9.3 - VU#895609

Executive Summary

Summary
Title	MIT Kerberos krb4-enabled KDC contains multiple vulnerabilities

Informations
Name	VU#895609	First vendor Publication	2008-03-18
Vendor	VU-CERT	Last vendor Modification	2008-03-19
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#895609

MIT Kerberos krb4-enabled KDC contains multiple vulnerabilities

Overview

Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service.

I. Description

Several vulnerabilities exist in the Authentication Service and Key Distribution Center server (krb5kdc) included in the MIT krb5 Kerberos implementation. In one case, the use of a null or dangling pointer in the KDC can result in a crash or double-free, and may leak portions of process memory to an attacker. In another case, uninitialized stack values cause reuse of a small window of previous stack values to be interpreted as message content. Some of this content may be returned to the attacker as part of an error response.

These vulnerabilities are only exposed if Kerberos 4 support is enabled. MIT notes that by default, Kerberos 4 support is compiled in but not enabled in recent versions of the software. MIT also notes that no other client or application server programs are affected.

II. Impact

An unauthenticated remote attacker may cause a krb4-enabled KDC server to crash, expose information (potentially including secret key data), or execute arbitrary code with the privileges of the krb5kdc. Secondary impacts include compromise of the Kerberos key database and denial of service to clients attempting to authenticate in the affected Kerberos realm.

III. Solution

Upgrade or apply a patch from the vendor

Patches have been released to address these issues. Please see the Systems Affected section of this document for more details.

Systems Affected

Vendor	Status	Date Updated
3com, Inc.	Unknown	6-Mar-2008
Alcatel	Unknown	6-Mar-2008
Apple Computer, Inc.	Vulnerable	18-Mar-2008
AT&T	Unknown	6-Mar-2008
Avaya, Inc.	Unknown	6-Mar-2008
Avici Systems, Inc.	Unknown	6-Mar-2008
Borderware Technologies	Unknown	6-Mar-2008
Check Point Software Technologies	Unknown	6-Mar-2008
Cisco Systems, Inc.	Not Vulnerable	10-Mar-2008
Clavister	Unknown	6-Mar-2008
Computer Associates	Not Vulnerable	18-Mar-2008
Computer Associates eTrust Security Management	Unknown	6-Mar-2008
Conectiva Inc.	Unknown	6-Mar-2008
Cray Inc.	Unknown	6-Mar-2008
D-Link Systems, Inc.	Unknown	6-Mar-2008
Data Connection, Ltd.	Unknown	6-Mar-2008
Debian GNU/Linux	Unknown	6-Mar-2008
EMC Corporation	Unknown	6-Mar-2008
Engarde Secure Linux	Unknown	6-Mar-2008
Enterasys Networks	Unknown	6-Mar-2008
Ericsson	Unknown	6-Mar-2008
eSoft, Inc.	Unknown	6-Mar-2008
Extreme Networks	Unknown	6-Mar-2008
F5 Networks, Inc.	Unknown	6-Mar-2008
Fedora Project	Unknown	6-Mar-2008
Force10 Networks, Inc.	Unknown	6-Mar-2008
Fortinet, Inc.	Unknown	6-Mar-2008
Foundry Networks, Inc.	Unknown	6-Mar-2008
FreeBSD, Inc.	Unknown	6-Mar-2008
Fujitsu	Unknown	6-Mar-2008
Global Technology Associates	Unknown	6-Mar-2008
Hewlett-Packard Company	Unknown	6-Mar-2008
Hitachi	Unknown	6-Mar-2008
Hyperchip	Unknown	6-Mar-2008
IBM Corporation	Unknown	6-Mar-2008
IBM Corporation (zseries)	Unknown	6-Mar-2008
IBM eServer	Unknown	6-Mar-2008
Ingrian Networks, Inc.	Unknown	6-Mar-2008
Intel Corporation	Not Vulnerable	10-Mar-2008
Internet Security Systems, Inc.	Unknown	6-Mar-2008
Intoto	Not Vulnerable	10-Mar-2008
IP Infusion, Inc.	Unknown	6-Mar-2008
Juniper Networks, Inc.	Unknown	6-Mar-2008
Linksys (A division of Cisco Systems)	Unknown	6-Mar-2008
Lucent Technologies	Unknown	6-Mar-2008
Luminous Networks	Unknown	6-Mar-2008
Mandriva, Inc.	Unknown	6-Mar-2008
McAfee	Unknown	6-Mar-2008
Microsoft Corporation	Unknown	6-Mar-2008
MIT Kerberos Development Team	Vulnerable	18-Mar-2008
MontaVista Software, Inc.	Unknown	6-Mar-2008
Multinet (owned Process Software Corporation)	Unknown	6-Mar-2008
Multitech, Inc.	Unknown	6-Mar-2008
NEC Corporation	Unknown	6-Mar-2008
NetBSD	Unknown	6-Mar-2008
Network Appliance, Inc.	Unknown	6-Mar-2008
NextHop Technologies, Inc.	Unknown	6-Mar-2008
Nortel Networks, Inc.	Unknown	6-Mar-2008
Novell, Inc.	Unknown	6-Mar-2008
Openwall GNU/*/Linux	Unknown	6-Mar-2008
QNX, Software Systems, Inc.	Unknown	6-Mar-2008
Quagga	Unknown	6-Mar-2008
Red Hat, Inc.	Unknown	6-Mar-2008
Redback Networks, Inc.	Unknown	6-Mar-2008
Riverstone Networks, Inc.	Unknown	6-Mar-2008
Secure Computing Network Security Division	Not Vulnerable	10-Mar-2008
Silicon Graphics, Inc.	Unknown	6-Mar-2008
Slackware Linux Inc.	Unknown	6-Mar-2008
Sony Corporation	Unknown	6-Mar-2008
Stonesoft	Unknown	6-Mar-2008
Sun Microsystems, Inc.	Not Vulnerable	18-Mar-2008
SUSE Linux	Unknown	6-Mar-2008
Symantec, Inc.	Unknown	6-Mar-2008
The SCO Group	Unknown	6-Mar-2008
TippingPoint, Technologies, Inc.	Not Vulnerable	18-Mar-2008
Trustix Secure Linux	Unknown	6-Mar-2008
Turbolinux	Unknown	6-Mar-2008
Ubuntu	Vulnerable	19-Mar-2008
Unisys	Unknown	6-Mar-2008
Watchguard Technologies, Inc.	Unknown	6-Mar-2008
Wind River Systems, Inc.	Unknown	6-Mar-2008
ZyXEL	Unknown	6-Mar-2008

References

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt

Credit

Thanks to Ken Raeburn of the MIT Kerberos Team for reporting this vulnerability.

This document was written by Chad R Dougherty.

Other Information

Date Public	03/18/2008
Date First Published	03/18/2008 09:56:56 PM
Date Last Updated	03/19/2008
CERT Advisory
CVE Name	CVE-2008-0062; CVE-2008-0063
US-CERT Technical Alerts
Metric	10.10
Document Revision	10

Original Source

Url : http://www.kb.cert.org/vuls/id/895609

CAPEC : Common Attack Pattern Enumeration & Classification

Id	Name
CAPEC-26	Leveraging Race Conditions
CAPEC-29	Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-172	Time and State Attacks

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-665	Improper Initialization

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8916

Oval ID:	oval:org.mitre.oval:def:8916
Title:	The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Description:	The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0063	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section krb5-workstation is earlier than 0:1.2.7-68 AND krb5 is earlier than 0:1.2.7-68 AND krb5-libs is earlier than 0:1.2.7-68 AND krb5-server is earlier than 0:1.2.7-68 AND krb5-devel is earlier than 0:1.2.7-68 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section krb5-workstation is earlier than 0:1.3.4-54.el4_6.1 AND krb5 is earlier than 0:1.3.4-54.el4_6.1 AND krb5-libs is earlier than 0:1.3.4-54.el4_6.1 AND krb5-server is earlier than 0:1.3.4-54.el4_6.1 AND krb5-devel is earlier than 0:1.3.4-54.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section krb5-workstation is earlier than 0:1.6.1-17.el5_1.1 AND krb5 is earlier than 0:1.6.1-17.el5_1.1 AND krb5-libs is earlier than 0:1.6.1-17.el5_1.1 AND krb5-server is earlier than 0:1.6.1-17.el5_1.1 AND krb5-devel is earlier than 0:1.6.1-17.el5_1.1

Definition Id: oval:org.mitre.oval:def:9496

Oval ID:	oval:org.mitre.oval:def:9496
Title:	KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Description:	KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0062	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section krb5-workstation is earlier than 0:1.2.7-68 AND krb5 is earlier than 0:1.2.7-68 AND krb5-libs is earlier than 0:1.2.7-68 AND krb5-server is earlier than 0:1.2.7-68 AND krb5-devel is earlier than 0:1.2.7-68 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section krb5-workstation is earlier than 0:1.3.4-54.el4_6.1 AND krb5 is earlier than 0:1.3.4-54.el4_6.1 AND krb5-libs is earlier than 0:1.3.4-54.el4_6.1 AND krb5-server is earlier than 0:1.3.4-54.el4_6.1 AND krb5-devel is earlier than 0:1.3.4-54.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section krb5-workstation is earlier than 0:1.6.1-17.el5_1.1 AND krb5 is earlier than 0:1.6.1-17.el5_1.1 AND krb5-libs is earlier than 0:1.6.1-17.el5_1.1 AND krb5-server is earlier than 0:1.6.1-17.el5_1.1 AND krb5-devel is earlier than 0:1.6.1-17.el5_1.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Mac Os X cpe:2.3:a:apple:mac_os_x::::::::	1
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.6.3_kdc:::::::* cpe:2.3:a:mit:kerberos_5:1.6.3:::::::* cpe:2.3:a:mit:kerberos_5:1.6.2:::::::* cpe:2.3:a:mit:kerberos_5:1.6.1:::::::* cpe:2.3:a:mit:kerberos_5:1.6:::::::* cpe:2.3:a:mit:kerberos_5:1.5.3:::::::* cpe:2.3:a:mit:kerberos_5:1.5.2:::::::* cpe:2.3:a:mit:kerberos_5:1.5.1:::::::* cpe:2.3:a:mit:kerberos_5:1.5:::::::* cpe:2.3:a:mit:kerberos_5:1.4.4:::::::* cpe:2.3:a:mit:kerberos_5:1.4.3:::::::* cpe:2.3:a:mit:kerberos_5:1.4.2:::::::* cpe:2.3:a:mit:kerberos_5:1.4.1:::::::* cpe:2.3:a:mit:kerberos_5:1.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.6:::::::* cpe:2.3:a:mit:kerberos_5:1.3.5:::::::* cpe:2.3:a:mit:kerberos_5:1.3.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.3:::::::* cpe:2.3:a:mit:kerberos_5:1.3.2:::::::* cpe:2.3:a:mit:kerberos_5:1.3.1:::::::* cpe:2.3:a:mit:kerberos_5:1.3:alpha1:::::: cpe:2.3:a:mit:kerberos_5:1.3:-:::::: cpe:2.3:a:mit:kerberos_5:1.2.8:::::::* cpe:2.3:a:mit:kerberos_5:1.2.7:::::::* cpe:2.3:a:mit:kerberos_5:1.2.6:::::::* cpe:2.3:a:mit:kerberos_5:1.2.5:::::::* cpe:2.3:a:mit:kerberos_5:1.2.4:::::::* cpe:2.3:a:mit:kerberos_5:1.2.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.2:::::::* cpe:2.3:a:mit:kerberos_5:1.2.1:::::::* cpe:2.3:a:mit:kerberos_5:1.2:beta2:::::: cpe:2.3:a:mit:kerberos_5:1.2:beta1:::::: cpe:2.3:a:mit:kerberos_5:1.2:-:::::: cpe:2.3:a:mit:kerberos_5:1.1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.0.6:::::::* cpe:2.3:a:mit:kerberos_5:1.0:-:::::: cpe:2.3:a:mit:kerberos_5:::::::: cpe:2.3:a:mit:kerberos_5:-:::::::*	39
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x:10.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8::macbook::::: cpe:2.3:o:apple:mac_os_x:10.4.8::mac_mini::::: cpe:2.3:o:apple:mac_os_x:10.4.8::macbook_pro::::: cpe:2.3:o:apple:mac_os_x:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x:10.4.:::::::* cpe:2.3:o:apple:mac_os_x:10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x:10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x:10.0:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:o:apple:mac_os_x:-:::::::*	56
Os	Apple Mac Os X Server cpe:2.3:o:apple:mac_os_x_server:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.3:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.2:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.15:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.14:::::::* cpe:2.3:o:apple:mac_os_x_server::::::::	55
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*	4
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:4.0:::::::* cpe:2.3:o:debian:debian_linux:3.1:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:8:::::::* cpe:2.3:o:fedoraproject:fedora:7:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:10.3:::::::* cpe:2.3:o:opensuse:opensuse:10.2:::::::*	2
Os	Suse Linux cpe:2.3:o:suse:linux:10.1:::::::*	1
Os	Suse Linux Enterprise Desktop cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1::::::	1
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:10:sp1::::::	1
Os	Suse Linux Enterprise Software Development Kit cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1::::::	1

OpenVAS Exploits

Date	Description
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-04-09	Name : Mandriva Update for krb5 MDVSA-2008:070 (krb5) File : nvt/gb_mandriva_MDVSA_2008_070.nasl
2009-04-09	Name : Mandriva Update for krb5 MDVSA-2008:069 (krb5) File : nvt/gb_mandriva_MDVSA_2008_069.nasl
2009-03-23	Name : Ubuntu Update for krb5 vulnerabilities USN-587-1 File : nvt/gb_ubuntu_USN_587_1.nasl
2009-03-06	Name : RedHat Update for krb5 RHSA-2008:0181-01 File : nvt/gb_RHSA-2008_0181-01_krb5.nasl
2009-03-06	Name : RedHat Update for krb5 RHSA-2008:0164-01 File : nvt/gb_RHSA-2008_0164-01_krb5.nasl
2009-03-06	Name : RedHat Update for krb5 RHSA-2008:0180-01 File : nvt/gb_RHSA-2008_0180-01_krb5.nasl
2009-02-27	Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 i386 File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_i386.nasl
2009-02-27	Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 x86_64 File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 i386 File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_i386.nasl
2009-02-27	Name : CentOS Update for krb5 CESA-2008:0181-01 centos2 i386 File : nvt/gb_CESA-2008_0181-01_krb5_centos2_i386.nasl
2009-02-27	Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64 File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_x86_64.nasl
2009-02-16	Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl
2009-02-16	Name : Fedora Update for krb5 FEDORA-2008-2647 File : nvt/gb_fedora_2008_2647_krb5_fc8.nasl
2009-01-23	Name : SuSE Update for krb5 SUSE-SA:2008:016 File : nvt/gb_suse_2008_016.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200803-31 (mit-krb5) File : nvt/glsa_200803_31.nasl
2008-06-17	Name : Kerberos < 1.6.4 vulnerability File : nvt/kerberos_CB-A08-0044.nasl
2008-03-19	Name : Debian Security Advisory DSA 1524-1 (krb5) File : nvt/deb_1524_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
43342	MIT Kerberos 5 KDC (krb5kdc) Error Response Information Disclosure
43341	MIT Kerberos 5 KDC (krb5kdc) Arbitrary Memory Disclosure

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0181.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0180.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0164.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0182.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080318_krb5_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0164.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0009.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-069.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-070.nasl - Type : ACT_GATHER_INFO
2008-03-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-31.nasl - Type : ACT_GATHER_INFO
2008-03-26	Name : The remote Fedora host is missing a security update. File : fedora_2008-2647.nasl - Type : ACT_GATHER_INFO
2008-03-26	Name : The remote Fedora host is missing a security update. File : fedora_2008-2637.nasl - Type : ACT_GATHER_INFO
2008-03-21	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1524.nasl - Type : ACT_GATHER_INFO
2008-03-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0180.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0164.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0180.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0181.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0181.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote openSUSE host is missing a security update. File : suse_krb5-5081.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-5082.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-587-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:57:27	Multiple Updates

Global Informations

Type	Count
Capec ID(s)	3
CWE ID(s)	2
Oval ID(s)	2
CPE ID(s)	165
osvdb(s)	2
Openvas Exploit(s)	18
Nessus® Exploit(s)	22

	Related
10	TA08-079B
9.8	CVE-2008-0062
7.5	CVE-2008-0063
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)