Lucene search

Gentoo FoundationMGASA-2020-0169

HistoryApr 15, 2020 - 1:12 p.m.

Updated krb5-appl packages fix security vulnerability

2020-04-1513:12:14

Gentoo Foundation

advisories.mageia.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.833

Percentile

98.5%

JSON

Updated krb5-appl packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server (CVE-2020-10188).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchkrb5-appl< 1.0.3-10.1krb5-appl-1.0.3-10.1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	krb5-appl	< 1.0.3-10.1	krb5-appl-1.0.3-10.1.mga7

References

access.redhat.com/errata/RHSA-2020:1349

bugs.mageia.org/show_bug.cgi?id=26451

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.833

Percentile

98.5%

JSON

Updated krb5-appl packages fix security vulnerability

References

Related