7.5 - DSA-266

Executive Summary

Summary
Title	New krb5 packages fix several vulnerabilities

Informations
Name	DSA-266	First vendor Publication	2003-03-17
Vendor	Debian	Last vendor Modification	2003-03-17
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in krb5, an implementation of MIT Kerberos.

. A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure.

Kerberos version 5 does not contain this cryptographic vulnerability. Sites are not vulnerable if they have Kerberos v4 completely disabled, including the disabling of any krb5 to krb4 translation services.

. The MIT Kerberos 5 implementation includes an RPC library derived from SUNRPC. The implementation contains length checks, that are vulnerable to an integer overflow, which may be exploitable to create denials of service or to gain unauthorized access to sensitive information.

. Buffer overrun and underrun problems exist in Kerberos principal name handling in unusual cases, such as names with zero components, names with one empty component, or host-based service principal names with no host name component.

For the stable distribution (woody) this problem has been fixed in version 1.2.4-5woody4.

The old stable distribution (potato) does not contain krb5 packages.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your krb5 package.

Original Source

Url : http://www.debian.org/security/2003/dsa-266

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:230

Oval ID:	oval:org.mitre.oval:def:230
Title:	xdrmem_bytes() Integer Overflow Vulnerability
Description:	Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0028	Version:	2
Platform(s):	Red Hat Linux 9	Product(s):	krb5
Definition Synopsis:
Red Hat 9 is installed AND ix86 architecture AND krb5-server version is less than 1.2.7-14

Definition Id: oval:org.mitre.oval:def:244

Oval ID:	oval:org.mitre.oval:def:244
Title:	Kerberos KDC Heap Corruption Denial of Service
Description:	The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0082	Version:	2
Platform(s):	Red Hat Linux 9	Product(s):	krb5
Definition Synopsis:
Red Hat 9 is installed AND ix86 architecture AND krb5-server version is less than 1.2.7-14

Definition Id: oval:org.mitre.oval:def:248

Oval ID:	oval:org.mitre.oval:def:248
Title:	Kerberos krb4 Plaintext Attack Vulnerability
Description:	Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0138	Version:	2
Platform(s):	Red Hat Linux 9	Product(s):	krb5
Definition Synopsis:
Red Hat 9 is installed AND ix86 architecture AND krb5-libs version is less than 1.2.7-14 AND krb5-server or krb5-workstation installed krb5-server version is less than 1.2.7-14 AND krb5-workstation version is less than 1.2.7-14

Definition Id: oval:org.mitre.oval:def:250

Oval ID:	oval:org.mitre.oval:def:250
Title:	Kerberos krb4 Ticket Splicing Vulnerability
Description:	Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0139	Version:	2
Platform(s):	Red Hat Linux 9	Product(s):	krb5
Definition Synopsis:
Red Hat 9 is installed AND ix86 architecture AND krb5-libs version is less than 1.2.7-14 AND krb5-server or krb5-workstation installed krb5-server version is less than 1.2.7-14 AND krb5-workstation version is less than 1.2.7-14

Definition Id: oval:org.mitre.oval:def:2536

Oval ID:	oval:org.mitre.oval:def:2536
Title:	Kerberos 5 KDC Heap Corruption Vulnerability
Description:	The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0082	Version:	2
Platform(s):	Sun Solaris 8	Product(s):	Kerberos5
Definition Synopsis:
Software section Solaris 8 or 9 installed Solaris 8 Installed AND Solaris 9 Installed AND Kerberos v5 (any SUNWkrbr/SUNWkrbu/SUNWkrbux) installed Kerberos v5 - Root (SUNWkrbr) installed AND Kerberos v5 - Usr (SUNWkrbu/SUNWkrbux) installed AND NOT Patches 112237-09 and 112390-08 or later installed Patch 112237-09 or later installed AND Patch 112390-08 or later installed AND NOT Patches 112925-03,112923-03,112921-02, and 112908-10 or later installed Patch 112925-03 or later installed AND Patch 112923-03 or later installed AND Patch 112921-02 or later installed AND Patch 112908-10 or later installed AND Configuration section /etc/krb5/krb5.conf is configured with a kerberos domain

Definition Id: oval:org.mitre.oval:def:4430

Oval ID:	oval:org.mitre.oval:def:4430
Title:	Kerberos 5 KDC Buffer Underrun in Principle Name Handling
Description:	The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0082	Version:	2
Platform(s):	Sun Solaris 7	Product(s):	Solaris Enterprise Authentication Mechanism (SEAM)
Definition Synopsis:
Solaris 7,8,or 9 installed Solaris 8 Installed AND Solaris 7 Installed AND Solaris 9 Installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sv) installed AND NOT Patches 112536-04 and 110057-07 or later installed Patch 112536-04 or later installed AND Patch 110057-07 or later installed AND NOT Patch 110060-04 or later installed AND NOT Patch 116462-01 or later installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Glibc cpe:2.3:a:gnu:glibc:2.3.2:::::::* cpe:2.3:a:gnu:glibc:2.3.1:::::::* cpe:2.3:a:gnu:glibc:2.3:::::::* cpe:2.3:a:gnu:glibc:2.2.5:::::::* cpe:2.3:a:gnu:glibc:2.2.4:::::::* cpe:2.3:a:gnu:glibc:2.2.3:::::::* cpe:2.3:a:gnu:glibc:2.2.2:::::::* cpe:2.3:a:gnu:glibc:2.2.1:::::::* cpe:2.3:a:gnu:glibc:2.2:::::::* cpe:2.3:a:gnu:glibc:2.1.3:::::::* cpe:2.3:a:gnu:glibc:2.1.2:::::::* cpe:2.3:a:gnu:glibc:2.1.1:::::::* cpe:2.3:a:gnu:glibc:2.1:::::::*	13
Application	Mit Kerberos cpe:2.3:a:mit:kerberos:4:::::::* cpe:2.3:a:mit:kerberos:1.2.2.beta1:::::::* cpe:2.3:a:mit:kerberos:1.0:::::::*	3
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.3:alpha1:::::: cpe:2.3:a:mit:kerberos_5:1.2.7:::::::* cpe:2.3:a:mit:kerberos_5:1.2.6:::::::* cpe:2.3:a:mit:kerberos_5:1.2.5:::::::* cpe:2.3:a:mit:kerberos_5:1.2.4:::::::* cpe:2.3:a:mit:kerberos_5:1.2.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.2:::::::* cpe:2.3:a:mit:kerberos_5:1.2.1:::::::* cpe:2.3:a:mit:kerberos_5:1.2:-:::::: cpe:2.3:a:mit:kerberos_5:1.1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.0.6:::::::*	12
Application	Openafs cpe:2.3:a:openafs:openafs:1.3.2:::::::* cpe:2.3:a:openafs:openafs:1.3.1:::::::* cpe:2.3:a:openafs:openafs:1.3:::::::* cpe:2.3:a:openafs:openafs:1.2.6:::::::* cpe:2.3:a:openafs:openafs:1.2.5:::::::* cpe:2.3:a:openafs:openafs:1.2.4:::::::* cpe:2.3:a:openafs:openafs:1.2.3:::::::* cpe:2.3:a:openafs:openafs:1.2.2b:::::::* cpe:2.3:a:openafs:openafs:1.2.2a:::::::* cpe:2.3:a:openafs:openafs:1.2.2:::::::* cpe:2.3:a:openafs:openafs:1.2.1:::::::* cpe:2.3:a:openafs:openafs:1.2:::::::* cpe:2.3:a:openafs:openafs:1.1.1a:::::::* cpe:2.3:a:openafs:openafs:1.1.1:::::::* cpe:2.3:a:openafs:openafs:1.1:::::::* cpe:2.3:a:openafs:openafs:1.0.4a:::::::* cpe:2.3:a:openafs:openafs:1.0.4:::::::* cpe:2.3:a:openafs:openafs:1.0.3:::::::* cpe:2.3:a:openafs:openafs:1.0.2:::::::* cpe:2.3:a:openafs:openafs:1.0.1:::::::* cpe:2.3:a:openafs:openafs:1.0:::::::*	21
Os	Cray Unicos cpe:2.3:o:cray:unicos:9.2.4:::::::* cpe:2.3:o:cray:unicos:9.2:::::::* cpe:2.3:o:cray:unicos:9.0.2.5:::::::* cpe:2.3:o:cray:unicos:9.0:::::::* cpe:2.3:o:cray:unicos:8.3:::::::* cpe:2.3:o:cray:unicos:8.0:::::::* cpe:2.3:o:cray:unicos:7.0:::::::* cpe:2.3:o:cray:unicos:6.1:::::::* cpe:2.3:o:cray:unicos:6.0e:::::::* cpe:2.3:o:cray:unicos:6.0:::::::*	10
Os	Freebsd cpe:2.3:o:freebsd:freebsd:5.0:-:::::: cpe:2.3:o:freebsd:freebsd:4.7:release:::::: cpe:2.3:o:freebsd:freebsd:4.7:stable:::::: cpe:2.3:o:freebsd:freebsd:4.7:-:::::: cpe:2.3:o:freebsd:freebsd:4.6.2:-:::::: cpe:2.3:o:freebsd:freebsd:4.6:stable:::::: cpe:2.3:o:freebsd:freebsd:4.6:release:::::: cpe:2.3:o:freebsd:freebsd:4.6:-:::::: cpe:2.3:o:freebsd:freebsd:4.5:stable:::::: cpe:2.3:o:freebsd:freebsd:4.5:release:::::: cpe:2.3:o:freebsd:freebsd:4.5:-:::::: cpe:2.3:o:freebsd:freebsd:4.4:stable:::::: cpe:2.3:o:freebsd:freebsd:4.4:-:::::: cpe:2.3:o:freebsd:freebsd:4.3:stable:::::: cpe:2.3:o:freebsd:freebsd:4.3:release:::::: cpe:2.3:o:freebsd:freebsd:4.3:-:::::: cpe:2.3:o:freebsd:freebsd:4.2:stable:::::: cpe:2.3:o:freebsd:freebsd:4.2:::::::* cpe:2.3:o:freebsd:freebsd:4.1.1:stable:::::: cpe:2.3:o:freebsd:freebsd:4.1.1:release:::::: cpe:2.3:o:freebsd:freebsd:4.1.1:::::::* cpe:2.3:o:freebsd:freebsd:4.1:::::::* cpe:2.3:o:freebsd:freebsd:4.0:::::::*	23
Os	Hp Hp-Ux cpe:2.3:o:hp:hp-ux:11.22:::::::* cpe:2.3:o:hp:hp-ux:11.20:::::::* cpe:2.3:o:hp:hp-ux:11.11:::::::* cpe:2.3:o:hp:hp-ux:11.04:::::::* cpe:2.3:o:hp:hp-ux:11.00:::::::* cpe:2.3:o:hp:hp-ux:10.24:::::::* cpe:2.3:o:hp:hp-ux:10.20:::::::*	7
Os	Hp Hp-Ux Series 700 cpe:2.3:o:hp:hp-ux_series_700:10.20:::::::*	1
Os	Hp Hp-Ux Series 800 cpe:2.3:o:hp:hp-ux_series_800:10.20:::::::*	1
Os	Ibm Aix cpe:2.3:o:ibm:aix:5.2:::::::* cpe:2.3:o:ibm:aix:5.1:::::::* cpe:2.3:o:ibm:aix:4.3.3:::::::*	3
Os	Openbsd cpe:2.3:o:openbsd:openbsd:3.2:::::::* cpe:2.3:o:openbsd:openbsd:3.1:::::::* cpe:2.3:o:openbsd:openbsd:3.0:::::::* cpe:2.3:o:openbsd:openbsd:2.9:::::::* cpe:2.3:o:openbsd:openbsd:2.8:::::::* cpe:2.3:o:openbsd:openbsd:2.7:::::::* cpe:2.3:o:openbsd:openbsd:2.6:::::::* cpe:2.3:o:openbsd:openbsd:2.5:::::::* cpe:2.3:o:openbsd:openbsd:2.4:::::::* cpe:2.3:o:openbsd:openbsd:2.3:::::::* cpe:2.3:o:openbsd:openbsd:2.2:::::::* cpe:2.3:o:openbsd:openbsd:2.1:::::::* cpe:2.3:o:openbsd:openbsd:2.0:::::::*	13
Os	Sgi Irix cpe:2.3:o:sgi:irix:6.5.9m:::::::* cpe:2.3:o:sgi:irix:6.5.9f:::::::* cpe:2.3:o:sgi:irix:6.5.9:::::::* cpe:2.3:o:sgi:irix:6.5.8m:::::::* cpe:2.3:o:sgi:irix:6.5.8f:::::::* cpe:2.3:o:sgi:irix:6.5.8:::::::* cpe:2.3:o:sgi:irix:6.5.7m:::::::* cpe:2.3:o:sgi:irix:6.5.7f:::::::* cpe:2.3:o:sgi:irix:6.5.7:::::::* cpe:2.3:o:sgi:irix:6.5.6m:::::::* cpe:2.3:o:sgi:irix:6.5.6f:::::::* cpe:2.3:o:sgi:irix:6.5.6:::::::* cpe:2.3:o:sgi:irix:6.5.5m:::::::* cpe:2.3:o:sgi:irix:6.5.5f:::::::* cpe:2.3:o:sgi:irix:6.5.5:::::::* cpe:2.3:o:sgi:irix:6.5.4m:::::::* cpe:2.3:o:sgi:irix:6.5.4f:::::::* cpe:2.3:o:sgi:irix:6.5.4:::::::* cpe:2.3:o:sgi:irix:6.5.3m:::::::* cpe:2.3:o:sgi:irix:6.5.3f:::::::* cpe:2.3:o:sgi:irix:6.5.3:::::::* cpe:2.3:o:sgi:irix:6.5.2m:::::::* cpe:2.3:o:sgi:irix:6.5.2f:::::::* cpe:2.3:o:sgi:irix:6.5.20:::::::* cpe:2.3:o:sgi:irix:6.5.2:::::::* cpe:2.3:o:sgi:irix:6.5.19:::::::* cpe:2.3:o:sgi:irix:6.5.18m:::::::* cpe:2.3:o:sgi:irix:6.5.18f:::::::* cpe:2.3:o:sgi:irix:6.5.18:::::::* cpe:2.3:o:sgi:irix:6.5.17m:::::::* cpe:2.3:o:sgi:irix:6.5.17f:::::::* cpe:2.3:o:sgi:irix:6.5.17:::::::* cpe:2.3:o:sgi:irix:6.5.16m:::::::* cpe:2.3:o:sgi:irix:6.5.16f:::::::* cpe:2.3:o:sgi:irix:6.5.16:::::::* cpe:2.3:o:sgi:irix:6.5.15m:::::::* cpe:2.3:o:sgi:irix:6.5.15f:::::::* cpe:2.3:o:sgi:irix:6.5.15:::::::* cpe:2.3:o:sgi:irix:6.5.14m:::::::* cpe:2.3:o:sgi:irix:6.5.14f:::::::* cpe:2.3:o:sgi:irix:6.5.14:::::::* cpe:2.3:o:sgi:irix:6.5.13m:::::::* cpe:2.3:o:sgi:irix:6.5.13f:::::::* cpe:2.3:o:sgi:irix:6.5.13:::::::* cpe:2.3:o:sgi:irix:6.5.12m:::::::* cpe:2.3:o:sgi:irix:6.5.12f:::::::* cpe:2.3:o:sgi:irix:6.5.12:::::::* cpe:2.3:o:sgi:irix:6.5.11m:::::::* cpe:2.3:o:sgi:irix:6.5.11f:::::::* cpe:2.3:o:sgi:irix:6.5.11:::::::* cpe:2.3:o:sgi:irix:6.5.10m:::::::* cpe:2.3:o:sgi:irix:6.5.10f:::::::* cpe:2.3:o:sgi:irix:6.5.10:::::::* cpe:2.3:o:sgi:irix:6.5.1:::::::* cpe:2.3:o:sgi:irix:6.5:::::::*	55
Os	Sun Solaris cpe:2.3:o:sun:solaris:9.0::x86::::: cpe:2.3:o:sun:solaris:9.0::sparc::::: cpe:2.3:o:sun:solaris:8.0::x86::::: cpe:2.3:o:sun:solaris:7.0::x86::::: cpe:2.3:o:sun:solaris:2.5.1::x86:::::	5
Os	Sun Sunos cpe:2.3:o:sun:sunos:5.8:::::::* cpe:2.3:o:sun:sunos:5.7:::::::* cpe:2.3:o:sun:sunos:5.6:::::::* cpe:2.3:o:sun:sunos:5.5.1:::::::* cpe:2.3:o:sun:sunos:-:::::::*	5

OpenVAS Exploits

Date	Description
2008-01-17	Name : Debian Security Advisory DSA 266-1 (krb5) File : nvt/deb_266_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 269-1 (heimdal) File : nvt/deb_269_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 269-2 (heimdal) File : nvt/deb_269_2.nasl
2008-01-17	Name : Debian Security Advisory DSA 272-1 (dietlibc) File : nvt/deb_272_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 273-1 (krb4) File : nvt/deb_273_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 282-1 (glibc) File : nvt/deb_282_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
4902	MIT Kerberos 5 Key Distribution Center Heap Corruption DoS Kerberos 5 contains a flaw within principal name handling that may allow a remote denial of service. The issue is triggered when a specially crafted request is sent to the KDC, this can result in a heap corruption (buffer underrun) or possibly remote code execution resulting in a loss of avilability and possibly confidentiality and/or integrity.
4901	MIT Kerberos 5 KDC Array Overrun DoS Kerberos 5 contains a flaw that may allow an authenticated attacker to perform a remote denial of service. By sending a request with a name containing no components, one or more empty components, or a missing host name, the KDC will read memory past the end of an array, possibly causing it to crash.
4869	MIT Kerberos 4 Chosen-plaintext Attack Realm Principle Impersonation
4868	MIT Kerberos 4 Triple DES Service Ticket Splicing
4501	RPC XDR xdrmem_getbytes() Function Remote Overflow

Snort® IPS/IDS

Date	Description
2014-01-10	kerberos principal name overflow TCP RuleID : 2579-community - Revision : 8 - Type : SERVER-OTHER
2014-01-10	kerberos principal name overflow TCP RuleID : 2579 - Revision : 8 - Type : SERVER-OTHER
2014-01-10	kerberos principal name overflow UDP RuleID : 2578-community - Revision : 10 - Type : SERVER-OTHER
2014-01-10	kerberos principal name overflow UDP RuleID : 2578 - Revision : 10 - Type : SERVER-OTHER
2014-01-10	portmap proxy integer overflow attempt TCP RuleID : 2093-community - Revision : 13 - Type : PROTOCOL-RPC
2014-01-10	portmap proxy integer overflow attempt TCP RuleID : 2093 - Revision : 13 - Type : PROTOCOL-RPC
2014-01-10	portmap proxy integer overflow attempt UDP RuleID : 2092-community - Revision : 14 - Type : PROTOCOL-RPC
2014-01-10	portmap proxy integer overflow attempt UDP RuleID : 2092 - Revision : 14 - Type : PROTOCOL-RPC

Nessus® Vulnerability Scanner

Date	Description
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-266.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-269.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-272.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-273.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-282.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-037.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-043.nasl - Type : ACT_GATHER_INFO
2004-07-25	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2003_027.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-052.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-090.nasl - Type : ACT_GATHER_INFO
2003-04-03	Name : The remote host is using an authentication protocol with cryptographic weakne... File : kerberos4_crypto_weaknesses.nasl - Type : ACT_GATHER_INFO
2003-04-03	Name : It may be possible to execute arbitrary code on the remote Kerberos server. File : kerberos5_issues.nasl - Type : ACT_GATHER_INFO
2003-03-19	Name : Arbitrary code may be run on the remote server. File : rpc_xdrmem_bytes.nasl - Type : ACT_DESTRUCTIVE_ATTACK

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:31:47	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	6
CPE ID(s)	172
osvdb(s)	5
Openvas Exploit(s)	6
Snort® Rule(s)	8
Nessus® Exploit(s)	13

	Related
7.5	CVE-2003-0139
7.5	CVE-2003-0138
7.5	CVE-2003-0028
5	CVE-2003-0082
5	CVE-2003-0072
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)

7.5 - DSA-266

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU