct these issues.", "modified": "2018-07-19T00:00:00", "published": "2009-04-23T00:00:00", "id": "MANDRIVA_MDVSA-2008-069.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38056", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2008:069)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:069. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38056);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_xref(name:\"MDVSA\", value:\"2008:069\");\n\n script_name(english:\"Mandriva Linux Security Advisory : krb5 (MDVSA-2008:069)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple memory management flaws were found in the GSSAPI library used\nby Kerberos that could result in the use of already freed memory or an\nattempt to free already freed memory, possibly leading to a crash or\nallowing the execution of arbitrary code (CVE-2007-5901,\nCVE-2007-5971).\n\nA flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4\nprotocol packets. An unauthenticated remote attacker could use this\nflaw to crash the krb5kdc daemon, disclose portions of its memory, or\npossibly %execute arbitrary code using malformed or truncated Kerberos\nv4 protocol requests (CVE-2008-0062, CVE-2008-0063).\n\nThis issue only affects krb5kdc when it has Kerberos v4 protocol\ncompatibility enabled, which is a compiled-in default in all Kerberos\nversions that Mandriva Linux ships prior to Mandriva Linux 2008.0.\nKerberos v4 protocol support can be disabled by adding v4_mode=none\n(without quotes) to the [kdcdefaults] section of\n/etc/kerberos/krb5kdc/kdc.conf.\n\nA flaw in the RPC library as used in Kerberos' kadmind was discovered\nby Jeff Altman of Secure Endpoints. An unauthenticated remote attacker\ncould use this vulnerability to crash kadmind or possibly execute\narbitrary code in systems with certain resource limits configured;\nthis does not affect the default resource limits used by Mandriva\nLinux (CVE-2008-0947).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"ftp-client-krb5-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"ftp-server-krb5-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"krb5-server-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"krb5-workstation-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64krb53-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libkrb53-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libkrb53-devel-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"telnet-client-krb5-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"telnet-server-krb5-1.5.2-6.6mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"ftp-client-krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ftp-server-krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-server-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"krb5-workstation-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkrb53-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"telnet-client-krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"telnet-server-krb5-1.6.2-7.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-10-16T10:51:38", "bulletinFamily": "NVD", "description": "Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.", "modified": "2018-10-15T17:48:40", "published": "2007-12-05T21:46:00", "id": "CVE-2007-5971", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5971", "title": "CVE-2007-5971", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T10:51:38", "bulletinFamily": "NVD", "description": "** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating \" The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.\"", "modified": "2018-10-15T17:46:52", "published": "2007-12-05T21:46:00", "id": "CVE-2007-5894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5894", "title": "CVE-2007-5894", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T10:51:38", "bulletinFamily": "NVD", "description": "Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.", "modified": "2018-10-15T17:47:03", "published": "2007-12-05T21:46:00", "id": "CVE-2007-5902", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5902", "title": "CVE-2007-5902", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T09:45:53", "bulletinFamily": "NVD", "description": "Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.", "modified": "2010-05-27T01:19:15", "published": "2007-12-05T21:46:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5972", "id": "CVE-2007-5972", "title": "CVE-2007-5972", "type": "cve", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-01-26T11:05:42", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-924-1", "modified": "2018-01-25T00:00:00", "published": "2010-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840414", "id": "OPENVAS:1361412562310840414", "title": "Ubuntu Update for krb5 vulnerabilities USN-924-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_924_1.nasl 8528 2018-01-25 07:57:36Z teissa $\n#\n# Ubuntu Update for krb5 vulnerabilities USN-924-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sol Jerome discovered that the Kerberos kadmind service did not correctly\n free memory. An unauthenticated remote attacker could send specially\n crafted traffic to crash the kadmind process, leading to a denial of\n service. (CVE-2010-0629)\n\n It was discovered that Kerberos did not correctly free memory in\n the GSSAPI library. If a remote attacker were able to manipulate an\n application using GSSAPI carefully, the service could crash, leading to\n a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901,\n CVE-2007-5971)\n \n It was discovered that Kerberos did not correctly free memory in the\n GSSAPI and kdb libraries. If a remote attacker were able to manipulate\n an application using these libraries carefully, the service could crash,\n leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.)\n (CVE-2007-5902, CVE-2007-5972)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-924-1\";\ntag_affected = \"krb5 vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-924-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840414\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"924-1\");\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\", \"CVE-2010-0629\");\n script_name(\"Ubuntu Update for krb5 vulnerabilities USN-924-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:47", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-940-1", "modified": "2017-12-29T00:00:00", "published": "2010-05-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840433", "id": "OPENVAS:1361412562310840433", "title": "Ubuntu Update for krb5 vulnerabilities USN-940-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_940_1.nasl 8258 2017-12-29 07:28:57Z teissa $\n#\n# Ubuntu Update for krb5 vulnerabilities USN-940-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Kerberos did not correctly free memory in the\n GSSAPI and kdb libraries. If a remote attacker were able to manipulate\n an application using these libraries carefully, the service could\n crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was\n affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)\n\n Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos\n did not correctly verify certain packet structures. An unauthenticated\n remote attacker could send specially crafted traffic to cause the KDC or\n kadmind services to crash, leading to a denial of service. (CVE-2010-1320,\n CVE-2010-1321)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-940-1\";\ntag_affected = \"krb5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-940-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840433\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"940-1\");\n script_cve_id(\"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\", \"CVE-2010-1320\", \"CVE-2010-1321\");\n script_name(\"Ubuntu Update for krb5 vulnerabilities USN-940-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt6\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5srv6\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-4\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:56", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-924-1", "modified": "2017-12-01T00:00:00", "published": "2010-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840414", "id": "OPENVAS:840414", "title": "Ubuntu Update for krb5 vulnerabilities USN-924-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_924_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for krb5 vulnerabilities USN-924-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sol Jerome discovered that the Kerberos kadmind service did not correctly\n free memory. An unauthenticated remote attacker could send specially\n crafted traffic to crash the kadmind process, leading to a denial of\n service. (CVE-2010-0629)\n\n It was discovered that Kerberos did not correctly free memory in\n the GSSAPI library. If a remote attacker were able to manipulate an\n application using GSSAPI carefully, the service could crash, leading to\n a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901,\n CVE-2007-5971)\n \n It was discovered that Kerberos did not correctly free memory in the\n GSSAPI and kdb libraries. If a remote attacker were able to manipulate\n an application using these libraries carefully, the service could crash,\n leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.)\n (CVE-2007-5902, CVE-2007-5972)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-924-1\";\ntag_affected = \"krb5 vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-924-1/\");\n script_id(840414);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"924-1\");\n script_cve_id(\"CVE-2007-5901\", \"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\", \"CVE-2010-0629\");\n script_name(\"Ubuntu Update for krb5 vulnerabilities USN-924-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-3ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:18:13", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-940-1", "modified": "2017-12-01T00:00:00", "published": "2010-05-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840433", "id": "OPENVAS:840433", "title": "Ubuntu Update for krb5 vulnerabilities USN-940-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_940_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for krb5 vulnerabilities USN-940-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Kerberos did not correctly free memory in the\n GSSAPI and kdb libraries. If a remote attacker were able to manipulate\n an application using these libraries carefully, the service could\n crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was\n affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)\n\n Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos\n did not correctly verify certain packet structures. An unauthenticated\n remote attacker could send specially crafted traffic to cause the KDC or\n kadmind services to crash, leading to a denial of service. (CVE-2010-1320,\n CVE-2010-1321)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-940-1\";\ntag_affected = \"krb5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-940-1/\");\n script_id(840433);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"940-1\");\n script_cve_id(\"CVE-2007-5902\", \"CVE-2007-5971\", \"CVE-2007-5972\", \"CVE-2010-1320\", \"CVE-2010-1321\");\n script_name(\"Ubuntu Update for krb5 vulnerabilities USN-940-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt6\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5srv6\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-4\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.7dfsg~beta3-1ubuntu0.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.4.3-5ubuntu0.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.4~beta1-5ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.6.dfsg.3~beta1-2ubuntu1.5\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-30T10:46:23", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200803-31.", "modified": "2017-10-26T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60623", "id": "OPENVAS:60623", "title": "Gentoo Security Advisory GLSA 200803-31 (mit-krb5)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in MIT Kerberos 5, which could\nallow a remote unauthenticated user to execute arbitrary code with root\nprivileges.\";\ntag_solution = \"All MIT Kerberos 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.6.3-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200803-31\nhttp://bugs.gentoo.org/show_bug.cgi?id=199205\nhttp://bugs.gentoo.org/show_bug.cgi?id=212363\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200803-31.\";\n\n \n\nif(description)\n{\n script_id(60623);\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-5894\", \"CVE-2007-5901\", \"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200803-31 (mit-krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/mit-krb5\", unaffected: make_list(\"ge 1.6.3-r1\"), vulnerable: make_list(\"lt 1.6.3-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:17", "bulletinFamily": "scanner", "description": "Check for the Version of krb5-devel", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880050", "id": "OPENVAS:1361412562310880050", "type": "openvas", "title": "CentOS Update for krb5-devel CESA-2008:0180 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2008:0180 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other through use of symmetric encryption\n and a trusted third party, the KDC.\n\n A flaw was found in the way the MIT Kerberos Authentication Service and Key\n Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\n An unauthenticated remote attacker could use this flaw to crash the\n krb5kdc daemon, disclose portions of its memory, or possibly execute\n arbitrary code using malformed or truncated Kerberos v4 protocol\n requests. (CVE-2008-0062, CVE-2008-0063)\n \n This issue only affected krb5kdc with Kerberos v4 protocol compatibility\n enabled, which is the default setting on Red Hat Enterprise Linux 4.\n Kerberos v4 protocol support can be disabled by adding "v4_mode=none"\n (without the quotes) to the "[kdcdefaults]" section of\n /var/kerberos/krb5kdc/kdc.conf.\n \n Red Hat would like to thank MIT for reporting these issues.\n \n A double-free flaw was discovered in the GSSAPI library used by MIT\n Kerberos. This flaw could possibly cause a crash of the application using\n the GSSAPI library. (CVE-2007-5971)\n \n All krb5 users are advised to update to these erratum packages which\n contain backported fixes to correct these issues.\";\n\ntag_affected = \"krb5-devel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014768.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880050\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0180\");\n script_cve_id(\"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\");\n script_name( \"CentOS Update for krb5-devel CESA-2008:0180 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:40", "bulletinFamily": "scanner", "description": "Check for the Version of krb5-devel", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880050", "id": "OPENVAS:880050", "title": "CentOS Update for krb5-devel CESA-2008:0180 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2008:0180 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other through use of symmetric encryption\n and a trusted third party, the KDC.\n\n A flaw was found in the way the MIT Kerberos Authentication Service and Key\n Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\n An unauthenticated remote attacker could use this flaw to crash the\n krb5kdc daemon, disclose portions of its memory, or possibly execute\n arbitrary code using malformed or truncated Kerberos v4 protocol\n requests. (CVE-2008-0062, CVE-2008-0063)\n \n This issue only affected krb5kdc with Kerberos v4 protocol compatibility\n enabled, which is the default setting on Red Hat Enterprise Linux 4.\n Kerberos v4 protocol support can be disabled by adding "v4_mode=none"\n (without the quotes) to the "[kdcdefaults]" section of\n /var/kerberos/krb5kdc/kdc.conf.\n \n Red Hat would like to thank MIT for reporting these issues.\n \n A double-free flaw was discovered in the GSSAPI library used by MIT\n Kerberos. This flaw could possibly cause a crash of the application using\n the GSSAPI library. (CVE-2007-5971)\n \n All krb5 users are advised to update to these erratum packages which\n contain backported fixes to correct these issues.\";\n\ntag_affected = \"krb5-devel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014768.html\");\n script_id(880050);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0180\");\n script_cve_id(\"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\");\n script_name( \"CentOS Update for krb5-devel CESA-2008:0180 centos4 i386\");\n\n script_summary(\"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:07", "bulletinFamily": "scanner", "description": "Check for the Version of krb5-devel", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880310", "id": "OPENVAS:880310", "title": "CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other through use of symmetric encryption\n and a trusted third party, the KDC.\n\n A flaw was found in the way the MIT Kerberos Authentication Service and Key\n Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\n An unauthenticated remote attacker could use this flaw to crash the\n krb5kdc daemon, disclose portions of its memory, or possibly execute\n arbitrary code using malformed or truncated Kerberos v4 protocol\n requests. (CVE-2008-0062, CVE-2008-0063)\n \n This issue only affected krb5kdc with Kerberos v4 protocol compatibility\n enabled, which is the default setting on Red Hat Enterprise Linux 4.\n Kerberos v4 protocol support can be disabled by adding "v4_mode=none"\n (without the quotes) to the "[kdcdefaults]" section of\n /var/kerberos/krb5kdc/kdc.conf.\n \n Red Hat would like to thank MIT for reporting these issues.\n \n A double-free flaw was discovered in the GSSAPI library used by MIT\n Kerberos. This flaw could possibly cause a crash of the application using\n the GSSAPI library. (CVE-2007-5971)\n \n All krb5 users are advised to update to these erratum packages which\n contain backported fixes to correct these issues.\";\n\ntag_affected = \"krb5-devel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014769.html\");\n script_id(880310);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0180\");\n script_cve_id(\"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\");\n script_name( \"CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64\");\n\n script_summary(\"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:46", "bulletinFamily": "scanner", "description": "Check for the Version of krb5-devel", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880310", "id": "OPENVAS:1361412562310880310", "title": "CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other through use of symmetric encryption\n and a trusted third party, the KDC.\n\n A flaw was found in the way the MIT Kerberos Authentication Service and Key\n Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\n An unauthenticated remote attacker could use this flaw to crash the\n krb5kdc daemon, disclose portions of its memory, or possibly execute\n arbitrary code using malformed or truncated Kerberos v4 protocol\n requests. (CVE-2008-0062, CVE-2008-0063)\n \n This issue only affected krb5kdc with Kerberos v4 protocol compatibility\n enabled, which is the default setting on Red Hat Enterprise Linux 4.\n Kerberos v4 protocol support can be disabled by adding "v4_mode=none"\n (without the quotes) to the "[kdcdefaults]" section of\n /var/kerberos/krb5kdc/kdc.conf.\n \n Red Hat would like to thank MIT for reporting these issues.\n \n A double-free flaw was discovered in the GSSAPI library used by MIT\n Kerberos. This flaw could possibly cause a crash of the application using\n the GSSAPI library. (CVE-2007-5971)\n \n All krb5 users are advised to update to these erratum packages which\n contain backported fixes to correct these issues.\";\n\ntag_affected = \"krb5-devel on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014769.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880310\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0180\");\n script_cve_id(\"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\");\n script_name( \"CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5-devel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.3.4~54.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:35", "bulletinFamily": "scanner", "description": "Check for the Version of krb5", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870009", "id": "OPENVAS:1361412562310870009", "type": "openvas", "title": "RedHat Update for krb5 RHSA-2008:0180-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for krb5 RHSA-2008:0180-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kerberos is a network authentication system which allows clients and\n servers to authenticate to each other through use of symmetric encryption\n and a trusted third party, the KDC.\n\n A flaw was found in the way the MIT Kerberos Authentication Service and Key\n Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\n An unauthenticated remote attacker could use this flaw to crash the\n krb5kdc daemon, disclose portions of its memory, or possibly execute\n arbitrary code using malformed or truncated Kerberos v4 protocol\n requests. (CVE-2008-0062, CVE-2008-0063)\n \n This issue only affected krb5kdc with Kerberos v4 protocol compatibility\n enabled, which is the default setting on Red Hat Enterprise Linux 4.\n Kerberos v4 protocol support can be disabled by adding "v4_mode=none"\n (without the quotes) to the "[kdcdefaults]" section of\n /var/kerberos/krb5kdc/kdc.conf.\n \n Red Hat would like to thank MIT for reporting these issues.\n \n A double-free flaw was discovered in the GSSAPI library used by MIT\n Kerberos. This flaw could possibly cause a crash of the application using\n the GSSAPI library. (CVE-2007-5971)\n \n All krb5 users are advised to update to these erratum packages which\n contain backported fixes to correct these issues.\";\n\ntag_affected = \"krb5 on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00010.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870009\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0180-01\");\n script_cve_id(\"CVE-2007-5971\", \"CVE-2008-0062\", \"CVE-2008-0063\");\n script_name( \"RedHat Update for krb5 RHSA-2008:0180-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.3.4~54.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.3.4~54.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.3.4~54.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.3.4~54.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.3.4~54.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:08", "bulletinFamily": "unix", "description": "Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. (CVE-2010-0629)\n\nIt was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, CVE-2007-5971)\n\nIt was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.) (CVE-2007-5902, CVE-2007-5972)", "modified": "2010-04-07T00:00:00", "published": "2010-04-07T00:00:00", "id": "USN-924-1", "href": "https://usn.ubuntu.com/924-1/", "title": "Kerberos vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:45", "bulletinFamily": "unix", "description": "It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)\n\nJoel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. (CVE-2010-1320, CVE-2010-1321)", "modified": "2010-05-19T00:00:00", "published": "2010-05-19T00:00:00", "id": "USN-940-1", "href": "https://usn.ubuntu.com/940-1/", "title": "Kerberos vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:05", "bulletinFamily": "unix", "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. \n\n### Description\n\n * Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063).\n * Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947).\n * Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971).\n\n### Impact\n\nThe first two vulnerabilities can be exploited by a remote unauthenticated attacker to execute arbitrary code on the host running krb5kdc, compromise the Kerberos key database or cause a Denial of Service. These bugs can only be triggered when Kerberos 4 support is enabled. \n\nThe RPC related vulnerability can be exploited by a remote unauthenticated attacker to crash kadmind, and theoretically execute arbitrary code with root privileges or cause database corruption. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. \n\nThe GSSAPI vulnerabilities could be exploited by a remote attacker to cause Denial of Service conditions or possibly execute arbitrary code. \n\n### Workaround\n\nKerberos 4 support can be disabled via disabling the \"krb4\" USE flag and recompiling the ebuild, or setting \"v4_mode=none\" in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities. \n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.6.3-r1\"", "modified": "2008-03-24T00:00:00", "published": "2008-03-24T00:00:00", "id": "GLSA-200803-31", "href": "https://security.gentoo.org/glsa/200803-31", "type": "gentoo", "title": "MIT Kerberos 5: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:46:11", "bulletinFamily": "unix", "description": "Kerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\r\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\r\nAn unauthenticated remote attacker could use this flaw to crash the\r\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\r\narbitrary code using malformed or truncated Kerberos v4 protocol\r\nrequests. (CVE-2008-0062, CVE-2008-0063)\r\n\r\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\r\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\r\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\r\n(without the quotes) to the \"[kdcdefaults]\" section of\r\n/var/kerberos/krb5kdc/kdc.conf.\r\n\r\nRed Hat would like to thank MIT for reporting these issues.\r\n\r\nA double-free flaw was discovered in the GSSAPI library used by MIT\r\nKerberos. This flaw could possibly cause a crash of the application using\r\nthe GSSAPI library. (CVE-2007-5971)\r\n\r\nAll krb5 users are advised to update to these erratum packages which\r\ncontain backported fixes to correct these issues.", "modified": "2017-09-08T11:57:01", "published": "2008-03-18T04:00:00", "id": "RHSA-2008:0180", "href": "https://access.redhat.com/errata/RHSA-2008:0180", "type": "redhat", "title": "(RHSA-2008:0180) Critical: krb5 security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:46:08", "bulletinFamily": "unix", "description": "Kerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\r\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\r\nAn unauthenticated remote attacker could use this flaw to crash the\r\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\r\narbitrary code using malformed or truncated Kerberos v4 protocol requests.\r\n(CVE-2008-0062, CVE-2008-0063)\r\n\r\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\r\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\r\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\r\n(without the quotes) to the \"[kdcdefaults]\" section of\r\n/var/kerberos/krb5kdc/kdc.conf.\r\n\r\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library as\r\nused by MIT Kerberos kadmind server. An unauthenticated remote attacker\r\ncould use this flaw to crash kadmind or possibly execute arbitrary code.\r\nThis issue only affected systems with certain resource limits configured\r\nand did not affect systems using default resource limits used by Red Hat\r\nEnterprise Linux 5. (CVE-2008-0947)\r\n\r\nRed Hat would like to thank MIT for reporting these issues.\r\n\r\nMultiple memory management flaws were discovered in the GSSAPI library used\r\nby MIT Kerberos. These flaws could possibly result in use of already freed\r\nmemory or an attempt to free already freed memory blocks (double-free\r\nflaw), possibly causing a crash or arbitrary code execution.\r\n(CVE-2007-5901, CVE-2007-5971)\r\n\r\nIn addition to the security issues resolved above, the following bugs were\r\nalso fixed:\r\n\r\n* delegated krb5 credentials were not properly stored when SPNEGO was the\r\nunderlying mechanism during GSSAPI authentication. Consequently,\r\napplications attempting to copy delegated Kerberos 5 credentials into a\r\ncredential cache received an \"Invalid credential was supplied\" message\r\nrather than a copy of the delegated credentials. With this update, SPNEGO\r\ncredentials can be properly searched, allowing applications to copy\r\ndelegated credentials as expected.\r\n\r\n* applications can initiate context acceptance (via gss_accept_sec_context)\r\nwithout passing a ret_flags value that would indicate that credentials were\r\ndelegated. A delegated credential handle should have been returned in such\r\ninstances. This updated package adds a temp_ret_flag that stores the\r\ncredential status in the event no other ret_flags value is passed by an\r\napplication calling gss_accept_sec_context.\r\n\r\n* kpasswd did not fallback to TCP on receipt of certain errors, or when a\r\npacket was too big for UDP. This update corrects this.\r\n\r\n* when the libkrb5 password-routine generated a set-password or\r\nchange-password request, incorrect sequence numbers were generated for all\r\nrequests subsequent to the first request. This caused password change\r\nrequests to fail if the primary server was unavailable. This updated\r\npackage corrects this by saving the sequence number value after the AP-REQ\r\ndata is built and restoring this value before the request is generated.\r\n\r\n* when a user's password expired, kinit would not prompt that user to\r\nchange the password, instead simply informing the user their password had\r\nexpired. This update corrects this behavior: kinit now prompts for a new\r\npassword to be set when a password has expired.\r\n\r\nAll krb5 users are advised to upgrade to these updated packages, which\r\ncontain backported fixes to address these vulnerabilities and fix these\r\nbugs.", "modified": "2017-09-08T11:55:43", "published": "2008-03-18T04:00:00", "id": "RHSA-2008:0164", "href": "https://access.redhat.com/errata/RHSA-2008:0164", "type": "redhat", "title": "(RHSA-2008:0164) Critical: krb5 security and bugfix update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:45:39", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0180\n\n\nKerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\r\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\r\nAn unauthenticated remote attacker could use this flaw to crash the\r\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\r\narbitrary code using malformed or truncated Kerberos v4 protocol\r\nrequests. (CVE-2008-0062, CVE-2008-0063)\r\n\r\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\r\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\r\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\r\n(without the quotes) to the \"[kdcdefaults]\" section of\r\n/var/kerberos/krb5kdc/kdc.conf.\r\n\r\nRed Hat would like to thank MIT for reporting these issues.\r\n\r\nA double-free flaw was discovered in the GSSAPI library used by MIT\r\nKerberos. This flaw could possibly cause a crash of the application using\r\nthe GSSAPI library. (CVE-2007-5971)\r\n\r\nAll krb5 users are advised to update to these erratum packages which\r\ncontain backported fixes to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014768.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014769.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014774.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014777.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0180.html", "modified": "2008-03-21T11:32:08", "published": "2008-03-20T11:48:34", "href": "http://lists.centos.org/pipermail/centos-announce/2008-March/014768.html", "id": "CESA-2008:0180", "title": "krb5 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:46", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0164\n\n\nKerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found in the way the MIT Kerberos Authentication Service and Key\r\nDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.\r\nAn unauthenticated remote attacker could use this flaw to crash the\r\nkrb5kdc daemon, disclose portions of its memory, or possibly execute\r\narbitrary code using malformed or truncated Kerberos v4 protocol requests.\r\n(CVE-2008-0062, CVE-2008-0063)\r\n\r\nThis issue only affected krb5kdc with Kerberos v4 protocol compatibility\r\nenabled, which is the default setting on Red Hat Enterprise Linux 4.\r\nKerberos v4 protocol support can be disabled by adding \"v4_mode=none\"\r\n(without the quotes) to the \"[kdcdefaults]\" section of\r\n/var/kerberos/krb5kdc/kdc.conf.\r\n\r\nJeff Altman of Secure Endpoints discovered a flaw in the RPC library as\r\nused by MIT Kerberos kadmind server. An unauthenticated remote attacker\r\ncould use this flaw to crash kadmind or possibly execute arbitrary code.\r\nThis issue only affected systems with certain resource limits configured\r\nand did not affect systems using default resource limits used by Red Hat\r\nEnterprise Linux 5. (CVE-2008-0947)\r\n\r\nRed Hat would like to thank MIT for reporting these issues.\r\n\r\nMultiple memory management flaws were discovered in the GSSAPI library used\r\nby MIT Kerberos. These flaws could possibly result in use of already freed\r\nmemory or an attempt to free already freed memory blocks (double-free\r\nflaw), possibly causing a crash or arbitrary code execution.\r\n(CVE-2007-5901, CVE-2007-5971)\r\n\r\nIn addition to the security issues resolved above, the following bugs were\r\nalso fixed:\r\n\r\n* delegated krb5 credentials were not properly stored when SPNEGO was the\r\nunderlying mechanism during GSSAPI authentication. Consequently,\r\napplications attempting to copy delegated Kerberos 5 credentials into a\r\ncredential cache received an \"Invalid credential was supplied\" message\r\nrather than a copy of the delegated credentials. With this update, SPNEGO\r\ncredentials can be properly searched, allowing applications to copy\r\ndelegated credentials as expected.\r\n\r\n* applications can initiate context acceptance (via gss_accept_sec_context)\r\nwithout passing a ret_flags value that would indicate that credentials were\r\ndelegated. A delegated credential handle should have been returned in such\r\ninstances. This updated package adds a temp_ret_flag that stores the\r\ncredential status in the event no other ret_flags value is passed by an\r\napplication calling gss_accept_sec_context.\r\n\r\n* kpasswd did not fallback to TCP on receipt of certain errors, or when a\r\npacket was too big for UDP. This update corrects this.\r\n\r\n* when the libkrb5 password-routine generated a set-password or\r\nchange-password request, incorrect sequence numbers were generated for all\r\nrequests subsequent to the first request. This caused password change\r\nrequests to fail if the primary server was unavailable. This updated\r\npackage corrects this by saving the sequence number value after the AP-REQ\r\ndata is built and restoring this value before the request is generated.\r\n\r\n* when a user's password expired, kinit would not prompt that user to\r\nchange the password, instead simply informing the user their password had\r\nexpired. This update corrects this behavior: kinit now prompts for a new\r\npassword to be set when a password has expired.\r\n\r\nAll krb5 users are advised to upgrade to these updated packages, which\r\ncontain backported fixes to address these vulnerabilities and fix these\r\nbugs.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014766.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014767.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0164.html", "modified": "2008-03-19T00:46:43", "published": "2008-03-19T00:46:42", "href": "http://lists.centos.org/pipermail/centos-announce/2008-March/014766.html", "id": "CESA-2008:0164", "title": "krb5 security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:40", "bulletinFamily": "unix", "description": " [1.3.4-54.el4_6.1]\n - add preliminary patch to fix use of uninitialized pointer / double-free in\n KDC (CVE-2008-0062,CVE-2008-0063) (#432620, #432621)\n - add backported patch to fix double-free in libgssapi_krb5 (CVE-2007-5971)\n (#415351) ", "modified": "2008-03-18T00:00:00", "published": "2008-03-18T00:00:00", "id": "ELSA-2008-0180", "href": "http://linux.oracle.com/errata/ELSA-2008-0180.html", "title": "Critical: krb5 security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:49:07", "bulletinFamily": "unix", "description": " [1.6.1-17.el5_1.1]\n - add preliminary patch to fix use of uninitialized pointer / double-free in\n KDC (CVE-2008-0062,CVE-2008-0063) (#432620, #432621)\n - add backported patch to fix use-after-free in libgssapi_krb5 \n (CVE-2007-5901)\n (#415321)\n - add backported patch to fix double-free in libgssapi_krb5 (CVE-2007-5971)\n (#415351)\n - add preliminary patch to fix incorrect handling of high-numbered \n descriptors\n in the RPC library (CVE-2008-0947) (#433596)\n - fix storage of delegated krb5 credentials when they've been wrapped up in\n spnego (#436460)\n - return a delegated credential handle even if the application didn't pass a\n location to store the flags which would be used to indicate that \n credentials\n were delegated (#436465)\n - add patch to fall back to TCP kpasswd servers for kdc-unreachable,\n can't-resolve-server, and response-too-big errors (#436467)\n - use the right sequence numbers when generating password-set/change \n requests\n for kpasswd servers after the first one (#436468)\n - backport from 1.6.3 to initialize a library-allocated get_init_creds_opt\n structure the same way we would one which was allocated by the calling\n application, to restore kinit's traditional behavior of doing a password\n change right when it detects an expired password (#436470) ", "modified": "2008-03-18T00:00:00", "published": "2008-03-18T00:00:00", "id": "ELSA-2008-0164", "href": "http://linux.oracle.com/errata/ELSA-2008-0164.html", "title": "Critical: krb5 security and bugfix update ", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}