7.5 - RHSA-2005:562

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	krb5 security update

Informations
Name	RHSA-2005:562	First vendor Publication	2005-07-12
Vendor	RedHat	Last vendor Modification	2005-07-12
Severity (Vendor)	Critical	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated krb5 packages which fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other.

A double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Although no exploit is currently known to exist, this issue could potentially be exploited to allow arbitrary code execution on a Key Distribution Center (KDC). The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1689 to this issue.

Daniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of this flaw would lead to a denial of service (crash). To trigger this flaw an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CAN-2005-1175).

Gaël Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CAN-2005-0488).

The rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CAN-2004-0175).

All users of krb5 should update to these erratum packages which contain backported patches to correct these issues. Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159304 - CAN-2005-0488 telnet Information Disclosure Vulnerability 159753 - CAN-2005-1689 double-free in krb5_recvauth 161471 - krb5 krb5_principal_compare NULL pointer crash 161611 - CAN-2004-0175 malicious rsh server can cause rcp to write to arbitrary files 162255 - CAN-2005-1175 krb5 buffer overflow in KDC

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-562.html

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-415	Double Free
50 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10184

Oval ID:	oval:org.mitre.oval:def:10184
Title:	Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
Description:	Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0175	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section krb5-workstation is earlier than 0:1.2.7-47 AND krb5 is earlier than 0:1.2.7-47 AND rsh is earlier than 0:0.17-17.6 AND openssh-askpass is earlier than 0:3.6.1p2-33.30.4 AND krb5-libs is earlier than 0:1.2.7-47 AND rsh-server is earlier than 0:0.17-17.6 AND openssh-server is earlier than 0:3.6.1p2-33.30.4 AND openssh-askpass-gnome is earlier than 0:3.6.1p2-33.30.4 AND openssh is earlier than 0:3.6.1p2-33.30.4 AND krb5-server is earlier than 0:1.2.7-47 AND openssh-clients is earlier than 0:3.6.1p2-33.30.4 AND krb5-devel is earlier than 0:1.2.7-47 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section krb5-workstation is earlier than 0:1.3.4-17 AND krb5 is earlier than 0:1.3.4-17 AND rsh is earlier than 0:0.17-25.3 AND krb5-libs is earlier than 0:1.3.4-17 AND krb5-server is earlier than 0:1.3.4-17 AND rsh-server is earlier than 0:0.17-25.3 AND krb5-devel is earlier than 0:1.3.4-17

Definition Id: oval:org.mitre.oval:def:11373

Oval ID:	oval:org.mitre.oval:def:11373
Title:	Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Description:	Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-0488	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section krb5-workstation is earlier than 0:1.2.7-47 AND krb5 is earlier than 0:1.2.7-47 AND krb5-libs is earlier than 0:1.2.7-47 AND telnet is earlier than 1:0.17-26.EL3.3 AND krb5-server is earlier than 0:1.2.7-47 AND telnet-server is earlier than 1:0.17-26.EL3.3 AND krb5-devel is earlier than 0:1.2.7-47 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section telnet is earlier than 1:0.17-31.EL4.3 AND telnet-server is earlier than 1:0.17-31.EL4.3

Definition Id: oval:org.mitre.oval:def:1139

Oval ID:	oval:org.mitre.oval:def:1139
Title:	Telnet Client Information Disclosure Vulnerability
Description:	Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-0488	Version:	1
Platform(s):	Red Hat Enterprise Linux 3	Product(s):	telnet
Definition Synopsis:
Software section Red Hat Enterprise 3 is installed AND telnet RPM earlier than 1:0.17-20.EL3.3 AND Configuration section /usr/bin/telnet is executable by any user

Definition Id: oval:org.mitre.oval:def:736

Oval ID:	oval:org.mitre.oval:def:736
Title:	MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability
Description:	Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-1175	Version:	2
Platform(s):	Sun Solaris 7 Sun Solaris 8 Sun Solaris 9 Sun Solaris 10	Product(s):	Kerberos
Definition Synopsis:
Solaris 7 (SPARC) meets Sun Alert ID 101809 criteria. Solaris 7 Installed AND sparc architecture AND NOT Patch 112536-06 or later installed OR Solaris 7 (x86) meets Sun Alert ID 101809 criteria. Solaris 7 Installed AND ix86 architecture AND NOT Patch 112537-06 or later installed OR Solaris 8 (SPARC) meets Sun Alert ID 101809 criteria. Solaris 8 Installed AND sparc architecture AND NOT Patch 112237-13 or later installed OR Solaris 8 (x86) meets Sun Alert ID 101809 criteria. Solaris 8 Installed AND ix86 architecture AND NOT Patch 112238-12 or later installed OR Solaris 8 (SPARC) with Supplmental Encryption Packages meets Sun Alert ID 101809 criteria. Solaris 8 Installed AND sparc architecture AND Solaris Supplemental Encryption Packages are installed Pkg SUNWcry (Supplemental Encryption) is installed AND Pkg SUNWcryr (Supplemental Encryption) is installed AND NOT Patch 112390-11 or later installed OR Solaris 8 (x86) with Supplmental Encryption Packages meets Sun Alert ID 101809 criteria. Solaris 8 Installed AND ix86 architecture AND Solaris Supplemental Encryption Packages are installed Pkg SUNWcry (Supplemental Encryption) is installed AND Pkg SUNWcryr (Supplemental Encryption) is installed AND NOT Patch 112240-10 or later installed OR Solaris 9 (SPARC) meets Sun Alert ID 101809 criteria. Solaris 9 Installed AND sparc architecture AND NOT Patch 112908-20 or later installed OR Solaris 9 (x86) meets Sun Alert ID 101809 criteria. Solaris 9 Installed AND ix86 architecture AND NOT Patch 115168-08 or later installed OR Solaris 10 (SPARC) meets Sun Alert ID 101809 criteria. Solaris 10 Installed AND sparc architecture AND NOT Patch 120469-01 or later installed OR Solaris 10 (x86) meets Sun Alert ID 101809 criteria. Solaris 10 Installed AND ix86 architecture AND NOT Patch 120470-01 or later installed

Definition Id: oval:org.mitre.oval:def:9819

Oval ID:	oval:org.mitre.oval:def:9819
Title:	Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
Description:	Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-1689	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section krb5-workstation is earlier than 0:1.2.7-47 AND krb5 is earlier than 0:1.2.7-47 AND krb5-libs is earlier than 0:1.2.7-47 AND krb5-server is earlier than 0:1.2.7-47 AND krb5-devel is earlier than 0:1.2.7-47 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section krb5-workstation is earlier than 0:1.3.4-17 AND krb5 is earlier than 0:1.3.4-17 AND krb5-libs is earlier than 0:1.3.4-17 AND krb5-server is earlier than 0:1.3.4-17 AND krb5-devel is earlier than 0:1.3.4-17

Definition Id: oval:org.mitre.oval:def:9902

Oval ID:	oval:org.mitre.oval:def:9902
Title:	Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
Description:	Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-1175	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section krb5-workstation is earlier than 0:1.2.7-47 AND krb5 is earlier than 0:1.2.7-47 AND krb5-libs is earlier than 0:1.2.7-47 AND krb5-server is earlier than 0:1.2.7-47 AND krb5-devel is earlier than 0:1.2.7-47 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section krb5-workstation is earlier than 0:1.3.4-17 AND krb5 is earlier than 0:1.3.4-17 AND krb5-libs is earlier than 0:1.3.4-17 AND krb5-server is earlier than 0:1.3.4-17 AND krb5-devel is earlier than 0:1.3.4-17

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Mac Os X cpe:2.3:a:apple:mac_os_x::::::::	1
Application	Microsoft Telnet Client cpe:2.3:a:microsoft:telnet_client:5.1.2600.2180:::::::*	1
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.4.1:::::::* cpe:2.3:a:mit:kerberos_5:1.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.6:::::::* cpe:2.3:a:mit:kerberos_5:1.3.5:::::::* cpe:2.3:a:mit:kerberos_5:1.3.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.3:::::::* cpe:2.3:a:mit:kerberos_5:1.3.2:::::::* cpe:2.3:a:mit:kerberos_5:1.3.1:::::::* cpe:2.3:a:mit:kerberos_5:1.3:alpha1:::::: cpe:2.3:a:mit:kerberos_5:1.3:-:::::: cpe:2.3:a:mit:kerberos_5:1.2.8:::::::* cpe:2.3:a:mit:kerberos_5:1.2.7:::::::* cpe:2.3:a:mit:kerberos_5:1.2.6:::::::* cpe:2.3:a:mit:kerberos_5:1.2.5:::::::* cpe:2.3:a:mit:kerberos_5:1.2.4:::::::* cpe:2.3:a:mit:kerberos_5:1.2.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.2:::::::* cpe:2.3:a:mit:kerberos_5:1.2.1:::::::* cpe:2.3:a:mit:kerberos_5:1.2:beta2:::::: cpe:2.3:a:mit:kerberos_5:1.2:beta1:::::: cpe:2.3:a:mit:kerberos_5:1.2:-:::::: cpe:2.3:a:mit:kerberos_5:1.1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.0.6:::::::* cpe:2.3:a:mit:kerberos_5:1.0:-:::::: cpe:2.3:a:mit:kerberos_5:::::::: cpe:2.3:a:mit:kerberos_5:-:::::::*	27
Application	Openbsd Openssh cpe:2.3:a:openbsd:openssh:4.3:p2:::::: cpe:2.3:a:openbsd:openssh:4.2:p1:::::: cpe:2.3:a:openbsd:openssh:4.1:p1:::::: cpe:2.3:a:openbsd:openssh:4.0:p1:::::: cpe:2.3:a:openbsd:openssh:3.5:p1:::::: cpe:2.3:a:openbsd:openssh:3.4:-:::::: cpe:2.3:a:openbsd:openssh:3.4:p1:::::: cpe:2.3:a:openbsd:openssh:3.3:-:::::: cpe:2.3:a:openbsd:openssh:3.3:p1:::::: cpe:2.3:a:openbsd:openssh:3.2:::::::* cpe:2.3:a:openbsd:openssh:3.1:-:::::: cpe:2.3:a:openbsd:openssh:3.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.0.2:-:::::: cpe:2.3:a:openbsd:openssh:3.0.1:-:::::: cpe:2.3:a:openbsd:openssh:3.0:-::::::	15
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x:10.4.:::::::* cpe:2.3:o:apple:mac_os_x:10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x:10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x:10.0:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:o:apple:mac_os_x:-:::::::*	40
Os	Apple Mac Os X Server cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.3:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.2:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.15:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.14:::::::* cpe:2.3:o:apple:mac_os_x_server::::::::	42
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:3.1:::::::* cpe:2.3:o:debian:debian_linux:3.0:::::::*	2
Os	Sun Sunos cpe:2.3:o:sun:sunos:5.9:::::::*	1

OpenVAS Exploits

Date	Description
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-06-03	Name : Solaris Update for telnet 110668-05 File : nvt/gb_solaris_110668_05.nasl
2009-06-03	Name : Solaris Update for telnet 110669-05 File : nvt/gb_solaris_110669_05.nasl
2009-06-03	Name : Solaris Update for telnet 119433-01 File : nvt/gb_solaris_119433_01.nasl
2009-06-03	Name : Solaris Update for telnet 119434-01 File : nvt/gb_solaris_119434_01.nasl
2009-04-09	Name : Mandriva Update for rsh MDVSA-2008:191 (rsh) File : nvt/gb_mandriva_MDVSA_2008_191.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200507-11 (mit-krb5) File : nvt/glsa_200507_11.nasl
2008-01-17	Name : Debian Security Advisory DSA 757-1 (krb5) File : nvt/deb_757_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
17843	MIT Kerberos 5 Key Distribution Center (KDC) krb5_unparse_name Overflow
17841	MIT Kerberos kpropd krb5_recvauth Double-free Command Execution
17303	Multiple Vendor Telnet Client NEW-ENVIRON Variable Information Disclosure
9550	OpenSSH scp Traversal Arbitrary File Overwrite OpenSSH contains a flaw that may allow a context-dependent attacker to overwrite arbitrary files on a remote system. The issue is due to the scp utility not properly sanitizing file copy requests which could allow a remote server to overwrite arbitrary files on the target system.

Snort® IPS/IDS

Date	Description
2014-01-10	MIT Kerberos V5 KDC krb5_unparse_name overflow attempt RuleID : 17274 - Revision : 13 - Type : SERVER-OTHER
2014-01-10	MIT Kerberos V5 krb5_recvauth double free attempt RuleID : 17243 - Revision : 9 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2012-01-12	Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO
2011-11-18	Name : A file transfer client on the remote host could be abused to overwrite arbitr... File : openssh_34p1.nasl - Type : ACT_GATHER_INFO
2011-08-29	Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-191.nasl - Type : ACT_GATHER_INFO
2006-09-27	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33389.nasl - Type : ACT_GATHER_INFO
2006-09-27	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33384.nasl - Type : ACT_GATHER_INFO
2006-08-01	Name : The remote operating system is missing a vendor-supplied patch. File : macosx_SecUpd2006-004.nasl - Type : ACT_GATHER_INFO
2006-07-05	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-165.nasl - Type : ACT_GATHER_INFO
2006-07-05	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-567.nasl - Type : ACT_GATHER_INFO
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-106.nasl - Type : ACT_GATHER_INFO
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-074.nasl - Type : ACT_GATHER_INFO
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-562.nasl - Type : ACT_GATHER_INFO
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-504.nasl - Type : ACT_GATHER_INFO
2006-01-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-224-1.nasl - Type : ACT_GATHER_INFO
2005-08-18	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2005-007.nasl - Type : ACT_GATHER_INFO
2005-07-18	Name : The remote Debian host is missing a security-related update. File : debian_DSA-757.nasl - Type : ACT_GATHER_INFO
2005-07-14	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-119.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-553.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-567.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-562.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-11.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-552.nasl - Type : ACT_GATHER_INFO
2005-06-16	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-100.nasl - Type : ACT_GATHER_INFO
2005-06-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-504.nasl - Type : ACT_GATHER_INFO
2005-06-14	Name : It is possible to disclose user information. File : smb_nt_ms05-033.nasl - Type : ACT_GATHER_INFO
2005-06-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-495.nasl - Type : ACT_GATHER_INFO
2005-06-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-165.nasl - Type : ACT_GATHER_INFO
2005-06-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-481.nasl - Type : ACT_GATHER_INFO
2005-05-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-074.nasl - Type : ACT_GATHER_INFO
2005-05-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-106.nasl - Type : ACT_GATHER_INFO
2004-09-08	Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20040907.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 112237-16 File : solaris8_112237.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 112390-14 File : solaris8_112390.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 112238-15 File : solaris8_x86_112238.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 112240-13 File : solaris8_x86_112240.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 112908-38 File : solaris9_112908.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 115168-24 File : solaris9_x86_115168.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:49:29	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	4
Oval ID(s)	6
CPE ID(s)	129
osvdb(s)	4
Openvas Exploit(s)	8
Snort® Rule(s)	2
Nessus® Exploit(s)	37

	Related
9.8	CVE-2005-1689
7.5	RHSA-2005:567
7.5	RHSA-2005:330
7.5	CVE-2005-1175
5	CVE-2005-0488
4.3	CVE-2004-0175
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)