Executive Summary
Summary | |
---|---|
Title | New krb5 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-543 | First vendor Publication | 2004-08-31 |
Vendor | Debian | Last vendor Modification | 2004-08-31 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The MIT Kerberos Development Team has discovered a number of vulnerabilities in the MIT Kerberos Version 5 software. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2004-0642 [VU#795632] A double-free error may allow unauthenticated remote attackers to execute arbitrary code on KDC or clients. CAN-2004-0643 [VU#866472] Several double-free errors may allow authenticated attackers to execute arbitrary code on Kerberos application servers. CAN-2004-0644 [VU#550464] A remotely eploitable denial of service vulnerability has been found in the KDC and libraries. CAN-2004-0772 [VU#350792] Several double-free errors may allow remote attackers to execute arbitrary code on the server. This does not affect the version in woody. For the stable distribution (woody) these problems have been fixed in version 1.2.4-5woody6. For the unstable distribution (sid) these problems have been fixed in version 1.3.4-3. We recommend that you upgrade your krb5 packages. |
Original Source
Url : http://www.debian.org/security/2004/dsa-543 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-415 | Double Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10014 | |||
Oval ID: | oval:org.mitre.oval:def:10014 | ||
Title: | The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | ||
Description: | The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0644 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10267 | |||
Oval ID: | oval:org.mitre.oval:def:10267 | ||
Title: | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | ||
Description: | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0643 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10709 | |||
Oval ID: | oval:org.mitre.oval:def:10709 | ||
Title: | Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. | ||
Description: | Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0642 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2139 | |||
Oval ID: | oval:org.mitre.oval:def:2139 | ||
Title: | Kerberos 5 ASN.1 Library DoS | ||
Description: | The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0644 | Version: | 1 |
Platform(s): | Sun Solaris 9 | Product(s): | Kerberos5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3322 | |||
Oval ID: | oval:org.mitre.oval:def:3322 | ||
Title: | Kerberos 5 Double-free Vulnerability in krb5_rd_cred Function | ||
Description: | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0643 | Version: | 1 |
Platform(s): | Sun Solaris 9 | Product(s): | Kerberos5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4661 | |||
Oval ID: | oval:org.mitre.oval:def:4661 | ||
Title: | MIT Kerberos 5 Multiple Double-Free Vulnerabilities | ||
Description: | Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0772 | Version: | 1 |
Platform(s): | Sun Solaris 9 | Product(s): | Kerberos5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4936 | |||
Oval ID: | oval:org.mitre.oval:def:4936 | ||
Title: | Kerberos 5 KDC ASN.1 Error Handling Double-free Vulnerabilities | ||
Description: | Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0642 | Version: | 1 |
Platform(s): | Sun Solaris 9 | Product(s): | Kerberos5 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-09 (mit-krb5) File : nvt/glsa_200409_09.nasl |
2008-09-04 | Name : FreeBSD Ports: krb5 File : nvt/freebsd_krb50.nasl |
2008-09-04 | Name : FreeBSD Ports: krb5 File : nvt/freebsd_krb51.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 543-1 (krb5) File : nvt/deb_543_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9409 | MIT Kerberos 5 krb524d Double-free Error Condition Code Execution MIT Kerberos contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is due to a double-free condition inside the Key Distribution Center (KDC) code. Under some circumstances, a KDC host could be compromised by a remote attacker. No further details have been provided. |
9408 | MIT Kerberos 5 krb524d krb5_rd_cred() Arbitrary Code Execution Keberos contains a flaw that may allow a malicious user to execute arbitrary commaands. The issue is triggered when krb5_rd_cread() tries to free allready freed buffers that were returned by decode_krb5_enc_cred_part() when error occurs. It is possible that the flaw may allow compromise entire Kerberos realm if victim is running KDC resulting in a loss of integrity. |
9407 | MIT Kerberos 5 Double-free Error Condition Code Execution MIT Kerberos 5 contains a flaw related to a double free in the KDC ASN.1 error handling code that may allow an attacker to run privileged code of the attackers choosing. MIT note that no published means of exploiting a double free is known, impying that a real world exploit would be difficult at best. Should this feat be achieved, a complete Kerberos realm could be compromised. |
9406 | MIT Kerberos 5 ASN.1 Decoder DoS MIT Kerberos 5 distribution contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker impersonating a legitimate key distribution center or application server may cause a client program to hang inside an infinite loop via a specially crafted BER encoding and will result in loss of availability of the service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_86a98b57fb8e11d89343000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_bd60922bfb8d11d8a13e000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
2004-12-02 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20041202.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-543.nasl - Type : ACT_GATHER_INFO |
2004-09-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-088.nasl - Type : ACT_GATHER_INFO |
2004-09-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-09.nasl - Type : ACT_GATHER_INFO |
2004-09-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-350.nasl - Type : ACT_GATHER_INFO |
2004-09-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-448.nasl - Type : ACT_GATHER_INFO |
2004-08-31 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-276.nasl - Type : ACT_GATHER_INFO |
2004-08-31 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-277.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote host is using an unsupported version of Mac OS X. File : macosx_version.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-052.nasl - Type : ACT_GATHER_INFO |
2003-04-03 | Name : It may be possible to execute arbitrary code on the remote Kerberos server. File : kerberos5_issues.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:25 |
|