Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2012:111 | First vendor Publication | 2012-07-25 |
Vendor | Mandriva | Last vendor Modification | 2012-08-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been discovered and corrected in krb5: The MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability (CVE-2012-1015). The updated packages have been patched to correct this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:111 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17607 | |||
Oval ID: | oval:org.mitre.oval:def:17607 | ||
Title: | USN-1547-1 -- libgdata, evolution-data-server vulnerability | ||
Description: | Applications using GData services could be made to expose sensitive information over the network. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1547-1 CVE-2012-1177 | Version: | 7 |
Platform(s): | Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | libgdata evolution-data-server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20176 | |||
Oval ID: | oval:org.mitre.oval:def:20176 | ||
Title: | DSA-2518-1 krb5 - denial of service | ||
Description: | Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2518-1 CVE-2012-1014 CVE-2012-1015 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20177 | |||
Oval ID: | oval:org.mitre.oval:def:20177 | ||
Title: | DSA-2482-1 libgdata - no verification of TLS certificates against system root CA | ||
Description: | Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an HTTPS connection. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2482-1 CVE-2012-1177 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libgdata |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21369 | |||
Oval ID: | oval:org.mitre.oval:def:21369 | ||
Title: | RHSA-2012:1131: krb5 security update (Important) | ||
Description: | The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1131-01 CESA-2012:1131 CVE-2012-1013 CVE-2012-1015 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23941 | |||
Oval ID: | oval:org.mitre.oval:def:23941 | ||
Title: | ELSA-2012:1131: krb5 security update (Important) | ||
Description: | The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1131-01 CVE-2012-1013 CVE-2012-1015 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27301 | |||
Oval ID: | oval:org.mitre.oval:def:27301 | ||
Title: | DEPRECATED: ELSA-2012-1131 -- krb5 security update (important) | ||
Description: | [1.9-33.2] - pull up the patch to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013, #827517) [1.9-33.1] - add candidate patch from upstream to fix freeing uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1015, #839859) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1131 CVE-2012-1013 CVE-2012-1015 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-06 | Name : Ubuntu Update for libgdata USN-1547-1 File : nvt/gb_ubuntu_USN_1547_1.nasl |
2012-08-30 | Name : Fedora Update for krb5 FEDORA-2012-11388 File : nvt/gb_fedora_2012_11388_krb5_fc17.nasl |
2012-08-30 | Name : Gentoo Security Advisory GLSA 201208-06 (libgdata) File : nvt/glsa_201208_06.nasl |
2012-08-14 | Name : Fedora Update for krb5 FEDORA-2012-11370 File : nvt/gb_fedora_2012_11370_krb5_fc16.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2518-1 (krb5) File : nvt/deb_2518_1.nasl |
2012-08-03 | Name : CentOS Update for krb5-devel CESA-2012:1131 centos6 File : nvt/gb_CESA-2012_1131_krb5-devel_centos6.nasl |
2012-08-03 | Name : RedHat Update for krb5 RHSA-2012:1131-01 File : nvt/gb_RHSA-2012_1131-01_krb5.nasl |
2012-08-03 | Name : Mandriva Update for krb5 MDVSA-2012:120 (krb5) File : nvt/gb_mandriva_MDVSA_2012_120.nasl |
2012-08-03 | Name : Ubuntu Update for krb5 USN-1520-1 File : nvt/gb_ubuntu_USN_1520_1.nasl |
2012-07-26 | Name : Mandriva Update for libgdata MDVSA-2012:111 (libgdata) File : nvt/gb_mandriva_MDVSA_2012_111.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1200.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-497.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-381.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-12.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-114.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1131.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1131.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-042.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-111.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-120.nasl - Type : ACT_GATHER_INFO |
2012-08-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1547-1.nasl - Type : ACT_GATHER_INFO |
2012-08-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201208-06.nasl - Type : ACT_GATHER_INFO |
2012-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11370.nasl - Type : ACT_GATHER_INFO |
2012-08-06 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11388.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120731_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1131.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1520-1.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2518.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2482.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:02 |
|
2013-04-05 13:19:45 |
|