Executive Summary
Summary | |
---|---|
Title | New krb5 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-266 | First vendor Publication | 2003-03-17 |
Vendor | Debian | Last vendor Modification | 2003-03-17 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in krb5, an implementation of MIT Kerberos. . A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure. Kerberos version 5 does not contain this cryptographic vulnerability. Sites are not vulnerable if they have Kerberos v4 completely disabled, including the disabling of any krb5 to krb4 translation services. . The MIT Kerberos 5 implementation includes an RPC library derived from SUNRPC. The implementation contains length checks, that are vulnerable to an integer overflow, which may be exploitable to create denials of service or to gain unauthorized access to sensitive information. . Buffer overrun and underrun problems exist in Kerberos principal name handling in unusual cases, such as names with zero components, names with one empty component, or host-based service principal names with no host name component. For the stable distribution (woody) this problem has been fixed in version 1.2.4-5woody4. The old stable distribution (potato) does not contain krb5 packages. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your krb5 package. |
Original Source
Url : http://www.debian.org/security/2003/dsa-266 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:230 | |||
Oval ID: | oval:org.mitre.oval:def:230 | ||
Title: | xdrmem_bytes() Integer Overflow Vulnerability | ||
Description: | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0028 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:244 | |||
Oval ID: | oval:org.mitre.oval:def:244 | ||
Title: | Kerberos KDC Heap Corruption Denial of Service | ||
Description: | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0082 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:248 | |||
Oval ID: | oval:org.mitre.oval:def:248 | ||
Title: | Kerberos krb4 Plaintext Attack Vulnerability | ||
Description: | Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0138 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:250 | |||
Oval ID: | oval:org.mitre.oval:def:250 | ||
Title: | Kerberos krb4 Ticket Splicing Vulnerability | ||
Description: | Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0139 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2536 | |||
Oval ID: | oval:org.mitre.oval:def:2536 | ||
Title: | Kerberos 5 KDC Heap Corruption Vulnerability | ||
Description: | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0082 | Version: | 2 |
Platform(s): | Sun Solaris 8 | Product(s): | Kerberos5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4430 | |||
Oval ID: | oval:org.mitre.oval:def:4430 | ||
Title: | Kerberos 5 KDC Buffer Underrun in Principle Name Handling | ||
Description: | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0082 | Version: | 2 |
Platform(s): | Sun Solaris 7 | Product(s): | Solaris Enterprise Authentication Mechanism (SEAM) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 266-1 (krb5) File : nvt/deb_266_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 269-1 (heimdal) File : nvt/deb_269_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 269-2 (heimdal) File : nvt/deb_269_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 272-1 (dietlibc) File : nvt/deb_272_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 273-1 (krb4) File : nvt/deb_273_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 282-1 (glibc) File : nvt/deb_282_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
4902 | MIT Kerberos 5 Key Distribution Center Heap Corruption DoS Kerberos 5 contains a flaw within principal name handling that may allow a remote denial of service. The issue is triggered when a specially crafted request is sent to the KDC, this can result in a heap corruption (buffer underrun) or possibly remote code execution resulting in a loss of avilability and possibly confidentiality and/or integrity. |
4901 | MIT Kerberos 5 KDC Array Overrun DoS Kerberos 5 contains a flaw that may allow an authenticated attacker to perform a remote denial of service. By sending a request with a name containing no components, one or more empty components, or a missing host name, the KDC will read memory past the end of an array, possibly causing it to crash. |
4869 | MIT Kerberos 4 Chosen-plaintext Attack Realm Principle Impersonation |
4868 | MIT Kerberos 4 Triple DES Service Ticket Splicing |
4501 | RPC XDR xdrmem_getbytes() Function Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | kerberos principal name overflow TCP RuleID : 2579-community - Revision : 8 - Type : SERVER-OTHER |
2014-01-10 | kerberos principal name overflow TCP RuleID : 2579 - Revision : 8 - Type : SERVER-OTHER |
2014-01-10 | kerberos principal name overflow UDP RuleID : 2578-community - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | kerberos principal name overflow UDP RuleID : 2578 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | portmap proxy integer overflow attempt TCP RuleID : 2093-community - Revision : 13 - Type : PROTOCOL-RPC |
2014-01-10 | portmap proxy integer overflow attempt TCP RuleID : 2093 - Revision : 13 - Type : PROTOCOL-RPC |
2014-01-10 | portmap proxy integer overflow attempt UDP RuleID : 2092-community - Revision : 14 - Type : PROTOCOL-RPC |
2014-01-10 | portmap proxy integer overflow attempt UDP RuleID : 2092 - Revision : 14 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-266.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-269.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-272.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-273.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-282.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-037.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-043.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2003_027.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-052.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-090.nasl - Type : ACT_GATHER_INFO |
2003-04-03 | Name : The remote host is using an authentication protocol with cryptographic weakne... File : kerberos4_crypto_weaknesses.nasl - Type : ACT_GATHER_INFO |
2003-04-03 | Name : It may be possible to execute arbitrary code on the remote Kerberos server. File : kerberos5_issues.nasl - Type : ACT_GATHER_INFO |
2003-03-19 | Name : Arbitrary code may be run on the remote server. File : rpc_xdrmem_bytes.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:47 |
|