Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2013:042 | First vendor Publication | 2013-04-05 |
Vendor | Mandriva | Last vendor Modification | 2013-04-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been discovered and corrected in krb5: Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the create privilege (CVE-2012-1013). The MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability (CVE-2012-1015). It was reported that the KDC plugin for PKINIT could dereference a NULL pointer when a malformed packet caused processing to terminate early, which led to a crash of the KDC process. An attacker would require a valid PKINIT certificate or have observed a successful PKINIT authentication to execute a successful attack. In addition, an unauthenticated attacker could execute the attack of anonymouse PKINIT was enabled (CVE-2013-1415). The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:042 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-476 | NULL Pointer Dereference |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20176 | |||
Oval ID: | oval:org.mitre.oval:def:20176 | ||
Title: | DSA-2518-1 krb5 - denial of service | ||
Description: | Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2518-1 CVE-2012-1014 CVE-2012-1015 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20746 | |||
Oval ID: | oval:org.mitre.oval:def:20746 | ||
Title: | RHSA-2013:0656: krb5 security update (Moderate) | ||
Description: | The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0656-01 CESA-2013:0656 CVE-2012-1016 CVE-2013-1415 | Version: | 31 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21369 | |||
Oval ID: | oval:org.mitre.oval:def:21369 | ||
Title: | RHSA-2012:1131: krb5 security update (Important) | ||
Description: | The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1131-01 CESA-2012:1131 CVE-2012-1013 CVE-2012-1015 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23680 | |||
Oval ID: | oval:org.mitre.oval:def:23680 | ||
Title: | ELSA-2013:0656: krb5 security update (Moderate) | ||
Description: | The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0656-01 CVE-2012-1016 CVE-2013-1415 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23941 | |||
Oval ID: | oval:org.mitre.oval:def:23941 | ||
Title: | ELSA-2012:1131: krb5 security update (Important) | ||
Description: | The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1131-01 CVE-2012-1013 CVE-2012-1015 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25740 | |||
Oval ID: | oval:org.mitre.oval:def:25740 | ||
Title: | SUSE-SU-2013:0558-1 -- Security update for Kerberos 5 | ||
Description: | This update for Kerberos 5 fixes one security issue: The KDC plugin for PKINIT can dereference a null pointer when processing malformed packets, leading to a crash of the KDC process. (bnc#806715, CVE-2013-1415) Additionally, it improves compatibility with processes that handle large numbers of open files. (bnc#787272) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0558-1 CVE-2013-1415 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Kerberos 5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27142 | |||
Oval ID: | oval:org.mitre.oval:def:27142 | ||
Title: | DEPRECATED: ELSA-2013-0656 -- krb5 security update (moderate) | ||
Description: | [1.10.3-10.1] - incorporate upstream patch to fix a NULL pointer dereference when the client supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917909) - add patch to avoid dereferencing a NULL pointer in the KDC when handling a draft9 PKINIT request (#917909, CVE-2012-1016) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0656 CVE-2012-1016 CVE-2013-1415 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27301 | |||
Oval ID: | oval:org.mitre.oval:def:27301 | ||
Title: | DEPRECATED: ELSA-2012-1131 -- krb5 security update (important) | ||
Description: | [1.9-33.2] - pull up the patch to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013, #827517) [1.9-33.1] - add candidate patch from upstream to fix freeing uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1015, #839859) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1131 CVE-2012-1013 CVE-2012-1015 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-30 | Name : Fedora Update for krb5 FEDORA-2012-11388 File : nvt/gb_fedora_2012_11388_krb5_fc17.nasl |
2012-08-30 | Name : Fedora Update for krb5 FEDORA-2012-8784 File : nvt/gb_fedora_2012_8784_krb5_fc17.nasl |
2012-08-14 | Name : Fedora Update for krb5 FEDORA-2012-11370 File : nvt/gb_fedora_2012_11370_krb5_fc16.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2518-1 (krb5) File : nvt/deb_2518_1.nasl |
2012-08-03 | Name : CentOS Update for krb5-devel CESA-2012:1131 centos6 File : nvt/gb_CESA-2012_1131_krb5-devel_centos6.nasl |
2012-08-03 | Name : RedHat Update for krb5 RHSA-2012:1131-01 File : nvt/gb_RHSA-2012_1131-01_krb5.nasl |
2012-08-03 | Name : Mandriva Update for krb5 MDVSA-2012:120 (krb5) File : nvt/gb_mandriva_MDVSA_2012_120.nasl |
2012-08-03 | Name : Ubuntu Update for krb5 USN-1520-1 File : nvt/gb_ubuntu_USN_1520_1.nasl |
2012-07-10 | Name : Mandriva Update for krb5 MDVSA-2012:102 (krb5) File : nvt/gb_mandriva_MDVSA_2012_102.nasl |
2012-06-15 | Name : Fedora Update for krb5 FEDORA-2012-8803 File : nvt/gb_fedora_2012_8803_krb5_fc16.nasl |
2012-06-15 | Name : Fedora Update for krb5 FEDORA-2012-8805 File : nvt/gb_fedora_2012_8805_krb5_fc15.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20130924.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0034.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1200.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2310-1.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-224.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-497.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-360.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-12.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-114.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0656.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1131.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1131.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-042.nasl - Type : ACT_GATHER_INFO |
2013-03-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-130306.nasl - Type : ACT_GATHER_INFO |
2013-03-23 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3147.nasl - Type : ACT_GATHER_INFO |
2013-03-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0656.nasl - Type : ACT_GATHER_INFO |
2013-03-19 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130318_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-03-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0656.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3116.nasl - Type : ACT_GATHER_INFO |
2013-02-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f54584bc7d2b11e29bd1206a8a720317.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-120.nasl - Type : ACT_GATHER_INFO |
2012-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11370.nasl - Type : ACT_GATHER_INFO |
2012-08-06 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11388.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120731_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1131.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1520-1.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2518.nasl - Type : ACT_GATHER_INFO |
2012-07-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-102.nasl - Type : ACT_GATHER_INFO |
2012-06-14 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8805.nasl - Type : ACT_GATHER_INFO |
2012-06-14 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8803.nasl - Type : ACT_GATHER_INFO |
2012-06-14 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8784.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:24 |
|
2013-04-05 17:17:22 |
|