9.3 - MDVSA-2013:042

Executive Summary

Informations
Name	MDVSA-2013:042	First vendor Publication	2013-04-05
Vendor	Mandriva	Last vendor Modification	2013-04-05
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been discovered and corrected in krb5:

Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the create privilege (CVE-2012-1013).

The MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability (CVE-2012-1015).

It was reported that the KDC plugin for PKINIT could dereference a NULL pointer when a malformed packet caused processing to terminate early, which led to a crash of the KDC process. An attacker would require a valid PKINIT certificate or have observed a successful PKINIT authentication to execute a successful attack. In addition, an unauthenticated attacker could execute the attack of anonymouse PKINIT was enabled (CVE-2013-1415).

The updated packages have been patched to correct these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:042

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-476	NULL Pointer Dereference
50 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20176

Oval ID:	oval:org.mitre.oval:def:20176
Title:	DSA-2518-1 krb5 - denial of service
Description:	Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol.
Family:	unix	Class:	patch
Reference(s):	DSA-2518-1 CVE-2012-1014 CVE-2012-1015	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	krb5
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND krb5 DPKG is earlier than 0:1.8.3+dfsg-4squeeze6

Definition Id: oval:org.mitre.oval:def:20746

Oval ID:	oval:org.mitre.oval:def:20746
Title:	RHSA-2013:0656: krb5 security update (Moderate)
Description:	The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0656-01 CESA-2013:0656 CVE-2012-1016 CVE-2013-1415	Version:	31
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	krb5
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section krb5-devel is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.1 AND krb5-workstation is earlier than 0:1.10.3-10.el6_4.1 AND krb5-libs is earlier than 0:1.10.3-10.el6_4.1 AND krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server is earlier than 0:1.10.3-10.el6_4.1 AND krb5 is earlier than 0:1.10.3-10.el6_4.1

Definition Id: oval:org.mitre.oval:def:21369

Oval ID:	oval:org.mitre.oval:def:21369
Title:	RHSA-2012:1131: krb5 security update (Important)
Description:	The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1131-01 CESA-2012:1131 CVE-2012-1013 CVE-2012-1015	Version:	29
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	krb5
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section krb5-server-ldap is earlier than 0:1.9-33.el6_3.2 AND krb5-devel is earlier than 0:1.9-33.el6_3.2 AND krb5-workstation is earlier than 0:1.9-33.el6_3.2 AND krb5-libs is earlier than 0:1.9-33.el6_3.2 AND krb5-pkinit-openssl is earlier than 0:1.9-33.el6_3.2 AND krb5-server is earlier than 0:1.9-33.el6_3.2 AND krb5 is earlier than 0:1.9-33.el6_3.2

Definition Id: oval:org.mitre.oval:def:23680

Oval ID:	oval:org.mitre.oval:def:23680
Title:	ELSA-2013:0656: krb5 security update (Moderate)
Description:	The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0656-01 CVE-2012-1016 CVE-2013-1415	Version:	13
Platform(s):	Oracle Linux 6	Product(s):	krb5
Definition Synopsis:
Oracle Linux 6.x rpm test krb5-devel is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.1 AND krb5-workstation is earlier than 0:1.10.3-10.el6_4.1 AND krb5-libs is earlier than 0:1.10.3-10.el6_4.1 AND krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server is earlier than 0:1.10.3-10.el6_4.1 AND krb5 is earlier than 0:1.10.3-10.el6_4.1

Definition Id: oval:org.mitre.oval:def:23941

Oval ID:	oval:org.mitre.oval:def:23941
Title:	ELSA-2012:1131: krb5 security update (Important)
Description:	The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1131-01 CVE-2012-1013 CVE-2012-1015	Version:	13
Platform(s):	Oracle Linux 6	Product(s):	krb5
Definition Synopsis:
Oracle Linux 6.x rpm test krb5-server-ldap is earlier than 0:1.9-33.el6_3.2 AND krb5-devel is earlier than 0:1.9-33.el6_3.2 AND krb5-workstation is earlier than 0:1.9-33.el6_3.2 AND krb5-libs is earlier than 0:1.9-33.el6_3.2 AND krb5-pkinit-openssl is earlier than 0:1.9-33.el6_3.2 AND krb5-server is earlier than 0:1.9-33.el6_3.2 AND krb5 is earlier than 0:1.9-33.el6_3.2

Definition Id: oval:org.mitre.oval:def:25740

Oval ID:	oval:org.mitre.oval:def:25740
Title:	SUSE-SU-2013:0558-1 -- Security update for Kerberos 5
Description:	This update for Kerberos 5 fixes one security issue: The KDC plugin for PKINIT can dereference a null pointer when processing malformed packets, leading to a crash of the KDC process. (bnc#806715, CVE-2013-1415) Additionally, it improves compatibility with processes that handle large numbers of open files. (bnc#787272)
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0558-1 CVE-2013-1415	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Kerberos 5
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section krb5 RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-client RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-32bit RPM is earlier than 0:1.6.3-133.49.54.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section krb5-apps-clients RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-apps-servers RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-plugin-kdb-ldap RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-plugin-preauth-pkinit RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-server RPM is earlier than 0:1.6.3-133.49.54.1

Definition Id: oval:org.mitre.oval:def:27142

Oval ID:	oval:org.mitre.oval:def:27142
Title:	DEPRECATED: ELSA-2013-0656 -- krb5 security update (moderate)
Description:	[1.10.3-10.1] - incorporate upstream patch to fix a NULL pointer dereference when the client supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917909) - add patch to avoid dereferencing a NULL pointer in the KDC when handling a draft9 PKINIT request (#917909, CVE-2012-1016)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0656 CVE-2012-1016 CVE-2013-1415	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	krb5
Definition Synopsis:
Oracle Linux 6.x Packages match section krb5 is earlier than 0:1.10.3-10.el6_4.1 AND krb5-devel is earlier than 0:1.10.3-10.el6_4.1 AND krb5-libs is earlier than 0:1.10.3-10.el6_4.1 AND krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.1 AND krb5-workstation is earlier than 0:1.10.3-10.el6_4.1

Definition Id: oval:org.mitre.oval:def:27301

Oval ID:	oval:org.mitre.oval:def:27301
Title:	DEPRECATED: ELSA-2012-1131 -- krb5 security update (important)
Description:	[1.9-33.2] - pull up the patch to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013, #827517) [1.9-33.1] - add candidate patch from upstream to fix freeing uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1015, #839859)
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1131 CVE-2012-1013 CVE-2012-1015	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	krb5
Definition Synopsis:
Oracle Linux 6.x Packages match section krb5 is earlier than 0:1.9-33.el6_3.2 AND krb5-devel is earlier than 0:1.9-33.el6_3.2 AND krb5-libs is earlier than 0:1.9-33.el6_3.2 AND krb5-pkinit-openssl is earlier than 0:1.9-33.el6_3.2 AND krb5-server is earlier than 0:1.9-33.el6_3.2 AND krb5-server-ldap is earlier than 0:1.9-33.el6_3.2 AND krb5-workstation is earlier than 0:1.9-33.el6_3.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.9.4:::::::* cpe:2.3:a:mit:kerberos_5:1.9.3:::::::* cpe:2.3:a:mit:kerberos_5:1.9.2:::::::* cpe:2.3:a:mit:kerberos_5:1.9.1:::::::* cpe:2.3:a:mit:kerberos_5:1.9:::::::* cpe:2.3:a:mit:kerberos_5:1.8.6:::::::* cpe:2.3:a:mit:kerberos_5:1.8.5:::::::* cpe:2.3:a:mit:kerberos_5:1.8.4:::::::* cpe:2.3:a:mit:kerberos_5:1.8.3:::::::* cpe:2.3:a:mit:kerberos_5:1.8.2:::::::* cpe:2.3:a:mit:kerberos_5:1.8.1:::::::* cpe:2.3:a:mit:kerberos_5:1.8:::::::* cpe:2.3:a:mit:kerberos_5:1.7.1:::::::* cpe:2.3:a:mit:kerberos_5:1.7:::::::* cpe:2.3:a:mit:kerberos_5:1.6.3_kdc:::::::* cpe:2.3:a:mit:kerberos_5:1.6.3:::::::* cpe:2.3:a:mit:kerberos_5:1.6.2:::::::* cpe:2.3:a:mit:kerberos_5:1.6.1:::::::* cpe:2.3:a:mit:kerberos_5:1.6:::::::* cpe:2.3:a:mit:kerberos_5:1.5.3:::::::* cpe:2.3:a:mit:kerberos_5:1.5.2:::::::* cpe:2.3:a:mit:kerberos_5:1.5.1:::::::* cpe:2.3:a:mit:kerberos_5:1.5:::::::* cpe:2.3:a:mit:kerberos_5:1.4.4:::::::* cpe:2.3:a:mit:kerberos_5:1.4.3:::::::* cpe:2.3:a:mit:kerberos_5:1.4.2:::::::* cpe:2.3:a:mit:kerberos_5:1.4.1:::::::* cpe:2.3:a:mit:kerberos_5:1.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.6:::::::* cpe:2.3:a:mit:kerberos_5:1.3.5:::::::* cpe:2.3:a:mit:kerberos_5:1.3.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.3:::::::* cpe:2.3:a:mit:kerberos_5:1.3.2:::::::* cpe:2.3:a:mit:kerberos_5:1.3.1:::::::* cpe:2.3:a:mit:kerberos_5:1.3:-:::::: cpe:2.3:a:mit:kerberos_5:1.3:alpha1:::::: cpe:2.3:a:mit:kerberos_5:1.2.8:::::::* cpe:2.3:a:mit:kerberos_5:1.2.7:::::::* cpe:2.3:a:mit:kerberos_5:1.2.6:::::::* cpe:2.3:a:mit:kerberos_5:1.2.5:::::::* cpe:2.3:a:mit:kerberos_5:1.2.4:::::::* cpe:2.3:a:mit:kerberos_5:1.2.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.2:::::::* cpe:2.3:a:mit:kerberos_5:1.2.1:::::::* cpe:2.3:a:mit:kerberos_5:1.2:beta2:::::: cpe:2.3:a:mit:kerberos_5:1.2:-:::::: cpe:2.3:a:mit:kerberos_5:1.2:beta1:::::: cpe:2.3:a:mit:kerberos_5:1.11:::::::* cpe:2.3:a:mit:kerberos_5:1.10.3:::::::* cpe:2.3:a:mit:kerberos_5:1.10.2:::::::* cpe:2.3:a:mit:kerberos_5:1.10.1:::::::* cpe:2.3:a:mit:kerberos_5:1.10:::::::* cpe:2.3:a:mit:kerberos_5:1.1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.0.6:::::::* cpe:2.3:a:mit:kerberos_5:1.0:-:::::: cpe:2.3:a:mit:kerberos_5:::::::: cpe:2.3:a:mit:kerberos_5:-:::::::*	58
Os	Opensuse cpe:2.3:o:opensuse:opensuse:11.4:::::::*	1

OpenVAS Exploits

Date	Description
2012-08-30	Name : Fedora Update for krb5 FEDORA-2012-11388 File : nvt/gb_fedora_2012_11388_krb5_fc17.nasl
2012-08-30	Name : Fedora Update for krb5 FEDORA-2012-8784 File : nvt/gb_fedora_2012_8784_krb5_fc17.nasl
2012-08-14	Name : Fedora Update for krb5 FEDORA-2012-11370 File : nvt/gb_fedora_2012_11370_krb5_fc16.nasl
2012-08-10	Name : Debian Security Advisory DSA 2518-1 (krb5) File : nvt/deb_2518_1.nasl
2012-08-03	Name : CentOS Update for krb5-devel CESA-2012:1131 centos6 File : nvt/gb_CESA-2012_1131_krb5-devel_centos6.nasl
2012-08-03	Name : RedHat Update for krb5 RHSA-2012:1131-01 File : nvt/gb_RHSA-2012_1131-01_krb5.nasl
2012-08-03	Name : Mandriva Update for krb5 MDVSA-2012:120 (krb5) File : nvt/gb_mandriva_MDVSA_2012_120.nasl
2012-08-03	Name : Ubuntu Update for krb5 USN-1520-1 File : nvt/gb_ubuntu_USN_1520_1.nasl
2012-07-10	Name : Mandriva Update for krb5 MDVSA-2012:102 (krb5) File : nvt/gb_mandriva_MDVSA_2012_102.nasl
2012-06-15	Name : Fedora Update for krb5 FEDORA-2012-8803 File : nvt/gb_fedora_2012_8803_krb5_fc16.nasl
2012-06-15	Name : Fedora Update for krb5 FEDORA-2012-8805 File : nvt/gb_fedora_2012_8805_krb5_fc15.nasl

Nessus® Vulnerability Scanner

Date	Description
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20130924.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0034.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1200.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2310-1.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-224.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-497.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-360.nasl - Type : ACT_GATHER_INFO
2013-12-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-12.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-114.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0656.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1131.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1131.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-042.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-130306.nasl - Type : ACT_GATHER_INFO
2013-03-23	Name : The remote Fedora host is missing a security update. File : fedora_2013-3147.nasl - Type : ACT_GATHER_INFO
2013-03-20	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0656.nasl - Type : ACT_GATHER_INFO
2013-03-19	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130318_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-03-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0656.nasl - Type : ACT_GATHER_INFO
2013-03-17	Name : The remote Fedora host is missing a security update. File : fedora_2013-3116.nasl - Type : ACT_GATHER_INFO
2013-02-24	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f54584bc7d2b11e29bd1206a8a720317.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-120.nasl - Type : ACT_GATHER_INFO
2012-08-10	Name : The remote Fedora host is missing a security update. File : fedora_2012-11370.nasl - Type : ACT_GATHER_INFO
2012-08-06	Name : The remote Fedora host is missing a security update. File : fedora_2012-11388.nasl - Type : ACT_GATHER_INFO
2012-08-03	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120731_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1131.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1520-1.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2518.nasl - Type : ACT_GATHER_INFO
2012-07-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-102.nasl - Type : ACT_GATHER_INFO
2012-06-14	Name : The remote Fedora host is missing a security update. File : fedora_2012-8805.nasl - Type : ACT_GATHER_INFO
2012-06-14	Name : The remote Fedora host is missing a security update. File : fedora_2012-8803.nasl - Type : ACT_GATHER_INFO
2012-06-14	Name : The remote Fedora host is missing a security update. File : fedora_2012-8784.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:43:24	Multiple Updates
2013-04-05 17:17:22	First insertion

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	8
CPE ID(s)	59
Openvas Exploit(s)	11
Nessus® Exploit(s)	31

	Related
9.3	CVE-2012-1015
5	CVE-2013-1415
4	CVE-2012-1013
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

9.3 - MDVSA-2013:042

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU