8.5 - RHSA-2014:1389

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	krb5 security and bug fix update

Informations
Name	RHSA-2014:1389	First vendor Publication	2014-10-14
Vendor	RedHat	Last vendor Modification	2014-10-14
Severity (Vendor)	Moderate	Revision	02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score	8.5	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	6.8	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC.

It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800)

A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)

A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345)

Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342)

A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343)

These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes.

All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1001961 - Wrong obsoletes in krb5-pkinit-openssl 1009389 - service krb5kdc start unable to get default realm 1026942 - CVE-2013-1418 krb5: multi-realm KDC null dereference leads to crash 1031499 - CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash) 1059730 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly 1087068 - 0006526: GSS api stopped working properly after krb5 update 1113652 - trusted domain logins cannot find KDC for requested realm 1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext 1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens 1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators 1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens 1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-1389.html

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-476	NULL Pointer Dereference
17 %	CWE-415	Double Free
17 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
17 %	CWE-125	Out-of-bounds Read
17 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25491

Oval ID:	oval:org.mitre.oval:def:25491
Title:	DSA-3000-1 krb5 - security update
Description:	Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos.
Family:	unix	Class:	patch
Reference(s):	DSA-3000-1 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	krb5
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND krb5 DPKG is earlier than 0:1.10.1+dfsg-5+deb7u2

Definition Id: oval:org.mitre.oval:def:25702

Oval ID:	oval:org.mitre.oval:def:25702
Title:	SUSE-SU-2013:1875-1 -- Security update for krb5
Description:	This update for krb5 fixes the following security issue: * If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a null pointer, crashing the KDC. (CVE-2013-1418) Security Issues: * CVE-2013-1418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1875-1 CVE-2013-1418	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	krb5
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section krb5 RPM is earlier than 0:1.6.3-133.49.58.1 AND krb5-client RPM is earlier than 0:1.6.3-133.49.58.1 AND krb5-32bit RPM is earlier than 0:1.6.3-133.49.58.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section krb5-apps-clients RPM is earlier than 0:1.6.3-133.49.58.1 AND krb5-apps-servers RPM is earlier than 0:1.6.3-133.49.58.1 AND krb5-plugin-kdb-ldap RPM is earlier than 0:1.6.3-133.49.58.1 AND krb5-plugin-preauth-pkinit RPM is earlier than 0:1.6.3-133.49.58.1 AND krb5-server RPM is earlier than 0:1.6.3-133.49.58.1 AND krb5-doc RPM is earlier than 0:1.6.3-133.49.58.1

Definition Id: oval:org.mitre.oval:def:25901

Oval ID:	oval:org.mitre.oval:def:25901
Title:	SUSE-SU-2014:1028-1 -- Security update for krb5
Description:	This MIT krb5 update fixes a buffer overrun problem in kadmind.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1028-1 CVE-2014-4345	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	krb5
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section krb5 RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-client RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-32bit RPM is earlier than 0:1.6.3-133.49.62.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section krb5-apps-clients RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-apps-servers RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-plugin-kdb-ldap RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-plugin-preauth-pkinit RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-server RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-doc RPM is earlier than 0:1.6.3-133.49.62.1

Definition Id: oval:org.mitre.oval:def:26458

Oval ID:	oval:org.mitre.oval:def:26458
Title:	USN-2310-1 -- krb5 vulnerabilities
Description:	Several security issues were fixed in Kerberos.
Family:	unix	Class:	patch
Reference(s):	USN-2310-1 CVE-2012-1016 CVE-2013-1415 CVE-2013-1416 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	krb5
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed Packages match section krb5-admin-server DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND krb5-kdc DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND krb5-kdc-ldap DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND krb5-otp DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND krb5-pkinit DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND krb5-user DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND libgssapi-krb5-2 DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND libgssrpc4 DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND libk5crypto3 DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND libkadm5clnt-mit9 DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND libkadm5srv-mit9 DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND libkdb5-7 DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND libkrad0 DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND libkrb5-3 DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND libkrb5support0 DPKG is earlier than 0:1.12+dfsg-2ubuntu4.2 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed Packages match section krb5-admin-server DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND krb5-kdc DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND krb5-kdc-ldap DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND krb5-pkinit DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND krb5-user DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND libgssapi-krb5-2 DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND libgssrpc4 DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND libk5crypto3 DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND libkadm5clnt-mit8 DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND libkadm5srv-mit8 DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND libkdb5-6 DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND libkrb5-3 DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND libkrb5support0 DPKG is earlier than 0:1.10+dfsg~beta1-2ubuntu0.5 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed Packages match section krb5-admin-server DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND krb5-kdc DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND krb5-kdc-ldap DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND krb5-pkinit DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND krb5-user DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND libgssapi-krb5-2 DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND libgssrpc4 DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND libk5crypto3 DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND libkadm5clnt-mit7 DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND libkadm5srv-mit7 DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND libkdb5-4 DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND libkrb5-3 DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13 AND libkrb5support0 DPKG is earlier than 0:1.8.1+dfsg-2ubuntu0.13

Definition Id: oval:org.mitre.oval:def:26536

Oval ID:	oval:org.mitre.oval:def:26536
Title:	ELSA-2014-1245 -- krb5 security and bug fix update (Moderate)
Description:	Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. (BZ#1089732) All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1245 CVE-2014-4344 CVE-2014-4341 CVE-2013-1418 CVE-2013-6800	Version:	3
Platform(s):	Oracle Linux 5	Product(s):	krb5
Definition Synopsis:
Oracle Linux 5.x Packages match section krb5-devel RPM is earlier than 0:1.6.1-78.el5 AND krb5-libs RPM is earlier than 0:1.6.1-78.el5 AND krb5-server RPM is earlier than 0:1.6.1-78.el5 AND krb5-server-ldap RPM is earlier than 0:1.6.1-78.el5 AND krb5-workstation RPM is earlier than 0:1.6.1-78.el5

Definition Id: oval:org.mitre.oval:def:26718

Oval ID:	oval:org.mitre.oval:def:26718
Title:	RHSA-2014:1255: krb5 security update (Moderate)
Description:	Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1255-00 CVE-2014-4345 CESA-2014:1255	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	krb5
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 AND krb5-debuginfo is earlier than 0:1.6.1-80.el5_11 AND Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section krb5-devel is earlier than 0:1.6.1-80.el5_11 AND krb5-server is earlier than 0:1.6.1-80.el5_11 AND krb5-server-ldap is earlier than 0:1.6.1-80.el5_11 AND krb5-libs is earlier than 0:1.6.1-80.el5_11 AND krb5-workstation is earlier than 0:1.6.1-80.el5_11

Definition Id: oval:org.mitre.oval:def:26722

Oval ID:	oval:org.mitre.oval:def:26722
Title:	AIX NAS null deref in SPNEGO acceptor
Description:	The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4344	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets krb5.server.rte equals 1.5.0.3 AND krb5.server.rte equals 1.5.0.4 AND krb5.server.rte equals 1.6.0.1 AND krb5.client.rte equals 1.5.0.3 AND krb5.client.rte equals 1.5.0.4 AND krb5.client.rte equals 1.6.0.1

Definition Id: oval:org.mitre.oval:def:26777

Oval ID:	oval:org.mitre.oval:def:26777
Title:	RHSA-2014:1245: krb5 security and bug fix update (Moderate)
Description:	Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. (BZ#1089732) All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1245-00 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4344 CESA-2014:1245	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	krb5
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 AND krb5-debuginfo is earlier than 0:1.6.1-78.el5 AND Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section krb5-devel is earlier than 0:1.6.1-78.el5 AND krb5-server is earlier than 0:1.6.1-78.el5 AND krb5-server-ldap is earlier than 0:1.6.1-78.el5 AND krb5-libs is earlier than 0:1.6.1-78.el5 AND krb5-workstation is earlier than 0:1.6.1-78.el5

Definition Id: oval:org.mitre.oval:def:26809

Oval ID:	oval:org.mitre.oval:def:26809
Title:	SUSE-SU-2014:0989-1 -- Security update for krb5
Description:	The several security issues have been fixed in kerberos 5.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0989-1 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	krb5
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section krb5 RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-client RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-32bit RPM is earlier than 0:1.6.3-133.49.60.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section krb5-apps-clients RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-apps-servers RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-plugin-kdb-ldap RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-plugin-preauth-pkinit RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-server RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-doc RPM is earlier than 0:1.6.3-133.49.60.1

Definition Id: oval:org.mitre.oval:def:26856

Oval ID:	oval:org.mitre.oval:def:26856
Title:	ELSA-2014-1255 -- krb5 security update (Moderate)
Description:	Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1255 CVE-2014-4345	Version:	3
Platform(s):	Oracle Linux 5	Product(s):	krb5
Definition Synopsis:
Oracle Linux 5.x Packages match section krb5-devel RPM is earlier than 0:1.6.1-80.el5_11 AND krb5-libs RPM is earlier than 0:1.6.1-80.el5_11 AND krb5-server RPM is earlier than 0:1.6.1-80.el5_11 AND krb5-server-ldap RPM is earlier than 0:1.6.1-80.el5_11 AND krb5-workstation RPM is earlier than 0:1.6.1-80.el5_11

Definition Id: oval:org.mitre.oval:def:26907

Oval ID:	oval:org.mitre.oval:def:26907
Title:	DEPRECATED: SUSE-SU-2014:1028-1 -- Security update for krb5
Description:	This MIT krb5 update fixes a buffer overrun problem in kadmind.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1028-1 CVE-2014-4345	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	krb5
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section krb5 RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-client RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-32bit RPM is earlier than 0:1.6.3-133.49.62.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section krb5-apps-clients RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-apps-servers RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-plugin-kdb-ldap RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-plugin-preauth-pkinit RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-server RPM is earlier than 0:1.6.3-133.49.62.1 AND krb5-doc RPM is earlier than 0:1.6.3-133.49.62.1

Definition Id: oval:org.mitre.oval:def:26912

Oval ID:	oval:org.mitre.oval:def:26912
Title:	AIX NAS denial of service vulnerability
Description:	MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4341	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets File Version Exists krb5.server.rte greater than or equal 1.5.0.0 AND krb5.server.rte less than or equal 1.6.0.1 OR File Version Exists krb5.client.rte greater than or equal 1.5.0.0 AND krb5.client.rte less than or equal 1.6.0.1

Definition Id: oval:org.mitre.oval:def:26917

Oval ID:	oval:org.mitre.oval:def:26917
Title:	RHSA-2014:1389: krb5 security and bug fix update (Moderate)
Description:	Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1389-01 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CESA-2014:1389	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	krb5
Definition Synopsis:
Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND krb5-debuginfo is earlier than 0:1.10.3-33.el6 AND Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section krb5-devel is earlier than 0:1.10.3-33.el6 AND krb5-libs is earlier than 0:1.10.3-33.el6 AND krb5-pkinit-openssl is earlier than 0:1.10.3-33.el6 AND krb5-server is earlier than 0:1.10.3-33.el6 AND krb5-server-ldap is earlier than 0:1.10.3-33.el6 AND krb5-workstation is earlier than 0:1.10.3-33.el6

Definition Id: oval:org.mitre.oval:def:26961

Oval ID:	oval:org.mitre.oval:def:26961
Title:	AIX NAS double-free in SPNEGO
Description:	Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4343	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets krb5.server.rte equals 1.5.0.3 AND krb5.server.rte equals 1.5.0.4 AND krb5.server.rte equals 1.6.0.1 AND krb5.client.rte equals 1.5.0.3 AND krb5.client.rte equals 1.5.0.4 AND krb5.client.rte equals 1.6.0.1

Definition Id: oval:org.mitre.oval:def:27019

Oval ID:	oval:org.mitre.oval:def:27019
Title:	DEPRECATED: SUSE-SU-2014:0989-1 -- Security update for krb5
Description:	The several security issues have been fixed in kerberos 5.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0989-1 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	krb5
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section krb5 RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-client RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-32bit RPM is earlier than 0:1.6.3-133.49.60.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section krb5-apps-clients RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-apps-servers RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-plugin-kdb-ldap RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-plugin-preauth-pkinit RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-server RPM is earlier than 0:1.6.3-133.49.60.1 AND krb5-doc RPM is earlier than 0:1.6.3-133.49.60.1

Definition Id: oval:org.mitre.oval:def:27032

Oval ID:	oval:org.mitre.oval:def:27032
Title:	ELSA-2014-1389 -- krb5 security and bug fix update
Description:	[1.10.3-33] - actually apply that last patch [1.10.3-32] - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) [1.10.3-31] - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-30] - ksu: when evaluating .k5users, treat lines with just a principal name as if they contained the principal name followed by '*', and don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-29] - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121510) - gssapi: pull in proposed-and-accepted fix for a double free in initiators (David Woodhouse, CVE-2014-4343, #1121510) [1.10.3-28] - correct a type mistake in the backported fix for CVE-2013-1418/CVE-2013-6800 [1.10.3-27] - pull in backported fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1121510) - incorporate backported patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800, more of [1.10.3-26] - pull in backport of patch to not subsequently always require that responses come from master KDCs if we get one from a master somewhere along the way while chasing referrals (RT#7650, #1113652) [1.10.3-25] - ksu: if the -e flag isn't used, use the target user's shell when checking for authorization via the target user's .k5users file (#1026721) [1.10.3-24] - define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that it's declared (#1059730) [1.10.3-23] - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1087068, RT#7858) [1.10.3-22] - add patch from Jatin Nansi to avoid attempting to clear memory at the NULL address if krb5_encrypt_helper() returns an error when called from encrypt_credencpart() (#1055329, pull #158) [1.10.3-21] - drop patch to add additional access() checks to ksu - they shouldn't be resulting in any benefit [1.10.3-20] - apply patch from Nikolai Kondrashov to pass a default realm set in /etc/sysconfig/krb5kdc to the kdb_check_weak helper, so that it doesn't produce an error if there isn't one set in krb5.conf (#1009389) [1.10.3-19] - packaging: don't Obsoletes: older versions of krb5-pkinit-openssl and virtual Provide: krb5-pkinit-openssl on EL6, where we don't need to bother with any of that (#1001961) [1.10.3-18] - pkinit: backport tweaks to avoid trying to call the prompter callback when one isn't set (part of #965721) - pkinit: backport the ability to use a prompter callback to prompt for a password when reading private keys (the rest of #965721) [1.10.3-17] - backport fix to not spin on a short read when reading the length of a response over TCP (RT#7508, #922884) [1.10.3-16] - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1070244)
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1389 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4344 CVE-2014-4345 CVE-2014-4342 CVE-2014-4343	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	krb5 krb5-devel krb5-libs krb5-pkinit-openssl krb5-server krb5-server-ldap krb5-workstation
Definition Synopsis:
Oracle Linux 6.x Packages match section krb5 is earlier than 0:1.10.3-33.el6 AND krb5-devel is earlier than 0:1.10.3-33.el6 AND krb5-libs is earlier than 0:1.10.3-33.el6 AND krb5-pkinit-openssl is earlier than 0:1.10.3-33.el6 AND krb5-server is earlier than 0:1.10.3-33.el6 AND krb5-server-ldap is earlier than 0:1.10.3-33.el6 AND krb5-workstation is earlier than 0:1.10.3-33.el6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mit Kerberos cpe:2.3:a:mit:kerberos:5-1.8:alpha1:::::: cpe:2.3:a:mit:kerberos:5-1.10.7:::::::* cpe:2.3:a:mit:kerberos:5-1.10.6:::::::* cpe:2.3:a:mit:kerberos:5-1.10.5:::::::*	4
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.9.4:::::::* cpe:2.3:a:mit:kerberos_5:1.9.3:::::::* cpe:2.3:a:mit:kerberos_5:1.9.2:::::::* cpe:2.3:a:mit:kerberos_5:1.9.1:::::::* cpe:2.3:a:mit:kerberos_5:1.9:::::::* cpe:2.3:a:mit:kerberos_5:1.8.6:::::::* cpe:2.3:a:mit:kerberos_5:1.8.5:::::::* cpe:2.3:a:mit:kerberos_5:1.8.4:::::::* cpe:2.3:a:mit:kerberos_5:1.8.3:::::::* cpe:2.3:a:mit:kerberos_5:1.8.2:::::::* cpe:2.3:a:mit:kerberos_5:1.8.1:::::::* cpe:2.3:a:mit:kerberos_5:1.8:::::::* cpe:2.3:a:mit:kerberos_5:1.7.1:::::::* cpe:2.3:a:mit:kerberos_5:1.7:::::::* cpe:2.3:a:mit:kerberos_5:1.6.3_kdc:::::::* cpe:2.3:a:mit:kerberos_5:1.6.3:::::::* cpe:2.3:a:mit:kerberos_5:1.6.2:::::::* cpe:2.3:a:mit:kerberos_5:1.6.1:::::::* cpe:2.3:a:mit:kerberos_5:1.6:::::::* cpe:2.3:a:mit:kerberos_5:1.5.3:::::::* cpe:2.3:a:mit:kerberos_5:1.5.2:::::::* cpe:2.3:a:mit:kerberos_5:1.5.1:::::::* cpe:2.3:a:mit:kerberos_5:1.5:::::::* cpe:2.3:a:mit:kerberos_5:1.4.4:::::::* cpe:2.3:a:mit:kerberos_5:1.4.3:::::::* cpe:2.3:a:mit:kerberos_5:1.4.2:::::::* cpe:2.3:a:mit:kerberos_5:1.4.1:::::::* cpe:2.3:a:mit:kerberos_5:1.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.6:::::::* cpe:2.3:a:mit:kerberos_5:1.3.5:::::::* cpe:2.3:a:mit:kerberos_5:1.3.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.3:::::::* cpe:2.3:a:mit:kerberos_5:1.3.2:::::::* cpe:2.3:a:mit:kerberos_5:1.3.1:::::::* cpe:2.3:a:mit:kerberos_5:1.3:-:::::: cpe:2.3:a:mit:kerberos_5:1.3:alpha1:::::: cpe:2.3:a:mit:kerberos_5:1.2.8:::::::* cpe:2.3:a:mit:kerberos_5:1.2.7:::::::* cpe:2.3:a:mit:kerberos_5:1.2.6:::::::* cpe:2.3:a:mit:kerberos_5:1.2.5:::::::* cpe:2.3:a:mit:kerberos_5:1.2.4:::::::* cpe:2.3:a:mit:kerberos_5:1.2.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.2:::::::* cpe:2.3:a:mit:kerberos_5:1.2.1:::::::* cpe:2.3:a:mit:kerberos_5:1.2:beta1:::::: cpe:2.3:a:mit:kerberos_5:1.2:beta2:::::: cpe:2.3:a:mit:kerberos_5:1.2:-:::::: cpe:2.3:a:mit:kerberos_5:1.12.1:::::::* cpe:2.3:a:mit:kerberos_5:1.12:::::::* cpe:2.3:a:mit:kerberos_5:1.11.5:::::::* cpe:2.3:a:mit:kerberos_5:1.11.4:::::::* cpe:2.3:a:mit:kerberos_5:1.11.3:::::::* cpe:2.3:a:mit:kerberos_5:1.11.2:::::::* cpe:2.3:a:mit:kerberos_5:1.11.1:::::::* cpe:2.3:a:mit:kerberos_5:1.11:::::::* cpe:2.3:a:mit:kerberos_5:1.10.4:::::::* cpe:2.3:a:mit:kerberos_5:1.10.3:::::::* cpe:2.3:a:mit:kerberos_5:1.10.2:::::::* cpe:2.3:a:mit:kerberos_5:1.10.1:::::::* cpe:2.3:a:mit:kerberos_5:1.10:::::::* cpe:2.3:a:mit:kerberos_5:1.1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.0.6:::::::* cpe:2.3:a:mit:kerberos_5:1.0:-:::::: cpe:2.3:a:mit:kerberos_5:::::::: cpe:2.3:a:mit:kerberos_5:-:::::::*	66
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:7.0:::::::*	1
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:20:::::::*	1
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.1:::::::* cpe:2.3:o:opensuse:opensuse:12.3:::::::* cpe:2.3:o:opensuse:opensuse:12.2:::::::* cpe:2.3:o:opensuse:opensuse:11.4:::::::*	4
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*	1
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*	5
Os	Redhat Enterprise Linux Hpc Node cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*	1
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*	4
Os	Redhat Enterprise Linux Server Eus cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*	4
Os	Redhat Enterprise Linux Tus cpe:2.3:o:redhat:enterprise_linux_tus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_tus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_tus:7.3:::::::*	3
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-11-14	IAVM : 2013-B-0130 - MIT Kerberos Denial of Service Vulnerabilities Severity : Category I - VMSKEY : V0042308

Snort® IPS/IDS

Date	Description
2015-03-27	MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 8888889 - Revision : 1 - Type : SERVER-OTHER
2015-03-27	MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 8888888 - Revision : 1 - Type : SERVER-OTHER
2016-03-14	MIT Kerberos 5 IAKERB outbound token detected RuleID : 36816 - Revision : 5 - Type : SERVER-OTHER
2016-03-14	MIT Kerberos 5 SPNEGO incoming token detected RuleID : 36815 - Revision : 5 - Type : SERVER-OTHER
2016-03-14	MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt RuleID : 36814 - Revision : 5 - Type : SERVER-OTHER
2015-06-23	MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 34972 - Revision : 2 - Type : SERVER-OTHER
2015-06-23	MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 34971 - Revision : 2 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2018-02-01	Name : The remote Debian host is missing a security update. File : debian_DLA-1265.nasl - Type : ACT_GATHER_INFO
2018-01-11	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15552.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150305_krb5_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-37.nasl - Type : ACT_GATHER_INFO
2015-03-18	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO
2015-03-13	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0439.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO
2015-02-26	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dbf9e66cbd5011e4a7ba206a8a720317.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20141216.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20141120.nasl - Type : ACT_GATHER_INFO
2015-01-02	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-53.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0034.nasl - Type : ACT_GATHER_INFO
2014-11-18	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-443.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO
2014-11-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141014_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1389.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140916_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1255.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15553.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15547.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1245.nasl - Type : ACT_GATHER_INFO
2014-09-18	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1255.nasl - Type : ACT_GATHER_INFO
2014-09-18	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1255.nasl - Type : ACT_GATHER_INFO
2014-09-18	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1245.nasl - Type : ACT_GATHER_INFO
2014-09-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1245.nasl - Type : ACT_GATHER_INFO
2014-09-12	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-165.nasl - Type : ACT_GATHER_INFO
2014-09-04	Name : The remote AIX host has a version of NAS installed that is affected by multip... File : aix_nas_advisory1.nasl - Type : ACT_GATHER_INFO
2014-08-27	Name : The remote Fedora host is missing a security update. File : fedora_2014-9305.nasl - Type : ACT_GATHER_INFO
2014-08-21	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-508.nasl - Type : ACT_GATHER_INFO
2014-08-16	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-140812.nasl - Type : ACT_GATHER_INFO
2014-08-15	Name : The remote Fedora host is missing a security update. File : fedora_2014-9315.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-140729.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-486.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2310-1.nasl - Type : ACT_GATHER_INFO
2014-08-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3000.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2014-8189.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2014-8176.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-941.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-880.nasl - Type : ACT_GATHER_INFO
2013-12-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-12.nasl - Type : ACT_GATHER_INFO
2013-12-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-21786.nasl - Type : ACT_GATHER_INFO
2013-11-22	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-275.nasl - Type : ACT_GATHER_INFO
2013-11-18	Name : A single sign-on service is affected by a denial of service vulnerability. File : mit_kerberos_cve-2013-1418.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2013-11-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-20687.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-11-19 13:25:21	Multiple Updates
2014-11-13 13:27:23	Multiple Updates
2014-10-18 13:26:18	Multiple Updates
2014-10-16 13:25:49	Multiple Updates
2014-10-14 09:22:20	First insertion

Global Informations

Type	Count
CWE ID(s)	6
Oval ID(s)	16
CPE ID(s)	96
IAVM(s)	1
Snort® Rule(s)	7
Nessus® Exploit(s)	45

	Related
8.5	CVE-2014-4345
7.8	CVE-2014-4344
7.6	CVE-2014-4343
5	CVE-2014-4342
5	CVE-2014-4341
4.3	CVE-2013-1418
4	CVE-2013-6800
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)