ID OPENVAS:831201 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2017-12-25T00:00:00
Description
Check for the Version of krb5
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for krb5 MDVSA-2010:202 (krb5)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "A vulnerability was discovered and corrected in krb5:
The merge_authdata function in kdc_authdata.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does
not properly manage an index into an authorization-data list, which
allows remote attackers to cause a denial of service (daemon crash),
or possibly obtain sensitive information, spoof authorization,
or execute arbitrary code, via a TGS request, as demonstrated by a
request from a Windows Active Directory client (CVE-2010-1322).
The updated packages have been patched to correct this issue.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "krb5 on Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-10/msg00023.php");
script_id(831201);
script_version("$Revision: 8243 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_xref(name: "MDVSA", value: "2010:202");
script_cve_id("CVE-2010-1322");
script_name("Mandriva Update for krb5 MDVSA-2010:202 (krb5)");
script_tag(name: "summary" , value: "Check for the Version of krb5");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"krb5", rpm:"krb5~1.8.1~5.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"krb5-pkinit-openssl", rpm:"krb5-pkinit-openssl~1.8.1~5.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"krb5-server", rpm:"krb5-server~1.8.1~5.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"krb5-server-ldap", rpm:"krb5-server-ldap~1.8.1~5.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"krb5-workstation", rpm:"krb5-workstation~1.8.1~5.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkrb53", rpm:"libkrb53~1.8.1~5.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libkrb53-devel", rpm:"libkrb53-devel~1.8.1~5.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64krb53", rpm:"lib64krb53~1.8.1~5.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64krb53-devel", rpm:"lib64krb53-devel~1.8.1~5.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:831201", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for krb5 MDVSA-2010:202 (krb5)", "description": "Check for the Version of krb5", "published": "2010-10-19T00:00:00", "modified": "2017-12-25T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831201", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["2010:202", "http://lists.mandriva.com/security-announce/2010-10/msg00023.php"], "cvelist": ["CVE-2010-1322"], "lastseen": "2018-01-02T10:54:10", "viewCount": 0, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2018-01-02T10:54:10", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1322"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24853", "SECURITYVULNS:VULN:11182"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122250", "OPENVAS:1361412562310863620", "OPENVAS:1361412562310840514", "OPENVAS:1361412562310831232", "OPENVAS:840514", "OPENVAS:1361412562310862596", "OPENVAS:1361412562310831201", "OPENVAS:831232", "OPENVAS:863620", "OPENVAS:862596"]}, {"type": "redhat", "idList": ["RHSA-2010:0863"]}, {"type": "nessus", "idList": ["UBUNTU_USN-999-1.NASL", "GENTOO_GLSA-201201-13.NASL", "MANDRIVA_MDVSA-2010-202.NASL", "REDHAT-RHSA-2010-0863.NASL", "FEDORA_2010-15803.NASL", "SUSE_11_3_KRB5-101006.NASL", "SOLARIS11_KERBEROS_20130924_2.NASL", "SL_20101110_KRB5_ON_SL6_X.NASL"]}, {"type": "ubuntu", "idList": ["USN-999-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0200"]}, {"type": "gentoo", "idList": ["GLSA-201201-13"]}], "modified": "2018-01-02T10:54:10", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "831201", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDVSA-2010:202 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in krb5:\n\n The merge_authdata function in kdc_authdata.c in the Key Distribution\n Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does\n not properly manage an index into an authorization-data list, which\n allows remote attackers to cause a denial of service (daemon crash),\n or possibly obtain sensitive information, spoof authorization,\n or execute arbitrary code, via a TGS request, as demonstrated by a\n request from a Windows Active Directory client (CVE-2010-1322).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-10/msg00023.php\");\n script_id(831201);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:202\");\n script_cve_id(\"CVE-2010-1322\");\n script_name(\"Mandriva Update for krb5 MDVSA-2010:202 (krb5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:44:57", "description": "The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.", "edition": 5, "cvss3": {}, "published": "2010-10-07T21:00:00", "title": "CVE-2010-1322", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1322"], "modified": "2020-01-21T15:46:00", "cpe": ["cpe:/a:mit:kerberos_5:1.8.2", "cpe:/a:mit:kerberos_5:1.8", "cpe:/a:mit:kerberos_5:1.8.3", "cpe:/a:mit:kerberos_5:1.8.1"], "id": "CVE-2010-1322", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1322", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-1322"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nMITKRB5-SA-2010-006\r\n\r\nMIT krb5 Security Advisory 2010-006\r\nOriginal release: 2010-10-05\r\n\r\nTopic: KDC uninitialized pointer crash in authorization data handling\r\n\r\nCVE-2010-1322\r\n\r\nCVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C/E:H/RL:OF/RC:C\r\n\r\nCVSSv2 Base Score: 8\r\n\r\nAccess Vector: Network\r\nAccess Complexity: Low\r\nAuthentication: Single\r\nConfidentiality Impact: Partial\r\nIntegrity Impact: Partial\r\nAvailability Impact: Complete\r\n\r\nCVSSv2 Temporal Score: 7\r\n\r\nExploitability: High\r\nRemediation Level: Official Fix\r\nReport Confidence: Confirmed\r\n\r\nSUMMARY\r\n=======\r\n\r\nWhen the MIT krb5 KDC receives certain Kerberos TGS request messages,\r\nit may dereference an uninitialized pointer while processing\r\nauthorization data, causing a crash, or in rare cases, unauthorized\r\ninformation disclosure, ticket modification, or execution of arbitrary\r\ncode. The crash may be triggered by legitimate requests.\r\n\r\nThis is an implementation vulnerability in MIT krb5, and not a\r\nvulnerability in the Kerberos protocol.\r\n\r\nIMPACT\r\n======\r\n\r\nAn authenticated remote attacker can cause the MIT krb5 KDC process to\r\ncrash, resulting in a denial of service. In rare cases, the attacker\r\ncan theoretically induce unauthorized information disclosure, ticket\r\nmodification, or the execution of arbitrary code.\r\n\r\nThe denial of service may be triggered by legitimate requests produced\r\nby Windows Active Directory clients. No exploit code is known to\r\nexist that would cause information disclosure, ticket modification, or\r\narbitrary code execution.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* KDC in MIT krb5-1.8 through krb5-1.8.3\r\n\r\n* Earlier releases of MIT krb5 did not contain the vulnerable code.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.8.4 release will contain a fix for this\r\n vulnerability.\r\n\r\n* Apply the following patch. The patch was generated against\r\n krb5-1.8.3.\r\n\r\ndiff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c\r\nindex b5de64d..cc44e29 100644\r\n- --- a/src/kdc/kdc_authdata.c\r\n+++ b/src/kdc/kdc_authdata.c\r\n@@ -495,7 +495,7 @@ merge_authdata (krb5_context context,\r\n krb5_boolean copy,\r\n krb5_boolean ignore_kdc_issued)\r\n {\r\n- - size_t i, nadata = 0;\r\n+ size_t i, j, nadata = 0;\r\n krb5_authdata **authdata = *out_authdata;\r\n \r\n if (in_authdata == NULL || in_authdata[0] == NULL)\r\n@@ -529,16 +529,16 @@ merge_authdata (krb5_context context,\r\n in_authdata = tmp;\r\n }\r\n \r\n- - for (i = 0; in_authdata[i] != NULL; i++) {\r\n+ for (i = 0, j = 0; in_authdata[i] != NULL; i++) {\r\n if (ignore_kdc_issued &&\r\n is_kdc_issued_authdatum(context, in_authdata[i], 0)) {\r\n free(in_authdata[i]->contents);\r\n free(in_authdata[i]);\r\n } else\r\n- - authdata[nadata + i] = in_authdata[i];\r\n+ authdata[nadata + j++] = in_authdata[i];\r\n }\r\n \r\n- - authdata[nadata + i] = NULL;\r\n+ authdata[nadata + j] = NULL;\r\n \r\n free(in_authdata);\r\n \r\n\r\n This patch is also available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2010-006-patch.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2010-006-patch.txt.asc\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement is posted at:\r\n\r\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVSSv2:\r\n\r\n http://www.first.org/cvss/cvss-guide.html\r\n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\r\n\r\nCVE: CVE-2010-1322\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1322\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Mike Roszkowski for reporting this vulnerability, providing\r\na patch, and helping with analysis. Thanks to Pavel Jindra and\r\nRadoslav Bodo for additional testing.\r\n\r\nCONTACT\r\n=======\r\n\r\nThe MIT Kerberos Team security contact address is\r\n<krbcore-security@mit.edu>. When sending sensitive information,\r\nplease PGP-encrypt it using the following key:\r\n\r\npub 2048R/8B8DF501 2010-01-15 [expires: 2011-02-01]\r\nuid MIT Kerberos Team Security Contact <krbcore-security@mit.edu>\r\n\r\nDETAILS\r\n=======\r\n\r\nIn the function merge_authdata() in kdc_authdata.c, a loop that\r\nattempts to exclude KDC-issued authorization data items when merging\r\ntwo authorization data lists will advance the destination index\r\ninappropriately when filtering out such an item. As a result, that\r\nentry in the destination list will be an uninitialized pointer.\r\n\r\nSubsequent operations on the resulting authorization data list can\r\ndereference that uninitialized pointer, typically causing a crash. It\r\nis theoretically possible that an attacker could manipulate the\r\ncontents of the heap so that the uninitialized pointer points to a\r\nvalid address, allowing unauthorized information disclosure,\r\nmanipulation of the authorization data in the resulting ticket, or a\r\nsubsequent free of that pointer. It is theoretically possible that an\r\nattacker inducing the freeing of a chosen pointer could corrupt the\r\nheap and execute arbitrary code.\r\n\r\nWindows Active Directory clients can produce TGS requests that trigger\r\nthis vulnerability fairly consistently.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2010-10-05 original release\r\n\r\nCopyright (C) 2010 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 (SunOS)\r\n\r\niEYEARECAAYFAkyrdcEACgkQSO8fWy4vZo5QVQCfbvzBA0Mx+CLktnrWgyphhQaZ\r\n9TkAoJHEC0Nm1kt3MDP4MeFf7kjgM/OS\r\n=aEOG\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-10-06T00:00:00", "published": "2010-10-06T00:00:00", "id": "SECURITYVULNS:DOC:24853", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24853", "title": "MITKRB5-SA-2010-006 [CVE-2010-1322] KDC uninitialized pointer crash in authorization data handling", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-1322"], "description": "Uninitialized pointer dereferense on TGS request processing.", "edition": 1, "modified": "2010-10-06T00:00:00", "published": "2010-10-06T00:00:00", "id": "SECURITYVULNS:VULN:11182", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11182", "title": "MIT Kerberos 5 uninitialized pointer", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-19T15:04:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "description": "Check for the Version of krb5", "modified": "2018-01-18T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310831232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831232", "type": "openvas", "title": "Mandriva Update for krb5 MDVSA-2010:202-1 (krb5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDVSA-2010:202-1 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in krb5:\n\n The merge_authdata function in kdc_authdata.c in the Key Distribution\n Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does\n not properly manage an index into an authorization-data list, which\n allows remote attackers to cause a denial of service (daemon crash),\n or possibly obtain sensitive information, spoof authorization,\n or execute arbitrary code, via a TGS request, as demonstrated by a\n request from a Windows Active Directory client (CVE-2010-1322).\n \n The updated packages have been patched to correct this issue.\n \n Update:\n \n Update packages for MES5 were missing with the MDVSA-2010:202\n advisory. This advisory provides the update packages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"krb5 on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00001.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831232\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:202-1\");\n script_cve_id(\"CVE-2010-1322\");\n script_name(\"Mandriva Update for krb5 MDVSA-2010:202-1 (krb5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-25T10:54:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "description": "Check for the Version of krb5", "modified": "2018-01-24T00:00:00", "published": "2010-10-19T00:00:00", "id": "OPENVAS:1361412562310831201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831201", "type": "openvas", "title": "Mandriva Update for krb5 MDVSA-2010:202 (krb5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDVSA-2010:202 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in krb5:\n\n The merge_authdata function in kdc_authdata.c in the Key Distribution\n Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does\n not properly manage an index into an authorization-data list, which\n allows remote attackers to cause a denial of service (daemon crash),\n or possibly obtain sensitive information, spoof authorization,\n or execute arbitrary code, via a TGS request, as demonstrated by a\n request from a Windows Active Directory client (CVE-2010-1322).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-10/msg00023.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831201\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:202\");\n script_cve_id(\"CVE-2010-1322\");\n script_name(\"Mandriva Update for krb5 MDVSA-2010:202 (krb5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.8.1~5.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "description": "Check for the Version of krb5", "modified": "2018-01-10T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:1361412562310862596", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862596", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2010-15803", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2010-15803\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 14\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049336.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862596\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-15803\");\n script_cve_id(\"CVE-2010-1322\");\n script_name(\"Fedora Update for krb5 FEDORA-2010-15803\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.8.2~6.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:53:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-999-1", "modified": "2017-12-27T00:00:00", "published": "2010-10-19T00:00:00", "id": "OPENVAS:1361412562310840514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840514", "type": "openvas", "title": "Ubuntu Update for krb5 vulnerability USN-999-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_999_1.nasl 8250 2017-12-27 07:29:15Z teissa $\n#\n# Ubuntu Update for krb5 vulnerability USN-999-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mike Roszkowski discovered that the Kerberos KDC did not correctly\n validate the contents of certain messages. If an authenticated remote\n attacker sent specially crafted TGS requests, the KDC service would crash,\n leading to a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-999-1\";\ntag_affected = \"krb5 vulnerability on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-999-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840514\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_xref(name: \"USN\", value: \"999-1\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-1322\");\n script_name(\"Ubuntu Update for krb5 vulnerability USN-999-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-multidev\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit7\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5srv-mit7\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-4\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-999-1", "modified": "2017-12-01T00:00:00", "published": "2010-10-19T00:00:00", "id": "OPENVAS:840514", "href": "http://plugins.openvas.org/nasl.php?oid=840514", "type": "openvas", "title": "Ubuntu Update for krb5 vulnerability USN-999-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_999_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for krb5 vulnerability USN-999-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mike Roszkowski discovered that the Kerberos KDC did not correctly\n validate the contents of certain messages. If an authenticated remote\n attacker sent specially crafted TGS requests, the KDC service would crash,\n leading to a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-999-1\";\ntag_affected = \"krb5 vulnerability on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-999-1/\");\n script_id(840514);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_xref(name: \"USN\", value: \"999-1\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-1322\");\n script_name(\"Ubuntu Update for krb5 vulnerability USN-999-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-multidev\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssapi-krb5-2\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgssrpc4\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libk5crypto3\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5clnt-mit7\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm5srv-mit7\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkdb5-4\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-3\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5support0\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc-ldap\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-pkinit\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.8.1+dfsg-2ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "description": "Check for the Version of krb5", "modified": "2017-12-21T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:831232", "href": "http://plugins.openvas.org/nasl.php?oid=831232", "type": "openvas", "title": "Mandriva Update for krb5 MDVSA-2010:202-1 (krb5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDVSA-2010:202-1 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in krb5:\n\n The merge_authdata function in kdc_authdata.c in the Key Distribution\n Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does\n not properly manage an index into an authorization-data list, which\n allows remote attackers to cause a denial of service (daemon crash),\n or possibly obtain sensitive information, spoof authorization,\n or execute arbitrary code, via a TGS request, as demonstrated by a\n request from a Windows Active Directory client (CVE-2010-1322).\n \n The updated packages have been patched to correct this issue.\n \n Update:\n \n Update packages for MES5 were missing with the MDVSA-2010:202\n advisory. This advisory provides the update packages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"krb5 on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00001.php\");\n script_id(831232);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:202-1\");\n script_cve_id(\"CVE-2010-1322\");\n script_name(\"Mandriva Update for krb5 MDVSA-2010:202-1 (krb5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.8.1~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:57:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "description": "Check for the Version of krb5", "modified": "2017-12-18T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862596", "href": "http://plugins.openvas.org/nasl.php?oid=862596", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2010-15803", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2010-15803\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 14\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049336.html\");\n script_id(862596);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-15803\");\n script_cve_id(\"CVE-2010-1322\");\n script_name(\"Fedora Update for krb5 FEDORA-2010-15803\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.8.2~6.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1324", "CVE-2010-4020", "CVE-2011-0281", "CVE-2010-1322", "CVE-2011-0282", "CVE-2010-1323", "CVE-2010-4022"], "description": "Oracle Linux Local Security Checks ELSA-2011-0200", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122250", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122250", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0200", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0200.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122250\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:15:28 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0200\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0200 - krb5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0200\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0200.html\");\n script_cve_id(\"CVE-2010-1322\", \"CVE-2010-1323\", \"CVE-2010-1324\", \"CVE-2010-4020\", \"CVE-2010-4022\", \"CVE-2011-0281\", \"CVE-2011-0282\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.8.2~3.el6_0.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.8.2~3.el6_0.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-pkinit-openssl\", rpm:\"krb5-pkinit-openssl~1.8.2~3.el6_0.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.8.2~3.el6_0.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.8.2~3.el6_0.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.8.2~3.el6_0.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1529", "CVE-2011-4151", "CVE-2011-0285", "CVE-2010-1324", "CVE-2010-4020", "CVE-2011-0281", "CVE-2010-1322", "CVE-2011-1528", "CVE-2011-0282", "CVE-2011-1527", "CVE-2011-0284", "CVE-2010-1323", "CVE-2010-4022"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-11-18T00:00:00", "id": "OPENVAS:1361412562310863620", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863620", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2011-14650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2011-14650\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069381.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863620\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-18 09:44:21 +0530 (Fri, 18 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-14650\");\n script_cve_id(\"CVE-2011-1527\", \"CVE-2011-1528\", \"CVE-2011-1529\", \"CVE-2010-1322\",\n \"CVE-2011-0285\", \"CVE-2011-0284\", \"CVE-2010-4022\", \"CVE-2011-0281\",\n \"CVE-2011-0282\", \"CVE-2010-1323\", \"CVE-2010-1324\", \"CVE-2010-4020\",\n \"CVE-2011-4151\");\n script_name(\"Fedora Update for krb5 FEDORA-2011-14650\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'krb5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"krb5 on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.8.4~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1529", "CVE-2011-4151", "CVE-2011-0285", "CVE-2010-1324", "CVE-2010-4020", "CVE-2011-0281", "CVE-2010-1322", "CVE-2011-1528", "CVE-2011-0282", "CVE-2011-1527", "CVE-2011-0284", "CVE-2010-1323", "CVE-2010-4022"], "description": "Check for the Version of krb5", "modified": "2017-07-10T00:00:00", "published": "2011-11-18T00:00:00", "id": "OPENVAS:863620", "href": "http://plugins.openvas.org/nasl.php?oid=863620", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2011-14650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2011-14650\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 14\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069381.html\");\n script_id(863620);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-18 09:44:21 +0530 (Fri, 18 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-14650\");\n script_cve_id(\"CVE-2011-1527\", \"CVE-2011-1528\", \"CVE-2011-1529\", \"CVE-2010-1322\",\n \"CVE-2011-0285\", \"CVE-2011-0284\", \"CVE-2010-4022\", \"CVE-2011-0281\",\n \"CVE-2011-0282\", \"CVE-2010-1323\", \"CVE-2010-1324\", \"CVE-2010-4020\",\n \"CVE-2011-4151\");\n script_name(\"Fedora Update for krb5 FEDORA-2011-14650\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.8.4~3.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:28", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1322"], "description": "Kerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT Kerberos KDC\nhandled TGS (Ticket-granting Server) request messages. A remote,\nauthenticated attacker could use this flaw to crash the KDC or, possibly,\ndisclose KDC memory or execute arbitrary code with the privileges of the\nKDC (krb5kdc). (CVE-2010-1322)\n\nRed Hat would like to thank the MIT Kerberos Team for reporting this issue.\nUpstream acknowledges Mike Roszkowski as the original reporter.\n\nAll krb5 users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. After installing the updated\npackages, the krb5kdc daemon will be restarted automatically.\n", "modified": "2018-06-06T20:24:21", "published": "2010-11-10T05:00:00", "id": "RHSA-2010:0863", "href": "https://access.redhat.com/errata/RHSA-2010:0863", "type": "redhat", "title": "(RHSA-2010:0863) Important: krb5 security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1322"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2010-10-14T14:11:34", "published": "2010-10-14T14:11:34", "id": "FEDORA:6C075110E37", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: krb5-1.8.2-6.fc14", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1322", "CVE-2010-1323", "CVE-2010-1324", "CVE-2010-4020", "CVE-2010-4022", "CVE-2011-0281", "CVE-2011-0282", "CVE-2011-0284", "CVE-2011-0285", "CVE-2011-1527", "CVE-2011-1528", "CVE-2011-1529"], "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "modified": "2011-11-16T00:32:59", "published": "2011-11-16T00:32:59", "id": "FEDORA:ACB9021214", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: krb5-1.8.4-3.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:24", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1322"], "description": "Mike Roszkowski discovered that the Kerberos KDC did not correctly \nvalidate the contents of certain messages. If an authenticated remote \nattacker sent specially crafted TGS requests, the KDC service would crash, \nleading to a denial of service.", "edition": 5, "modified": "2010-10-05T00:00:00", "published": "2010-10-05T00:00:00", "id": "USN-999-1", "href": "https://ubuntu.com/security/notices/USN-999-1", "title": "Kerberos vulnerability", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T14:07:34", "description": "remote authenticated clients could crash the kdc (CVE-2010-1322).", "edition": 22, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : krb5 (openSUSE-SU-2010:0709-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-server", "p-cpe:/a:novell:opensuse:krb5-client", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5"], "id": "SUSE_11_3_KRB5-101006.NASL", "href": "https://www.tenable.com/plugins/nessus/75558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update krb5-3259.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75558);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1322\");\n\n script_name(english:\"openSUSE Security Update : krb5 (openSUSE-SU-2010:0709-1)\");\n script_summary(english:\"Check for the krb5-3259 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"remote authenticated clients could crash the kdc (CVE-2010-1322).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=640990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-10/msg00006.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"krb5-1.8.1-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"krb5-client-1.8.1-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"krb5-devel-1.8.1-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"krb5-plugin-kdb-ldap-1.8.1-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"krb5-plugin-preauth-pkinit-1.8.1-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"krb5-server-1.8.1-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"krb5-32bit-1.8.1-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.8.1-5.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5 / krb5-32bit / krb5-client / krb5-devel / krb5-devel-32bit / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:45:15", "description": "An uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled TGS (Ticket-granting Server) request messages. A\nremote, authenticated attacker could use this flaw to crash the KDC\nor, possibly, disclose KDC memory or execute arbitrary code with the\nprivileges of the KDC (krb5kdc). (CVE-2010-1322)\n\nAfter installing the updated packages, the krb5kdc daemon will be\nrestarted automatically.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : krb5 on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101110_KRB5_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60894);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1322\");\n\n script_name(english:\"Scientific Linux Security Update : krb5 on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled TGS (Ticket-granting Server) request messages. A\nremote, authenticated attacker could use this flaw to crash the KDC\nor, possibly, disclose KDC memory or execute arbitrary code with the\nprivileges of the KDC (krb5kdc). (CVE-2010-1322)\n\nAfter installing the updated packages, the krb5kdc daemon will be\nrestarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=2219\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c92b6482\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"krb5-devel-1.8.2-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-libs-1.8.2-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-pkinit-openssl-1.8.2-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-server-1.8.2-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-server-ldap-1.8.2-3.el6_0.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"krb5-workstation-1.8.2-3.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:50", "description": "A vulnerability was discovered and corrected in krb5 :\n\nThe merge_authdata function in kdc_authdata.c in the Key Distribution\nCenter (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not\nproperly manage an index into an authorization-data list, which allows\nremote attackers to cause a denial of service (daemon crash), or\npossibly obtain sensitive information, spoof authorization, or execute\narbitrary code, via a TGS request, as demonstrated by a request from a\nWindows Active Directory client (CVE-2010-1322).\n\nThe updated packages have been patched to correct this issue.", "edition": 25, "published": "2010-10-14T00:00:00", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2010:202)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "modified": "2010-10-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:krb5-pkinit-openssl", "p-cpe:/a:mandriva:linux:libkrb53", "p-cpe:/a:mandriva:linux:krb5-server", "p-cpe:/a:mandriva:linux:krb5-server-ldap", "p-cpe:/a:mandriva:linux:krb5", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:lib64krb53", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libkrb53-devel"], "id": "MANDRIVA_MDVSA-2010-202.NASL", "href": "https://www.tenable.com/plugins/nessus/49972", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:202. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49972);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1322\");\n script_bugtraq_id(43756);\n script_xref(name:\"MDVSA\", value:\"2010:202\");\n\n script_name(english:\"Mandriva Linux Security Advisory : krb5 (MDVSA-2010:202)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in krb5 :\n\nThe merge_authdata function in kdc_authdata.c in the Key Distribution\nCenter (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not\nproperly manage an index into an authorization-data list, which allows\nremote attackers to cause a denial of service (daemon crash), or\npossibly obtain sensitive information, spoof authorization, or execute\narbitrary code, via a TGS request, as demonstrated by a request from a\nWindows Active Directory client (CVE-2010-1322).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"krb5-1.8.1-5.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"krb5-pkinit-openssl-1.8.1-5.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"krb5-server-1.8.1-5.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"krb5-server-ldap-1.8.1-5.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"krb5-workstation-1.8.1-5.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64krb53-1.8.1-5.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.8.1-5.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkrb53-1.8.1-5.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libkrb53-devel-1.8.1-5.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:09", "description": "This update incorporates the upstream patch to fix an uninitialized\npointer crash in the KDC's authorization data handling routines\n(CVE-2010-1322). It also pulls up a few backports and compilation flag\nchanges from F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-10-15T00:00:00", "title": "Fedora 14 : krb5-1.8.2-6.fc14 (2010-15803)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "modified": "2010-10-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:krb5"], "id": "FEDORA_2010-15803.NASL", "href": "https://www.tenable.com/plugins/nessus/49988", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-15803.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49988);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1322\");\n script_bugtraq_id(43756);\n script_xref(name:\"FEDORA\", value:\"2010-15803\");\n\n script_name(english:\"Fedora 14 : krb5-1.8.2-6.fc14 (2010-15803)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates the upstream patch to fix an uninitialized\npointer crash in the KDC's authorization data handling routines\n(CVE-2010-1322). It also pulls up a few backports and compilation flag\nchanges from F15.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=636335\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049336.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b00aca3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"krb5-1.8.2-6.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T07:42:05", "description": "Mike Roszkowski discovered that the Kerberos KDC did not correctly\nvalidate the contents of certain messages. If an authenticated remote\nattacker sent specially crafted TGS requests, the KDC service would\ncrash, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2010-10-06T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 : krb5 vulnerability (USN-999-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg", "p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:libk5crypto3", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-3", "p-cpe:/a:canonical:ubuntu_linux:krb5-doc", "p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:krb5-multidev", "p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit7", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:libkadm5srv-mit7", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:libgssrpc4", "p-cpe:/a:canonical:ubuntu_linux:libkdb5-4", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev", "p-cpe:/a:canonical:ubuntu_linux:libkrb5support0", "p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit"], "id": "UBUNTU_USN-999-1.NASL", "href": "https://www.tenable.com/plugins/nessus/49772", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-999-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49772);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-1322\");\n script_bugtraq_id(43756);\n script_xref(name:\"USN\", value:\"999-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 : krb5 vulnerability (USN-999-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mike Roszkowski discovered that the Kerberos KDC did not correctly\nvalidate the contents of certain messages. If an authenticated remote\nattacker sent specially crafted TGS requests, the KDC service would\ncrash, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/999-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-multidev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssrpc4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libk5crypto3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5srv-mit7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdb5-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5support0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-doc\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-kdc\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-multidev\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-pkinit\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"krb5-user\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libgssapi-krb5-2\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libgssrpc4\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libk5crypto3\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libkadm5clnt-mit7\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libkadm5srv-mit7\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libkdb5-4\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libkrb5-3\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libkrb5-dbg\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libkrb5support0\", pkgver:\"1.8.1+dfsg-2ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"krb5-doc\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"krb5-kdc\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"krb5-kdc-ldap\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"krb5-multidev\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"krb5-pkinit\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"krb5-user\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libgssapi-krb5-2\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libgssrpc4\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libk5crypto3\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkadm5clnt-mit7\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkadm5srv-mit7\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkdb5-4\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkrb5-3\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkrb5-dbg\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libkrb5support0\", pkgver:\"1.8.1+dfsg-5ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-doc / krb5-kdc / krb5-kdc-ldap / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:08:30", "description": "Updated krb5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled TGS (Ticket-granting Server) request messages. A\nremote, authenticated attacker could use this flaw to crash the KDC\nor, possibly, disclose KDC memory or execute arbitrary code with the\nprivileges of the KDC (krb5kdc). (CVE-2010-1322)\n\nRed Hat would like to thank the MIT Kerberos Team for reporting this\nissue. Upstream acknowledges Mike Roszkowski as the original reporter.\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, the krb5kdc daemon will be restarted automatically.", "edition": 27, "published": "2010-11-18T00:00:00", "title": "RHEL 6 : krb5 (RHSA-2010:0863)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1322"], "modified": "2010-11-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "p-cpe:/a:redhat:enterprise_linux:krb5-pkinit-openssl", "p-cpe:/a:redhat:enterprise_linux:krb5-server", "p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0", "p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo"], "id": "REDHAT-RHSA-2010-0863.NASL", "href": "https://www.tenable.com/plugins/nessus/50635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0863. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50635);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1322\");\n script_bugtraq_id(43756);\n script_xref(name:\"RHSA\", value:\"2010:0863\");\n\n script_name(english:\"RHEL 6 : krb5 (RHSA-2010:0863)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other using symmetric encryption and a\ntrusted third party, the Key Distribution Center (KDC).\n\nAn uninitialized pointer use flaw was found in the way the MIT\nKerberos KDC handled TGS (Ticket-granting Server) request messages. A\nremote, authenticated attacker could use this flaw to crash the KDC\nor, possibly, disclose KDC memory or execute arbitrary code with the\nprivileges of the KDC (krb5kdc). (CVE-2010-1322)\n\nRed Hat would like to thank the MIT Kerberos Team for reporting this\nissue. Upstream acknowledges Mike Roszkowski as the original reporter.\n\nAll krb5 users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, the krb5kdc daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0863\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0863\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"krb5-debuginfo-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"krb5-devel-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"krb5-libs-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"krb5-pkinit-openssl-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"krb5-pkinit-openssl-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"krb5-pkinit-openssl-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"krb5-server-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"krb5-server-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"krb5-server-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"krb5-server-ldap-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"krb5-workstation-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"krb5-workstation-1.8.2-3.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"krb5-workstation-1.8.2-3.el6_0.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit-openssl / etc\");\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:01:01", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The merge_authdata function in kdc_authdata.c in the Key\n Distribution Center (KDC) in MIT Kerberos 5 (aka krb5)\n 1.8.x before 1.8.4 does not properly manage an index\n into an authorization-data list, which allows remote\n attackers to cause a denial of service (daemon crash),\n or possibly obtain sensitive information, spoof\n authorization, or execute arbitrary code, via a TGS\n request that triggers an uninitialized pointer\n dereference, as demonstrated by a request from a Windows\n Active Directory client. (CVE-2010-1322)\n\n - MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x,\n 1.7.x, and 1.8.x through 1.8.3 does not properly\n determine the acceptability of checksums, which might\n allow remote attackers to modify user-visible prompt\n text, modify a response to a Key Distribution Center\n (KDC), or forge a KRB-SAFE message via certain checksums\n that (1) are unkeyed or (2) use RC4 keys.\n (CVE-2010-1323)\n\n - MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3\n does not properly determine the acceptability of\n checksums, which might allow remote attackers to forge\n GSS tokens, gain privileges, or have unspecified other\n impact via (1) an unkeyed checksum, (2) an unkeyed PAC\n checksum, or (3) a KrbFastArmoredReq checksum based on\n an RC4 key. (CVE-2010-1324)\n\n - MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not\n reject RC4 key-derivation checksums, which might allow\n remote authenticated users to forge a (1) AD-SIGNEDPATH\n or (2) AD-KDC-ISSUED signature, and possibly gain\n privileges, by leveraging the small key space that\n results from certain one-byte stream-cipher operations.\n (CVE-2010-4020)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka\n krb5) 1.7 does not properly restrict the use of TGT\n credentials for armoring TGS requests, which might allow\n remote authenticated users to impersonate a client by\n rewriting an inner request, aka a 'KrbFastReq forgery\n issue.' (CVE-2010-4021)\n\n - Double free vulnerability in the prepare_error_as\n function in do_as_req.c in the Key Distribution Center\n (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when\n the PKINIT feature is enabled, allows remote attackers\n to cause a denial of service (daemon crash) or possibly\n execute arbitrary code via an e_data field containing\n typed data. (CVE-2011-0284)", "edition": 26, "cvss3": {"score": 6.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : kerberos (cve_2010_1322_improper_input)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1324", "CVE-2010-4020", "CVE-2010-4021", "CVE-2010-1322", "CVE-2011-0284", "CVE-2010-1323"], "modified": "2015-01-19T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:kerberos"], "id": "SOLARIS11_KERBEROS_20130924_2.NASL", "href": "https://www.tenable.com/plugins/nessus/80653", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80653);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1322\", \"CVE-2010-1323\", \"CVE-2010-1324\", \"CVE-2010-4020\", \"CVE-2010-4021\", \"CVE-2011-0284\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : kerberos (cve_2010_1322_improper_input)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The merge_authdata function in kdc_authdata.c in the Key\n Distribution Center (KDC) in MIT Kerberos 5 (aka krb5)\n 1.8.x before 1.8.4 does not properly manage an index\n into an authorization-data list, which allows remote\n attackers to cause a denial of service (daemon crash),\n or possibly obtain sensitive information, spoof\n authorization, or execute arbitrary code, via a TGS\n request that triggers an uninitialized pointer\n dereference, as demonstrated by a request from a Windows\n Active Directory client. (CVE-2010-1322)\n\n - MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x,\n 1.7.x, and 1.8.x through 1.8.3 does not properly\n determine the acceptability of checksums, which might\n allow remote attackers to modify user-visible prompt\n text, modify a response to a Key Distribution Center\n (KDC), or forge a KRB-SAFE message via certain checksums\n that (1) are unkeyed or (2) use RC4 keys.\n (CVE-2010-1323)\n\n - MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3\n does not properly determine the acceptability of\n checksums, which might allow remote attackers to forge\n GSS tokens, gain privileges, or have unspecified other\n impact via (1) an unkeyed checksum, (2) an unkeyed PAC\n checksum, or (3) a KrbFastArmoredReq checksum based on\n an RC4 key. (CVE-2010-1324)\n\n - MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not\n reject RC4 key-derivation checksums, which might allow\n remote authenticated users to forge a (1) AD-SIGNEDPATH\n or (2) AD-KDC-ISSUED signature, and possibly gain\n privileges, by leveraging the small key space that\n results from certain one-byte stream-cipher operations.\n (CVE-2010-4020)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka\n krb5) 1.7 does not properly restrict the use of TGT\n credentials for armoring TGS requests, which might allow\n remote authenticated users to impersonate a client by\n rewriting an inner request, aka a 'KrbFastReq forgery\n issue.' (CVE-2010-4021)\n\n - Double free vulnerability in the prepare_error_as\n function in do_as_req.c in the Key Distribution Center\n (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when\n the PKINIT feature is enabled, allows remote attackers\n to cause a denial of service (daemon crash) or possibly\n execute arbitrary code via an e_data field containing\n typed data. (CVE-2011-0284)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2010-1322-improper-input-validation-vulnerability-in-kerberos\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25bd0c00\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2011-0284-resource-management-errors-vulnerability-in-kerberos\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69fd73a2\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-kerberos\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3477b78\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.11.4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:kerberos\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^kerberos-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kerberos\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.11.0.4.0\", sru:\"SRU 11.1.11.4.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : kerberos\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"kerberos\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:53:15", "description": "The remote host is affected by the vulnerability described in GLSA-201201-13\n(MIT Kerberos 5: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the administration daemon or the Key Distribution Center\n (KDC) daemon, cause a Denial of Service condition, or possibly obtain\n sensitive information. Furthermore, a remote attacker may be able to\n spoof Kerberos authorization, modify KDC responses, forge user data\n messages, forge tokens, forge signatures, impersonate a client, modify\n user-visible prompt text, or have other unspecified impact.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "cvss3": {"score": 6.3, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}, "published": "2012-01-24T00:00:00", "title": "GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0283", "CVE-2011-1530", "CVE-2011-1529", "CVE-2011-4151", "CVE-2011-0285", "CVE-2010-1324", "CVE-2010-4020", "CVE-2010-1320", "CVE-2010-0629", "CVE-2011-0283", "CVE-2010-4021", "CVE-2011-0281", "CVE-2010-1322", "CVE-2011-1528", "CVE-2010-1321", "CVE-2009-3295", "CVE-2011-0282", "CVE-2009-4212", "CVE-2011-1527", "CVE-2011-0284", "CVE-2010-1323", "CVE-2010-4022"], "modified": "2012-01-24T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mit-krb5"], "id": "GENTOO_GLSA-201201-13.NASL", "href": "https://www.tenable.com/plugins/nessus/57655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201201-13.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57655);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3295\", \"CVE-2009-4212\", \"CVE-2010-0283\", \"CVE-2010-0629\", \"CVE-2010-1320\", \"CVE-2010-1321\", \"CVE-2010-1322\", \"CVE-2010-1323\", \"CVE-2010-1324\", \"CVE-2010-4020\", \"CVE-2010-4021\", \"CVE-2010-4022\", \"CVE-2011-0281\", \"CVE-2011-0282\", \"CVE-2011-0283\", \"CVE-2011-0284\", \"CVE-2011-0285\", \"CVE-2011-1527\", \"CVE-2011-1528\", \"CVE-2011-1529\", \"CVE-2011-1530\", \"CVE-2011-4151\");\n script_bugtraq_id(37486, 37749, 38260, 39247, 39599, 40235, 43756, 45116, 45117, 45118, 45122, 46265, 46269, 46271, 46272, 46881, 47310, 50273, 50929);\n script_xref(name:\"GLSA\", value:\"201201-13\");\n\n script_name(english:\"GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201201-13\n(MIT Kerberos 5: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the administration daemon or the Key Distribution Center\n (KDC) daemon, cause a Denial of Service condition, or possibly obtain\n sensitive information. Furthermore, a remote attacker may be able to\n spoof Kerberos authorization, modify KDC responses, forge user data\n messages, forge tokens, forge signatures, impersonate a client, modify\n user-visible prompt text, or have other unspecified impact.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201201-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MIT Kerberos 5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.9.2-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mit-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/mit-krb5\", unaffected:make_list(\"ge 1.9.2-r1\"), vulnerable:make_list(\"lt 1.9.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MIT Kerberos 5\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1324", "CVE-2010-4020", "CVE-2011-0281", "CVE-2010-1322", "CVE-2011-0282", "CVE-2010-1323", "CVE-2010-4022"], "description": "[1.8.2-3.4]\n- add upstream patches to fix standalone kpropd exiting if the per-client\n child process exits with an error, and hang or crash in the KDC when using\n the LDAP kdb backend (CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, #671101)\n[1.8.2-3.3]\n- pull up crypto changes made between 1.8.2 and 1.8.3 to fix upstream #6751,\n assumed to already be there for the next fix\n- incorporate candidate patch to fix various issues from MITKRB5-SA-2010-007\n (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, #651962)\n[1.8.2-3.2]\n- fix reading of keyUsage extensions when attempting to select pkinit client\n certs (part of #644825, RT#6775)\n- fix selection of pkinit client certs when one or more don't include a\n subjectAltName extension (part of #644825, RT#6774)\n[1.8.2-3.1]\n- incorporate candidate patch to fix uninitialized pointer crash in the KDC\n (CVE-2010-1322, #636336)", "edition": 4, "modified": "2011-02-10T00:00:00", "published": "2011-02-10T00:00:00", "id": "ELSA-2011-0200", "href": "http://linux.oracle.com/errata/ELSA-2011-0200.html", "title": "krb5 security update", "type": "oraclelinux", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:43", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0283", "CVE-2011-1530", "CVE-2011-1529", "CVE-2011-4151", "CVE-2011-0285", "CVE-2010-1324", "CVE-2010-4020", "CVE-2010-1320", "CVE-2010-0629", "CVE-2011-0283", "CVE-2010-4021", "CVE-2011-0281", "CVE-2010-1322", "CVE-2011-1528", "CVE-2010-1321", "CVE-2009-3295", "CVE-2011-0282", "CVE-2009-4212", "CVE-2011-1527", "CVE-2011-0284", "CVE-2010-1323", "CVE-2010-4022"], "edition": 1, "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the administration daemon or the Key Distribution Center (KDC) daemon, cause a Denial of Service condition, or possibly obtain sensitive information. Furthermore, a remote attacker may be able to spoof Kerberos authorization, modify KDC responses, forge user data messages, forge tokens, forge signatures, impersonate a client, modify user-visible prompt text, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.9.2-r1\"", "modified": "2012-01-23T00:00:00", "published": "2012-01-23T00:00:00", "id": "GLSA-201201-13", "href": "https://security.gentoo.org/glsa/201201-13", "type": "gentoo", "title": "MIT Kerberos 5: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
