Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-0430-1.NASL
HistoryFeb 12, 2016 - 12:00 a.m.

SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2016:0430-1)

2016-02-1200:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

This update for krb5 fixes the following issues :

  • CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968)

  • CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:0430-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(88708);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2015-8629", "CVE-2015-8631");

  script_name(english:"SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2016:0430-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for krb5 fixes the following issues :

  - CVE-2015-8629: Information leak authenticated attackers
    with permissions to modify the database (bsc#963968)

  - CVE-2015-8631: An authenticated attacker could have
    caused a memory leak in auditd by supplying a null
    principal name in request (bsc#963975)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=963968"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=963975"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8629/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-8631/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20160430-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1c7f81de"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-krb5-12397=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-krb5-12397=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-krb5-12397=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-krb5-12397=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-apps-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-apps-servers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
if (os_ver == "SLED11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"krb5-32bit-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-apps-clients-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-apps-servers-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-client-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-server-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"krb5-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"krb5-client-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"krb5-1.6.3-133.49.106.1")) flag++;
if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"krb5-client-1.6.3-133.49.106.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5");
}
VendorProductVersionCPE
novellsuse_linuxkrb5p-cpe:/a:novell:suse_linux:krb5
novellsuse_linuxkrb5-apps-clientsp-cpe:/a:novell:suse_linux:krb5-apps-clients
novellsuse_linuxkrb5-apps-serversp-cpe:/a:novell:suse_linux:krb5-apps-servers
novellsuse_linuxkrb5-clientp-cpe:/a:novell:suse_linux:krb5-client
novellsuse_linuxkrb5-serverp-cpe:/a:novell:suse_linux:krb5-server
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

nessus 20
osv 4
debian 3
redhat 4
ibm 5
centos 2
openvas 16
oraclelinux 2
veracode 2
mageia 1
amazon 1
f5 2
cvelist 2
ubuntucve 2
debiancve 2
prion 2
alpinelinux 2
cve 2
fedora 3
altlinux 3
photon 1
nessus
nessus
Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20160323)
2016-03-24 00:00:00
CentOS 6 : krb5 (CESA-2016:0493)
2016-03-24 00:00:00
Debian DLA-423-1 : krb5 security update
2016-02-23 00:00:00
osv
osv
krb5 - security update
2016-02-22 00:00:00
krb5 - security update
2016-02-04 00:00:00
CVE-2015-8629
2016-02-13 02:59:00
debian
debian
[SECURITY] [DLA 423-1] krb5 security update
2016-02-22 20:45:23
[SECURITY] [DSA 3466-1] krb5 security update
2016-02-04 21:03:56
[SECURITY] [DSA 3466-1] krb5 security update
2016-02-04 21:03:40
redhat
redhat
(RHSA-2016:22678) Moderate: krb5 security update
2016-02-12 05:00:00
(RHSA-2016:0493) Moderate: krb5 security update
2016-03-22 00:00:00
(RHSA-2016:22677) Moderate: krb5 security update
2016-02-12 05:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Kerberos (krb5) affect IBM Security Network Protection (CVE-2015-8629, and CVE-2015-8631)
2018-06-16 21:40:56
Security Bulletin: Vulnerabilities in MIT Kerberos affect PowerKVM (CVE-2015-8629,CVE-2015-8630,CVE-2015-8631)
2018-06-18 01:32:18
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager
2018-06-16 21:44:06
centos
centos
krb5 security update
2016-03-23 13:10:27
krb5 security update
2016-03-31 20:56:46
openvas
openvas
RedHat Update for krb5 RHSA-2016:0493-01
2016-03-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0430-1)
2021-06-09 00:00:00
Oracle: Security Advisory (ELSA-2016-0493)
2016-03-23 00:00:00
oraclelinux
oraclelinux
krb5 security update
2016-03-22 00:00:00
krb5 security update
2016-03-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:28:07
Denial Of Service (DoS)
2019-01-15 09:11:07
mageia
mageia
Updated krb5 packages fix security vulnerability
2016-02-05 20:26:09
amazon
amazon
Medium: krb5
2016-04-21 16:00:00
f5
f5
K38310742 : Kerberos vulnerability CVE-2015-8629
2016-10-20 00:00:00
SOL38310742 - Kerberos vulnerability CVE-2015-8629
2016-10-20 00:00:00
cvelist
cvelist
CVE-2015-8629
2016-02-13 02:00:00
CVE-2015-8631
2016-02-13 02:00:00
ubuntucve
ubuntucve
CVE-2015-8629
2016-02-13 00:00:00
CVE-2015-8631
2016-02-13 00:00:00
debiancve
debiancve
CVE-2015-8629
2016-02-13 02:59:00
CVE-2015-8631
2016-02-13 02:59:00
prion
prion
Out-of-bounds
2016-02-13 02:59:00
Null pointer dereference
2016-02-13 02:59:00
alpinelinux
alpinelinux
CVE-2015-8629
2016-02-13 02:59:00
CVE-2015-8631
2016-02-13 02:59:00
cve
cve
CVE-2015-8629
2016-02-13 02:59:00
CVE-2015-8631
2016-02-13 02:59:00
fedora
fedora
[SECURITY] Fedora 23 Update: krb5-1.14-7.fc23
2016-01-31 06:51:20
[SECURITY] Fedora 22 Update: krb5-1.13.2-13.fc22
2016-02-15 03:23:43
[SECURITY] Fedora 23 Update: krb5-1.14-7.fc23
2016-01-31 05:50:16
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.14.2-alt1
2016-04-26 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.14.2-alt1
2016-04-25 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.13.7-alt0.M70P.1
2017-04-13 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0011
2017-04-14 00:00:00
JSON
Related for SUSE_SU-2016-0430-1.NASL
nessus20osv4debian3redhat4ibm5centos2openvas16oraclelinux2veracode2mageia1amazon1f52cvelist2ubuntucve2debiancve2prion2alpinelinux2cve2fedora3altlinux3photon1