Executive Summary
Summary | |
---|---|
Title | New krb5 packages fix multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1524 | First vendor Publication | 2008-03-18 |
Vendor | Debian | Last vendor Modification | 2008-03-18 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network. CVE-2008-0062 An unauthenticated remote attacker may cause a krb4-enabled KDC to crash, expose information, or execute arbitrary code. Successful exploitation of this vulnerability could compromise the Kerberos key database and host security on the KDC host. CVE-2008-0063 An unauthenticated remote attacker may cause a krb4-enabled KDC to expose information. It is theoretically possible for the exposed information to include secret key data on some platforms. CVE-2008-0947 An unauthenticated remote attacker can cause memory corruption in the kadmind process, which is likely to cause kadmind to crash, resulting in a denial of service. It is at least theoretically possible for such corruption to result in database corruption or arbitrary code execution, though we have no such exploit and are not aware of any such exploits in use in the wild. In versions of MIT Kerberos shipped by Debian, this bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. For the stable distribution (etch), these problems have been fixed in version 1.4.4-7etch5. For the old stable distribution (sarge), these problems have been fixed in version krb5 1.3.6-2sarge6. We recommend that you upgrade your krb5 packages. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1524 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-26 | Leveraging Race Conditions |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
CAPEC-172 | Time and State Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-665 | Improper Initialization |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10984 | |||
Oval ID: | oval:org.mitre.oval:def:10984 | ||
Title: | Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. | ||
Description: | Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0947 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17145 | |||
Oval ID: | oval:org.mitre.oval:def:17145 | ||
Title: | USN-587-1 -- krb5 vulnerabilities | ||
Description: | It was discovered that krb5 did not correctly handle certain krb4 requests. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-587-1 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20288 | |||
Oval ID: | oval:org.mitre.oval:def:20288 | ||
Title: | DSA-1524-1 krb5 - multiple vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1524-1 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22707 | |||
Oval ID: | oval:org.mitre.oval:def:22707 | ||
Title: | ELSA-2008:0164: krb5 security and bugfix update (Critical) | ||
Description: | Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0164-01 CVE-2007-5901 CVE-2007-5971 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 | Version: | 25 |
Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8094 | |||
Oval ID: | oval:org.mitre.oval:def:8094 | ||
Title: | DSA-1524 krb5 -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identifies the following problems: An unauthenticated remote attacker may cause a krb4-enabled KDC to crash, expose information, or execute arbitrary code. Successful exploitation of this vulnerability could compromise the Kerberos key database and host security on the KDC host. An unauthenticated remote attacker may cause a krb4-enabled KDC to expose information. It is theoretically possible for the exposed information to include secret key data on some platforms. An unauthenticated remote attacker can cause memory corruption in the kadmind process, which is likely to cause kadmind to crash, resulting in a denial of service. It is at least theoretically possible for such corruption to result in database corruption or arbitrary code execution, though we have no such exploit and are not aware of any such exploits in use in the wild. In versions of MIT Kerberos shipped by Debian, this bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1524 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8916 | |||
Oval ID: | oval:org.mitre.oval:def:8916 | ||
Title: | The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | ||
Description: | The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0063 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9496 | |||
Oval ID: | oval:org.mitre.oval:def:9496 | ||
Title: | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | ||
Description: | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0062 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDVSA-2008:070 (krb5) File : nvt/gb_mandriva_MDVSA_2008_070.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDVSA-2008:069 (krb5) File : nvt/gb_mandriva_MDVSA_2008_069.nasl |
2009-03-23 | Name : Ubuntu Update for krb5 vulnerabilities USN-587-1 File : nvt/gb_ubuntu_USN_587_1.nasl |
2009-03-06 | Name : RedHat Update for krb5 RHSA-2008:0181-01 File : nvt/gb_RHSA-2008_0181-01_krb5.nasl |
2009-03-06 | Name : RedHat Update for krb5 RHSA-2008:0164-01 File : nvt/gb_RHSA-2008_0164-01_krb5.nasl |
2009-03-06 | Name : RedHat Update for krb5 RHSA-2008:0180-01 File : nvt/gb_RHSA-2008_0180-01_krb5.nasl |
2009-02-27 | Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 i386 File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 x86_64 File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for krb5-devel CESA-2008:0181 centos3 i386 File : nvt/gb_CESA-2008_0181_krb5-devel_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for krb5 CESA-2008:0181-01 centos2 i386 File : nvt/gb_CESA-2008_0181-01_krb5_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for krb5-devel CESA-2008:0180 centos4 x86_64 File : nvt/gb_CESA-2008_0180_krb5-devel_centos4_x86_64.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2647 File : nvt/gb_fedora_2008_2647_krb5_fc8.nasl |
2009-01-23 | Name : SuSE Update for krb5 SUSE-SA:2008:016 File : nvt/gb_suse_2008_016.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-31 (mit-krb5) File : nvt/glsa_200803_31.nasl |
2008-06-17 | Name : Kerberos < 1.6.4 vulnerability File : nvt/kerberos_CB-A08-0044.nasl |
2008-03-19 | Name : Debian Security Advisory DSA 1524-1 (krb5) File : nvt/deb_1524_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43343 | MIT Kerberos 5 (krb5) libgssrpc / kadmind RPC Library File Descriptor Handlin... |
43342 | MIT Kerberos 5 KDC (krb5kdc) Error Response Information Disclosure |
43341 | MIT Kerberos 5 KDC (krb5kdc) Arbitrary Memory Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0181.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0180.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0164.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0182.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080318_krb5_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0164.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0009.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-069.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-070.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-31.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2647.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2637.nasl - Type : ACT_GATHER_INFO |
2008-03-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1524.nasl - Type : ACT_GATHER_INFO |
2008-03-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0180.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0164.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0180.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0181.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0181.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-5081.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-5082.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-587-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:27 |
|