Search...

Ubuntu 6.06 LTS / 6.10 : krb5 vulnerability (USN-408-1)

2007-11-10T00:00:00

ID UBUNTU_USN-408-1.NASL
Type nessus
Reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2007-11-10T00:00:00

Description

The server-side portion of Kerberos' RPC library had a memory management flaw which allowed users of that library to call a function pointer located in unallocated memory. By doing specially crafted calls to the kadmind server, a remote attacker could exploit this to execute arbitrary code with root privileges on the target computer.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-408-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# &lt;http://www.ubuntu.com/usn/&gt;. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27996);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2006-6143");
  script_bugtraq_id(21970);
  script_xref(name:"USN", value:"408-1");

  script_name(english:"Ubuntu 6.06 LTS / 6.10 : krb5 vulnerability (USN-408-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The server-side portion of Kerberos' RPC library had a memory
management flaw which allowed users of that library to call a function
pointer located in unallocated memory. By doing specially crafted
calls to the kadmind server, a remote attacker could exploit this to
execute arbitrary code with root privileges on the target computer.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/408-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-user");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkadm55");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb53");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/01/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"krb5-admin-server", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"krb5-clients", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"krb5-doc", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"krb5-ftpd", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"krb5-kdc", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"krb5-rsh-server", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"krb5-telnetd", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"krb5-user", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libkadm55", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libkrb5-dev", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libkrb53", pkgver:"1.4.3-5ubuntu0.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"krb5-admin-server", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"krb5-clients", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"krb5-doc", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"krb5-ftpd", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"krb5-kdc", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"krb5-rsh-server", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"krb5-telnetd", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"krb5-user", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libkadm55", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libkrb5-dbg", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libkrb5-dev", pkgver:"1.4.3-9ubuntu1.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libkrb53", pkgver:"1.4.3-9ubuntu1.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-admin-server / krb5-clients / krb5-doc / krb5-ftpd / krb5-kdc / etc");
}

JSON Vulners Source

Initial Source

{"id": "UBUNTU_USN-408-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 6.06 LTS / 6.10 : krb5 vulnerability (USN-408-1)", "description": "The server-side portion of Kerberos' RPC library had a memory\nmanagement flaw which allowed users of that library to call a function\npointer located in unallocated memory. By doing specially crafted\ncalls to the kadmind server, a remote attacker could exploit this to\nexecute arbitrary code with root privileges on the target computer.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2007-11-10T00:00:00", "modified": "2007-11-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/27996", "reporter": "Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/408-1/"], "cvelist": ["CVE-2006-6143"], "type": "nessus", "lastseen": "2021-01-20T15:38:58", "edition": 26, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6143"]}, {"type": "openvas", "idList": ["OPENVAS:861035", "OPENVAS:57981", "OPENVAS:861084", "OPENVAS:861214", "OPENVAS:861421", "OPENVAS:840187", "OPENVAS:850089", "OPENVAS:1361412562310830344", "OPENVAS:830344"]}, {"type": "ubuntu", "idList": ["USN-408-1"]}, {"type": "osvdb", "idList": ["OSVDB:31281"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7025", "SECURITYVULNS:DOC:15649"]}, {"type": "cert", "idList": ["VU:481564"]}, {"type": "nessus", "idList": ["SUSE_SA_2007_004.NASL", "FEDORA_2007-033.NASL", "SUSE_KRB5-2442.NASL", "GENTOO_GLSA-200701-21.NASL", "MACOSX_SECUPD2007-004.NASL", "SUSE_KRB5-2440.NASL", "FEDORA_2007-034.NASL", "MANDRAKE_MDKSA-2007-008.NASL"]}, {"type": "suse", "idList": ["SUSE-SA:2007:004"]}, {"type": "gentoo", "idList": ["GLSA-200701-21"]}, {"type": "fedora", "idList": ["FEDORA:L09M8RXR030552", "FEDORA:L09M97NI030735", "FEDORA:L5SDUP1B005917", "FEDORA:L33KEM7F031094"]}], "modified": "2021-01-20T15:38:58", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-01-20T15:38:58", "rev": 2}, "vulnersScore": 7.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-408-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27996);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-6143\");\n script_bugtraq_id(21970);\n script_xref(name:\"USN\", value:\"408-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 : krb5 vulnerability (USN-408-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The server-side portion of Kerberos' RPC library had a memory\nmanagement flaw which allowed users of that library to call a function\npointer located in unallocated memory. By doing specially crafted\ncalls to the kadmind server, a remote attacker could exploit this to\nexecute arbitrary code with root privileges on the target computer.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/408-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-admin-server\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-clients\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-doc\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-ftpd\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-kdc\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-rsh-server\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-telnetd\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-user\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkadm55\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb5-dev\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb53\", pkgver:\"1.4.3-5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-clients\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-doc\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-kdc\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-user\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libkadm55\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libkrb5-dbg\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libkrb53\", pkgver:\"1.4.3-9ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-clients / krb5-doc / krb5-ftpd / krb5-kdc / etc\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "27996", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-doc", "p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:krb5-clients", "p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd", "p-cpe:/a:canonical:ubuntu_linux:libkadm55", "p-cpe:/a:canonical:ubuntu_linux:libkrb53", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:27:25", "description": "The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2006-12-31T05:00:00", "title": "CVE-2006-6143", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6143"], "modified": "2020-01-21T15:45:00", "cpe": ["cpe:/a:mit:kerberos_5:1.4.3", "cpe:/a:mit:kerberos_5:1.5", "cpe:/a:mit:kerberos_5:1.4.1", "cpe:/a:mit:kerberos_5:1.4.4", "cpe:/a:mit:kerberos_5:1.5.1", "cpe:/a:mit:kerberos_5:1.4", "cpe:/a:mit:kerberos_5:1.4.2"], "id": "CVE-2006-6143", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6143", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-08T23:39:47", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6143"], "description": "The server-side portion of Kerberos' RPC library had a memory \nmanagement flaw which allowed users of that library to call a function \npointer located in unallocated memory. By doing specially crafted \ncalls to the kadmind server, a remote attacker could exploit this to \nexecute arbitrary code with root privileges on the target computer.", "edition": 6, "modified": "2007-01-16T00:00:00", "published": "2007-01-16T00:00:00", "id": "USN-408-1", "href": "https://ubuntu.com/security/notices/USN-408-1", "title": "krb5 vulnerability", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-04-09T11:41:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6143"], "description": "Check for the Version of krb5", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830344", "type": "openvas", "title": "Mandriva Update for krb5 MDKSA-2007:008 (krb5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDKSA-2007:008 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used\n in the kadmind administration daemon calls an uninitialized function\n pointer in freed memory, which could allow a remote attacker to cause a\n Denial of Service and possibly execute arbitrary code via unspecified\n vectors.\n\n Updated packages are patched to address this issue.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-01/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830344\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:008\");\n script_cve_id(\"CVE-2006-6143\");\n script_name( \"Mandriva Update for krb5 MDKSA-2007:008 (krb5)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6143"], "description": "Check for the Version of krb5", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830344", "href": "http://plugins.openvas.org/nasl.php?oid=830344", "type": "openvas", "title": "Mandriva Update for krb5 MDKSA-2007:008 (krb5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDKSA-2007:008 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used\n in the kadmind administration daemon calls an uninitialized function\n pointer in freed memory, which could allow a remote attacker to cause a\n Denial of Service and possibly execute arbitrary code via unspecified\n vectors.\n\n Updated packages are patched to address this issue.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-01/msg00011.php\");\n script_id(830344);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:008\");\n script_cve_id(\"CVE-2006-6143\");\n script_name( \"Mandriva Update for krb5 MDKSA-2007:008 (krb5)\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.4.2~1.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:30:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6143"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-408-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840187", "href": "http://plugins.openvas.org/nasl.php?oid=840187", "type": "openvas", "title": "Ubuntu Update for krb5 vulnerability USN-408-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_408_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for krb5 vulnerability USN-408-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The server-side portion of Kerberos' RPC library had a memory\n management flaw which allowed users of that library to call a function\n pointer located in unallocated memory. By doing specially crafted\n calls to the kadmind server, a remote attacker could exploit this to\n execute arbitrary code with root privileges on the target computer.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-408-1\";\ntag_affected = \"krb5 vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-408-1/\");\n script_id(840187);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"408-1\");\n script_cve_id(\"CVE-2006-6143\");\n script_name( \"Ubuntu Update for krb5 vulnerability USN-408-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.4.3-5ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.4.3-9ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3084", "CVE-2006-6143"], "description": "Check for the Version of krb5", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861421", "href": "http://plugins.openvas.org/nasl.php?oid=861421", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-034", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-034\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora Core 5\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00047.html\");\n script_id(861421);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-034\");\n script_cve_id(\"CVE-2006-6143\", \"CVE-2006-3084\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-034\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-devel\", rpm:\"x86_64/krb5-devel~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-libs\", rpm:\"x86_64/krb5-libs~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/krb5-debuginfo\", rpm:\"x86_64/debug/krb5-debuginfo~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-workstation\", rpm:\"x86_64/krb5-workstation~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-server\", rpm:\"x86_64/krb5-server~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-server\", rpm:\"i386/krb5-server~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-libs\", rpm:\"i386/krb5-libs~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-devel\", rpm:\"i386/krb5-devel~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/krb5-debuginfo\", rpm:\"i386/debug/krb5-debuginfo~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-workstation\", rpm:\"i386/krb5-workstation~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200701-21.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57981", "href": "http://plugins.openvas.org/nasl.php?oid=57981", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200701-21 (mit-krb5)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the\nexecution of arbitrary code.\";\ntag_solution = \"All MIT Kerberos 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.5.2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200701-21\nhttp://bugs.gentoo.org/show_bug.cgi?id=158810\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200701-21.\";\n\n \n\nif(description)\n{\n script_id(57981);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-6143\", \"CVE-2006-6144\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200701-21 (mit-krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/mit-krb5\", unaffected: make_list(\"ge 1.5.2\"), vulnerable: make_list(\"lt 1.5.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:20:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "description": "Check for the Version of krb5", "modified": "2017-12-08T00:00:00", "published": "2009-01-28T00:00:00", "id": "OPENVAS:850089", "href": "http://plugins.openvas.org/nasl.php?oid=850089", "type": "openvas", "title": "SuSE Update for krb5 SUSE-SA:2007:004", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_004.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for krb5 SUSE-SA:2007:004\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various bugs in the Kerberos5 libraries and tools were fixed which\n could be used by remote attackers to crash and potentially execute\n code in kadmind.\n\n - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an\n uninitialized function pointer, which created a security\n vulnerability for kadmind.\n\n - CVE-2006-6143 / MITKRB5-SA-2006-003: the GSS-API mechglue layer\n could fail to initialize some output pointers, causing callers to\n attempt to free uninitialized pointers. This caused a security\n vulnerability in kadmind.\";\n\ntag_impact = \"remote denial of service\";\ntag_affected = \"krb5 on openSUSE 10.2, SUSE LINUX 10.1, SUSE SLED 10, SUSE SLES 10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850089);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2007-004\");\n script_cve_id(\"CVE-2006-6143\", \"CVE-2006-6144\");\n script_name( \"SuSE Update for krb5 SUSE-SA:2007:004\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED10\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~19.7\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.4.3~19.7\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~19.7\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.5.1~23.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.5.1~23.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.5.1~23.2\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES10\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~19.7\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.4.3~19.7\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~19.7\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~19.7\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~19.7\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "description": "Check for the Version of krb5", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861084", "href": "http://plugins.openvas.org/nasl.php?oid=861084", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-033\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora Core 6\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00046.html\");\n script_id(861084);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-033\");\n script_cve_id(\"CVE-2006-6143\", \"CVE-2006-6144\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-033\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-workstation\", rpm:\"x86_64/krb5-workstation~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/krb5-debuginfo\", rpm:\"x86_64/debug/krb5-debuginfo~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-devel\", rpm:\"x86_64/krb5-devel~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-libs\", rpm:\"x86_64/krb5-libs~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-server\", rpm:\"x86_64/krb5-server~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/krb5-debuginfo\", rpm:\"i386/debug/krb5-debuginfo~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-libs\", rpm:\"i386/krb5-libs~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-workstation\", rpm:\"i386/krb5-workstation~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-server\", rpm:\"i386/krb5-server~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-devel\", rpm:\"i386/krb5-devel~1.5~13\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216", "CVE-2006-3084", "CVE-2006-6143"], "description": "Check for the Version of krb5", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861035", "href": "http://plugins.openvas.org/nasl.php?oid=861035", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-409\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora Core 5\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00009.html\");\n script_id(861035);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-409\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\", \"CVE-2006-6143\", \"CVE-2006-3084\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-409\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-workstation\", rpm:\"x86_64/krb5-workstation~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-server\", rpm:\"x86_64/krb5-server~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-libs\", rpm:\"x86_64/krb5-libs~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-devel\", rpm:\"x86_64/krb5-devel~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/krb5-debuginfo\", rpm:\"x86_64/debug/krb5-debuginfo~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-devel\", rpm:\"i386/krb5-devel~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/krb5-debuginfo\", rpm:\"i386/debug/krb5-debuginfo~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-server\", rpm:\"i386/krb5-server~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-workstation\", rpm:\"i386/krb5-workstation~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-libs\", rpm:\"i386/krb5-libs~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2442", "CVE-2007-2798", "CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216", "CVE-2006-3084", "CVE-2007-2443", "CVE-2006-6143"], "description": "Check for the Version of krb5", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861214", "href": "http://plugins.openvas.org/nasl.php?oid=861214", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-620", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-620\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora Core 5\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00658.html\");\n script_id(861214);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-620\");\n script_cve_id(\"CVE-2007-2442\", \"CVE-2007-2443\", \"CVE-2007-2798\", \"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\", \"CVE-2006-6143\", \"CVE-2006-3084\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-620\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/krb5-debuginfo\", rpm:\"x86_64/debug/krb5-debuginfo~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-server\", rpm:\"x86_64/krb5-server~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-libs\", rpm:\"x86_64/krb5-libs~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-devel\", rpm:\"x86_64/krb5-devel~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-workstation\", rpm:\"x86_64/krb5-workstation~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-devel\", rpm:\"i386/krb5-devel~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-server\", rpm:\"i386/krb5-server~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-libs\", rpm:\"i386/krb5-libs~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-workstation\", rpm:\"i386/krb5-workstation~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/krb5-debuginfo\", rpm:\"i386/debug/krb5-debuginfo~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "cvelist": ["CVE-2006-6143"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=305391)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=305445)\nUS-CERT Cyber Security Alert: TA07-009B\n[Secunia Advisory ID:23696](https://secuniaresearch.flexerasoftware.com/advisories/23696/)\n[Secunia Advisory ID:24966](https://secuniaresearch.flexerasoftware.com/advisories/24966/)\n[Secunia Advisory ID:23706](https://secuniaresearch.flexerasoftware.com/advisories/23706/)\n[Secunia Advisory ID:23667](https://secuniaresearch.flexerasoftware.com/advisories/23667/)\n[Secunia Advisory ID:23903](https://secuniaresearch.flexerasoftware.com/advisories/23903/)\n[Secunia Advisory ID:23701](https://secuniaresearch.flexerasoftware.com/advisories/23701/)\n[Secunia Advisory ID:23707](https://secuniaresearch.flexerasoftware.com/advisories/23707/)\n[Secunia Advisory ID:23772](https://secuniaresearch.flexerasoftware.com/advisories/23772/)\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:008\nOther Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt\nOther Advisory URL: http://www.ubuntu.com/usn/usn-408-1\nOther Advisory URL: http://fedoranews.org/cms/node/2376\nOther Advisory URL: http://fedoranews.org/cms/node/2375\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml\nISS X-Force ID: 31422\nFrSIRT Advisory: ADV-2007-0111\nFrSIRT Advisory: ADV-2007-1470\n[CVE-2006-6143](https://vulners.com/cve/CVE-2006-6143)\nCERT VU: 481564\n", "edition": 1, "modified": "2007-01-10T09:48:25", "published": "2007-01-10T09:48:25", "href": "https://vulners.com/osvdb/OSVDB:31281", "id": "OSVDB:31281", "title": "MIT Kerberos RPC Library xprt->xp_auth Code Execution", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:39", "description": "A vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used\nin the kadmind administration daemon calls an uninitialized function\npointer in freed memory, which could allow a remote attacker to cause\na Denial of Service and possibly execute arbitrary code via\nunspecified vectors.\n\nUpdated packages are patched to address this issue.", "edition": 24, "published": "2007-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : krb5 (MDKSA-2007:008)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6143"], "modified": "2007-02-18T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:libkrb53", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:krb5-server", "p-cpe:/a:mandriva:linux:ftp-server-krb5", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:lib64krb53", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:ftp-client-krb5", "p-cpe:/a:mandriva:linux:libkrb53-devel", "p-cpe:/a:mandriva:linux:telnet-client-krb5", "p-cpe:/a:mandriva:linux:telnet-server-krb5"], "id": "MANDRAKE_MDKSA-2007-008.NASL", "href": "https://www.tenable.com/plugins/nessus/24624", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:008. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24624);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6143\");\n script_bugtraq_id(21970);\n script_xref(name:\"CERT\", value:\"481564\");\n script_xref(name:\"MDKSA\", value:\"2007:008\");\n\n script_name(english:\"Mandrake Linux Security Advisory : krb5 (MDKSA-2007:008)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used\nin the kadmind administration daemon calls an uninitialized function\npointer in freed memory, which could allow a remote attacker to cause\na Denial of Service and possibly execute arbitrary code via\nunspecified vectors.\n\nUpdated packages are patched to address this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ftp-client-krb5-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ftp-server-krb5-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"krb5-server-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"krb5-workstation-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkrb53-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"telnet-client-krb5-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"telnet-server-krb5-1.4.2-1.2.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", reference:\"ftp-client-krb5-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"ftp-server-krb5-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"krb5-server-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"krb5-workstation-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libkrb53-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"telnet-client-krb5-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"telnet-server-krb5-1.4.3-6.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:10", "description": "The remote host is affected by the vulnerability described in GLSA-200701-21\n(MIT Kerberos 5: Arbitrary Remote Code Execution)\n\n The Kerberos administration daemon, and possibly other applications\n using the GSS-API or RPC libraries, could potentially call a function\n pointer in a freed heap buffer, or attempt to free an uninitialized\n pointer.\n \nImpact :\n\n A remote attacker may be able to crash an affected application, or\n potentially execute arbitrary code with root privileges.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-01-26T00:00:00", "title": "GLSA-200701-21 : MIT Kerberos 5: Arbitrary Remote Code Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "modified": "2007-01-26T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mit-krb5"], "id": "GENTOO_GLSA-200701-21.NASL", "href": "https://www.tenable.com/plugins/nessus/24257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200701-21.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24257);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6143\", \"CVE-2006-6144\");\n script_xref(name:\"GLSA\", value:\"200701-21\");\n\n script_name(english:\"GLSA-200701-21 : MIT Kerberos 5: Arbitrary Remote Code Execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200701-21\n(MIT Kerberos 5: Arbitrary Remote Code Execution)\n\n The Kerberos administration daemon, and possibly other applications\n using the GSS-API or RPC libraries, could potentially call a function\n pointer in a freed heap buffer, or attempt to free an uninitialized\n pointer.\n \nImpact :\n\n A remote attacker may be able to crash an affected application, or\n potentially execute arbitrary code with root privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200701-21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MIT Kerberos 5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.5.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mit-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/mit-krb5\", unaffected:make_list(\"ge 1.5.2\"), vulnerable:make_list(\"lt 1.5.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MIT Kerberos 5\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:02", "description": "This update incorporates fixes for recently-announced bugs found in\nthe kadmind daemon.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-01-17T00:00:00", "title": "Fedora Core 6 : krb5-1.5-13 (2007-033)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "modified": "2007-01-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:krb5-debuginfo", "p-cpe:/a:fedoraproject:fedora:krb5-server", "p-cpe:/a:fedoraproject:fedora:krb5-workstation", "p-cpe:/a:fedoraproject:fedora:krb5-libs", "p-cpe:/a:fedoraproject:fedora:krb5-devel"], "id": "FEDORA_2007-033.NASL", "href": "https://www.tenable.com/plugins/nessus/24189", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-033.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24189);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-6143\", \"CVE-2006-6144\");\n script_xref(name:\"FEDORA\", value:\"2007-033\");\n\n script_name(english:\"Fedora Core 6 : krb5-1.5-13 (2007-033)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates fixes for recently-announced bugs found in\nthe kadmind daemon.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-January/001221.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?81d7dc8d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"krb5-debuginfo-1.5-13\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"krb5-devel-1.5-13\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"krb5-libs-1.5-13\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"krb5-server-1.5-13\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"krb5-workstation-1.5-13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-server / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:02", "description": "This update incorporates a fix for a recently-announced bug found in\nthe kadmind daemon.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-01-17T00:00:00", "title": "Fedora Core 5 : krb5-1.4.3-5.3 (2007-034)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3084", "CVE-2006-6143"], "modified": "2007-01-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:krb5-debuginfo", "p-cpe:/a:fedoraproject:fedora:krb5-server", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:krb5-workstation", "p-cpe:/a:fedoraproject:fedora:krb5-libs", "p-cpe:/a:fedoraproject:fedora:krb5-devel"], "id": "FEDORA_2007-034.NASL", "href": "https://www.tenable.com/plugins/nessus/24190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-034.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24190);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-3084\", \"CVE-2006-6143\");\n script_xref(name:\"FEDORA\", value:\"2007-034\");\n\n script_name(english:\"Fedora Core 5 : krb5-1.4.3-5.3 (2007-034)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates a fix for a recently-announced bug found in\nthe kadmind daemon.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-January/001222.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54e3631c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"krb5-debuginfo-1.4.3-5.3\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"krb5-devel-1.4.3-5.3\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"krb5-libs-1.4.3-5.3\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"krb5-server-1.4.3-5.3\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"krb5-workstation-1.4.3-5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-server / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:14:49", "description": "The remote host is missing the patch for the advisory SUSE-SA:2007:004 (krb5).\n\n\nVarious bugs in the Kerberos5 libraries and tools were fixed which\ncould be used by remote attackers to crash and potentially execute\ncode in kadmind.\n\n- CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an\nuninitialized function pointer, which created a security\nvulnerability for kadmind.\n\n- CVE-2006-6143 / MITKRB5-SA-2006-003: the GSS-API mechglue layer\ncould fail to initialize some output pointers, causing callers to\nattempt to free uninitialized pointers. This caused a security\nvulnerability in kadmind.", "edition": 6, "published": "2007-02-18T00:00:00", "title": "SUSE-SA:2007:004: krb5", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "modified": "2007-02-18T00:00:00", "cpe": [], "id": "SUSE_SA_2007_004.NASL", "href": "https://www.tenable.com/plugins/nessus/24458", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2007:004\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24458);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2007:004: krb5\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2007:004 (krb5).\n\n\nVarious bugs in the Kerberos5 libraries and tools were fixed which\ncould be used by remote attackers to crash and potentially execute\ncode in kadmind.\n\n- CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an\nuninitialized function pointer, which created a security\nvulnerability for kadmind.\n\n- CVE-2006-6143 / MITKRB5-SA-2006-003: the GSS-API mechglue layer\ncould fail to initialize some output pointers, causing callers to\nattempt to free uninitialized pointers. This caused a security\nvulnerability in kadmind.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2007_04_krb5.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the krb5 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"krb5-1.4.1-5.3\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"krb5-server-1.4.1-5.3\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"krb5-1.4-16.7\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"krb5-server-1.4-16.7\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:20", "description": "Bugs in the handling of pointers to uninitializes resp. already freed\nmemory could potentially be abused by attackers to execute code\n(CVE-2006-6144, CVE-2006-6143).", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : krb5 (krb5-2442)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-server", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:krb5"], "id": "SUSE_KRB5-2442.NASL", "href": "https://www.tenable.com/plugins/nessus/27307", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update krb5-2442.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27307);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6143\", \"CVE-2006-6144\");\n\n script_name(english:\"openSUSE 10 Security Update : krb5 (krb5-2442)\");\n script_summary(english:\"Check for the krb5-2442 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bugs in the handling of pointers to uninitializes resp. already freed\nmemory could potentially be abused by attackers to execute code\n(CVE-2006-6144, CVE-2006-6143).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-1.4.3-19.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-server-1.4.3-19.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-1.5.1-23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-server-1.5.1-23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"krb5-32bit-1.5.1-23.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5 / krb5-32bit / krb5-server\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:20", "description": "Bugs in the handling of pointers to uninitializes resp. already freed\nmemory could potentially be abused by attackers to execute code.\n(CVE-2006-6144 / CVE-2006-6143)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : Kerberos5 (ZYPP Patch Number 2440)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KRB5-2440.NASL", "href": "https://www.tenable.com/plugins/nessus/29491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29491);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6143\", \"CVE-2006-6144\");\n\n script_name(english:\"SuSE 10 Security Update : Kerberos5 (ZYPP Patch Number 2440)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bugs in the handling of pointers to uninitializes resp. already freed\nmemory could potentially be abused by attackers to execute code.\n(CVE-2006-6144 / CVE-2006-6143)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-6143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-6144.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2440.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"krb5-1.4.3-19.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"krb5-1.4.3-19.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"krb5-server-1.4.3-19.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:42:30", "description": "The remote host is running a version of Mac OS X 10.4 that does not have\nSecurity Update 2007-004 applied.\n\nThis update fixes security flaws in the following applications :\n\nAFP Client\nAirPort\nCarbonCore\ndiskdev_cmds\nfetchmail\nftpd\ngnutar\nHelp Viewer\nHID Family\nInstaller\nKerberos\nLibinfo\nLogin Window\nnetwork_cmds\nSMB\nSystem Configuration\nURLMount\nVideo Conference\nWebDAV", "edition": 26, "published": "2007-04-21T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-004)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0725", "CVE-2007-0735", "CVE-2007-0744", "CVE-2007-0724", "CVE-2007-0738", "CVE-2007-0747", "CVE-2007-0741", "CVE-2007-0736", "CVE-2006-5867", "CVE-2007-0957", "CVE-2007-0739", "CVE-2007-0732", "CVE-2007-0737", "CVE-2006-6652", "CVE-2007-0743", "CVE-2007-0746", "CVE-2007-0646", "CVE-2007-1216", "CVE-2007-0729", "CVE-2007-0742", "CVE-2007-0734", "CVE-2007-0022", "CVE-2006-0300", "CVE-2006-6143", "CVE-2007-0465"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2007-004.NASL", "href": "https://www.tenable.com/plugins/nessus/25081", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(25081);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n \n script_cve_id(\"CVE-2006-0300\", \"CVE-2006-5867\", \"CVE-2006-6143\", \"CVE-2006-6652\", \"CVE-2007-0022\",\n \"CVE-2007-0465\", \"CVE-2007-0646\", \"CVE-2007-0724\", \"CVE-2007-0725\", \"CVE-2007-0729\",\n \"CVE-2007-0732\", \"CVE-2007-0734\", \"CVE-2007-0735\", \"CVE-2007-0736\", \"CVE-2007-0737\",\n \"CVE-2007-0738\", \"CVE-2007-0739\", \"CVE-2007-0741\", \"CVE-2007-0742\", \"CVE-2007-0743\",\n \"CVE-2007-0744\", \"CVE-2007-0746\", \"CVE-2007-0747\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_bugtraq_id(23569);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2007-004)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 that does not have\nSecurity Update 2007-004 applied.\n\nThis update fixes security flaws in the following applications :\n\nAFP Client\nAirPort\nCarbonCore\ndiskdev_cmds\nfetchmail\nftpd\ngnutar\nHelp Viewer\nHID Family\nInstaller\nKerberos\nLibinfo\nLogin Window\nnetwork_cmds\nSMB\nSystem Configuration\nURLMount\nVideo Conference\nWebDAV\" );\n # http://web.archive.org/web/20071213053008/http://docs.info.apple.com/article.html?artnum=305391\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf3b0926\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2007-004 :\n\n# http://web.archive.org/web/20070423190224/http://www.apple.com/support/downloads/securityupdate2007004universal.html\nhttp://www.nessus.org/u?f44d0fd9\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 134, 264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/04/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/04/19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_summary(english:\"Check for the presence of Security Update 2007-004\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n#\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.[0-9]\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2007-00[4-9]|200[89]-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-6143"], "description": "Function call by uninitialized pointer in RPC server code allows code execution.", "edition": 1, "modified": "2007-01-09T00:00:00", "published": "2007-01-09T00:00:00", "id": "SECURITYVULNS:VULN:7025", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7025", "title": "RPC library / MIT Kerberos kadmind uninitialized function pointer", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-6143"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n MIT krb5 Security Advisory 2006-002\r\n\r\nOriginal release: 2007-01-09\r\nLast update: 2007-01-09\r\n\r\nTopic: kadmind (via RPC library) calls uninitialized function pointer\r\n\r\nSeverity: CRITICAL\r\n\r\nCVE: CVE-2006-6143\r\nCERT: VU#481564\r\n\r\nSUMMARY\r\n=======\r\n\r\nThe Kerberos administration daemon, "kadmind", can execute arbitrary\r\ncode by calling through a function pointer located in freed memory.\r\nThis vulnerability results from bugs in the server-side portion of the\r\nRPC library. Third-party server applications written using the RPC\r\nlibrary provided with MIT krb5 may also be vulnerable.\r\n\r\nNo exploit code is known to exist at this time.\r\n\r\nIMPACT\r\n======\r\n\r\nAn unauthenticated user may cause execution of arbitrary code in\r\nkadmind, which can compromise the Kerberos key database and host\r\nsecurity. (kadmind usually runs as root.) Unsuccessful exploitation,\r\nor even accidental replication of the required conditions by\r\nnon-malicious users, can result in kadmind crashing.\r\n\r\nAn unauthenticated user may cause execution of arbitrary code in\r\nthird-party server applications which use the RPC library.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* kadmind from MIT releases krb5-1.4 through krb5-1.4.4\r\n\r\n* kadmind from MIT releases krb5-1.5 through krb5-1.5.1\r\n\r\n* third-party applications calling the RPC library included in MIT\r\n releases krb5-1.4 through krb5-1.4.4\r\n\r\n* third-party applications calling the RPC library included in MIT\r\n releases krb5-1.5 through krb5-1.5.1\r\n\r\n* Earlier releases may not be affected because the changes causing\r\n this vulnerability were introduced in krb5-1.4.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.6 release will contain a fix for this problem.\r\n Additionally, the upcoming krb5-1.5.2 patch release will contain\r\n this fix.\r\n\r\n* Apply the following patch:\r\n\r\nIndex: src/lib/rpc/svc.c\r\n===================================================================\r\n*** src/lib/rpc/svc.c (revision 18864)\r\n- --- src/lib/rpc/svc.c (working copy)\r\n***************\r\n*** 437,442 ****\r\n- --- 437,444 ----\r\n #endif\r\n }\r\n \r\n+ extern struct svc_auth_ops svc_auth_gss_ops;\r\n+ \r\n static void\r\n svc_do_xprt(SVCXPRT *xprt)\r\n {\r\n***************\r\n*** 518,523 ****\r\n- --- 520,528 ----\r\n if ((stat = SVC_STAT(xprt)) == XPRT_DIED){\r\n SVC_DESTROY(xprt);\r\n break;\r\n+ } else if ((xprt->xp_auth != NULL) &&\r\n+ (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {\r\n+ xprt->xp_auth = NULL;\r\n }\r\n } while (stat == XPRT_MOREREQS);\r\n \r\n\r\n This patch is also available at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2006-002-patch.txt\r\n\r\n A PGP-signed version of the patch is at:\r\n\r\n http://web.mit.edu/kerberos/advisories/2006-002-patch.txt.asc\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement is posted at:\r\n\r\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-002-rpc.txt\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVE: CVE-2006-6143\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143\r\n\r\nCERT: VU#481564\r\nhttp://www.kb.cert.org/vuls/id/481564\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Andrew Korty from Indiana University for reporting this\r\nproblem and for assisting with debugging.\r\n\r\nDETAILS\r\n=======\r\n\r\nError handling in svc_do_xprt() calls SVC_DESTROY(), which calls\r\nSVCAUTH_DESTROY(), which calls through a function pointer in a SVCAUTH\r\nstructure. The SVCAUTH structure may reside in uninitialized or freed\r\nmemory, so the function pointer may point to malicious or invalid\r\ncode, resulting in application crashes or execution of arbitrary\r\nmalicious code.\r\n\r\nOn the server side of the RPC library, each RPC transport socket has a\r\ncorresponding SVCXPRT structure. Every UDP listener has one SVCXPRT,\r\nas does every TCP listener. UDP listeners do not create a new SVCXPRT\r\nstructure for each client; TCP listeners do create a new SVCXPRT\r\nstructure for each client. Each SVCXPRT structure contains a SVCAUTH\r\npointer named "xp_auth". The RPC call authentication functions set\r\nthis SVCAUTH pointer, and SVCAUTH_WRAP() and SVCAUTH_UNWRAP()\r\nsubsequently use this SVCAUTH pointer to perform encryption and\r\ndecryption of RPC arguments and replies.\r\n\r\nDuring a call, svc_do_xprt() uses the SVCAUTH pointer variable "xprt",\r\npreviously set by looking up the transport's socket file descriptor,\r\nto call various functions to perform actual processing of the call.\r\nThe AUTH_GSSAPI authentication flavor authentication function,\r\ngssrpc__svcauth_gssapi(), sets xprt->xp_auth to point into an\r\nallocated internal client state structure. This occurs prior to\r\nauthentication actually succeeding; an attacker may not need to\r\nsuccessfully authenticate to exploit this vulnerability.\r\n\r\nAUTH_GSSAPI periodically scans all its client state structures for\r\nexpired GSS-API contexts, and destroys them. The client state\r\nstructures do not record which xprt->xp_auth points into them; as a\r\nresult, the destruction of client state structures can result in some\r\nxprt->xp_auth pointing into freed memory.\r\n\r\nWhen svc_do_xprt() encounters error conditions, it calls\r\nSVC_DESTROY(), which then calls SVCAUTH_DESTROY(xprt->xp_auth) if\r\nxprt->xp_auth is not NULL. Most of the functions called through\r\nsvc_do_xprt() do initialize xprt->xp_auth, but because SVC_RECV() does\r\nnot, errors in SVC_RECV() (such as a client closing its TCP socket)\r\nwill result in xprt->xp_auth containing whatever value it had at the\r\nconclusion of the immediately preceding call which used that SVCXPRT.\r\n\r\nSVCAUTH_DESTROY() calls through a function pointer in xprt->xp_auth.\r\nIf xprt->xp_auth points into freed memory, this call could jump to\r\nmalicious code. This vulnerability may be easy to exploit if the\r\nattacker can control the heap contents and writable process memory is\r\nexecutable.\r\n\r\nThe RPCSEC_GSS authentication flavor currently erroneously depends on\r\nxprt->xp_auth remaining constant across calls, so the simple strategy\r\nof unconditionally setting xprt->xp_auth to NULL will cause\r\nconnections using RPCSEC_GSS authentication to fail. We plan to\r\naddress this bug in a future release.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2007-01-09 original release\r\n\r\nCopyright (C) 2006 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 (SunOS)\r\n\r\niQCVAwUBRaL90KbDgE/zdoE9AQKSPwP/TfCAdMA3WQmch7TJQqU8IZF4TyLe6N8N\r\nHJLLKOrEV/ZRyX8nZ+VJuK4FHYEZ02A2hlh3KG3+JQEuB2ChrCxhZz+3sttZJ7rE\r\n/kTmjFwP0BNwIolQ4wYHaVUSGhqK71fJxWt9LIP1Xt/D2dpF0JzmpsvARsfn7yE1\r\nYRQyFUGwRkc=\r\n=2Oi2\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2007-01-09T00:00:00", "published": "2007-01-09T00:00:00", "id": "SECURITYVULNS:DOC:15649", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:15649", "title": "MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2020-09-18T20:42:55", "bulletinFamily": "info", "cvelist": ["CVE-2006-6143"], "description": "### Overview \n\nThe Kerberos administration daemon fails to properly initialize pointers. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.\n\n### Description \n\nA vulnerability exists in the way the Kerberos administration daemon handles pointers that may allow a remote, unauthenticated user to execute arbitrary code. According to MIT krb5 Security Advisory [2006-002](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt>):\n\n_The Kerberos administration daemon, \"kadmind\", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library._ \n \nNote that krb5-1.4 through krb5-1.4.4, and krb5-1.5 through krb5-1.5.1 are affected by this vulnerability. Other server applications that utilize the RPC library provided with MIT krb5 may also be affected. \n \nThis vulnerability can be triggered by sending a specially crafted Kerberos packet to a vulnerable system. \n \n--- \n \n### Impact \n\nA remote, unauthenticated user may be able to execute arbitrary code resulting in the compromise of the Kerberos key database or cause a denial of service. \n \n--- \n \n### Solution \n\n**Apply Patch** \n \nA patch can be obtained from MIT krb5 Security Advisory [2006-002](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt>). MIT also states that this will be addressed in the upcoming krb5-1.6 release and krb5-1.5.2 patch release. \n \n--- \n \n### Vendor Information\n\n481564\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian GNU/Linux __ Affected\n\nNotified: January 04, 2007 Updated: January 19, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [dsa-1244](<http://www.us.debian.org/security/2006/dsa-1244>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### Fedora Project __ Affected\n\nNotified: January 04, 2007 Updated: January 11, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Fedora Core 5 Update [krb5-1.4.3-5.3](<http://fedoranews.org/cms/node/2376>) and Fedora Core 6 Update [krb5-1.5-13](<http://fedoranews.org/cms/node/2375>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### Gentoo Linux __ Affected\n\nNotified: January 04, 2007 Updated: February 07, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [glsa-200701-21](<http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### MIT Kerberos Development Team __ Affected\n\nNotified: January 04, 2007 Updated: January 09, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to MIT krb5 Security Advisory [2006-002](<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### Mandriva, Inc. __ Affected\n\nNotified: January 04, 2007 Updated: January 11, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Mandriva Security Advisory [MDKSA-2007:008](<http://www.mandriva.com/security/advisories?name=MDKSA-2007:008>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### OpenPKG __ Affected\n\nUpdated: January 11, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [OpenPKG-SA-2007.006](<http://openpkg.com/go/OpenPKG-SA-2007.006>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### SUSE Linux __ Affected\n\nNotified: January 04, 2007 Updated: January 11, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [SUSE-SA:2007:004](<http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### Slackware Linux Inc. __ Affected\n\nNotified: January 04, 2007 Updated: January 19, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [SSA:2006-357-05](<http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nNotified: January 04, 2007 Updated: January 19, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Trustix Secure Linux Security Advisory #[2007-0003](<http://www.trustix.org/errata/2007/0003/>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### Ubuntu __ Affected\n\nNotified: January 04, 2007 Updated: January 16, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Ubuntu Security Notice [USN-408-1](<http://www.ubuntu.com/usn/usn-408-1>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### rPath __ Affected\n\nUpdated: January 12, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [RPL-925](<https://issues.rpath.com/browse/RPL-925>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481564 Feedback>).\n\n### AttachmateWRQ, Inc. Not Affected\n\nNotified: January 04, 2007 Updated: February 07, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### CyberSafe, Inc. __ Not Affected\n\nNotified: January 04, 2007 Updated: January 05, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nAll available versions of the CyberSafe TrustBroker, Challenger and ActiveTRUST products are not vulnerable to VU#481564 or VU#831452. This is because the protocols used to communicate with the CyberSafe KDC product Administration Daemon/Service are different to the protocols used by MIT products.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Force10 Networks, Inc. Not Affected\n\nNotified: January 04, 2007 Updated: May 10, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi Not Affected\n\nNotified: January 04, 2007 Updated: January 16, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hyperchip Not Affected\n\nNotified: January 04, 2007 Updated: January 16, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation __ Not Affected\n\nNotified: January 04, 2007 Updated: January 05, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNetwork Authentication Services for the AIX Operating System is not affected by the issues described in CERT VU#481564 and VU#831452.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Intoto __ Not Affected\n\nNotified: January 04, 2007 Updated: January 16, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nIntoto products do not use Kerberos as one of its component, so they are not vulnerable to potential exploits documented in this vulnerability note.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Juniper Networks, Inc. __ Not Affected\n\nNotified: January 04, 2007 Updated: January 05, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nJuniper Networks products are not susceptible to this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Microsoft Corporation Not Affected\n\nNotified: January 04, 2007 Updated: January 05, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Network Appliance, Inc. Not Affected\n\nNotified: January 04, 2007 Updated: January 08, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. __ Not Affected\n\nNotified: January 04, 2007 Updated: January 05, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. __ Not Affected\n\nNotified: January 04, 2007 Updated: January 09, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nSun's Kerberos administration daemon, kadmind(1M), is not impacted by the kadmind vulnerabilities described in CERT VU#481564 and CERT VU#831452. However it may be possible that some third-party applications which utilize GSS-API via Sun's libgss(3LIB) are vulnerable to the issue described in CERT VU#831452. Sun will be updating the relevant GSS-API routines to address this and will document the details in Sun Alert 102772 which will be available from the following URL:\n\n<http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### 3com, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### AT&T Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Alcatel Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Apple Computer, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Avici Systems, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Borderware Technologies Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Charlotte's Web Networks Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Chiaro Networks, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cisco Systems, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Clavister Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Computer Associates Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Data Connection, Ltd. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### EMC, Inc. (formerly Data General Corporation) Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Extreme Networks Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fortinet, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Foundry Networks, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Global Technology Associates Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Heimdal Kerberos Project Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IP Filter Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Intel Corporation Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Internet Security Systems, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### KTH Kerberos Team Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Linksys (A division of Cisco Systems) Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Lucent Technologies Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Luminous Networks Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Multinet (owned Process Software Corporation) Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Multitech, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NextHop Technologies, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nortel Networks, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Redback Networks, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Riverstone Networks, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Secure Computing Network Security Division Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Secureworx, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Stonesoft Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Symantec, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Watchguard Technologies, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### ZyXEL Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### eSoft, Inc. Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### netfilter Unknown\n\nNotified: January 04, 2007 Updated: January 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 91 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt>\n * <http://securitytracker.com/alerts/2007/Jan/1017493.html>\n * <http://secunia.com/advisories/23772/>\n * <http://secunia.com/advisories/23706/>\n * <http://secunia.com/advisories/23707/>\n * <http://secunia.com/advisories/23701/>\n * <http://secunia.com/advisories/23696/>\n * <http://secunia.com/advisories/23667/>\n * <http://www.securityfocus.com/bid/21970>\n * <http://secunia.com/advisories/23903/>\n * <http://secunia.com/advisories/24966/>\n * <http://docs.info.apple.com/article.html?artnum=305391>\n\n### Acknowledgements\n\nThis issue is addressed in MIT krb5 Security Advisory 2006-002. MIT credits Andrew Korty from Indiana University for reporting this issue.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-6143](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-6143>) \n---|--- \n**Severity Metric:** | 20.93 \n**Date Public:** | 2007-01-09 \n**Date First Published:** | 2007-01-09 \n**Date Last Updated: ** | 2007-05-10 14:42 UTC \n**Document Revision: ** | 55 \n", "modified": "2007-05-10T14:42:00", "published": "2007-01-09T00:00:00", "id": "VU:481564", "href": "https://www.kb.cert.org/vuls/id/481564", "type": "cert", "title": "Kerberos administration daemon fails to properly initialize function pointers", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:57:43", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "description": "Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute code in kadmind.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2007-01-10T12:52:57", "published": "2007-01-10T12:52:57", "id": "SUSE-SA:2007:004", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-01/msg00019.html", "type": "suse", "title": "remote denial of service in krb5", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3084", "CVE-2006-6143"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2007-01-09T22:09:07", "published": "2007-01-09T22:09:07", "id": "FEDORA:L09M97NI030735", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.3", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6143", "CVE-2006-6144"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2007-01-09T22:08:27", "published": "2007-01-09T22:08:27", "id": "FEDORA:L09M8RXR030552", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: krb5-1.5-13", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3084", "CVE-2006-6143", "CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2007-04-03T20:14:48", "published": "2007-04-03T20:14:48", "id": "FEDORA:L33KEM7F031094", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.4", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3084", "CVE-2006-6143", "CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2798"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2007-06-28T13:30:51", "published": "2007-06-28T13:30:51", "id": "FEDORA:L5SDUP1B005917", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.5", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:33", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6144", "CVE-2006-6143"], "edition": 1, "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. \n\n### Description\n\nThe Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to free an uninitialized pointer. \n\n### Impact\n\nA remote attacker may be able to crash an affected application, or potentially execute arbitrary code with root privileges. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.5.2\"", "modified": "2007-01-24T00:00:00", "published": "2007-01-24T00:00:00", "id": "GLSA-200701-21", "href": "https://security.gentoo.org/glsa/200701-21", "type": "gentoo", "title": "MIT Kerberos 5: Arbitrary Remote Code Execution", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}