7.1 - MDVSA-2013:157

Executive Summary

Informations
Name	MDVSA-2013:157	First vendor Publication	2013-04-30
Vendor	Mandriva	Last vendor Modification	2013-04-30
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.1	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been discovered and corrected in krb5:

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request (CVE-2013-1415).

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request (CVE-2013-1416).

The updated packages have been patched to correct these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:157

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-476	NULL Pointer Dereference

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20746

Oval ID:	oval:org.mitre.oval:def:20746
Title:	RHSA-2013:0656: krb5 security update (Moderate)
Description:	The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0656-01 CESA-2013:0656 CVE-2012-1016 CVE-2013-1415	Version:	31
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	krb5
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section krb5-devel is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.1 AND krb5-workstation is earlier than 0:1.10.3-10.el6_4.1 AND krb5-libs is earlier than 0:1.10.3-10.el6_4.1 AND krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server is earlier than 0:1.10.3-10.el6_4.1 AND krb5 is earlier than 0:1.10.3-10.el6_4.1

Definition Id: oval:org.mitre.oval:def:21099

Oval ID:	oval:org.mitre.oval:def:21099
Title:	RHSA-2013:0748: krb5 security update (Moderate)
Description:	The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0748-01 CESA-2013:0748 CVE-2013-1416	Version:	4
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	krb5
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section krb5-devel is earlier than 0:1.10.3-10.el6_4.2 AND krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.2 AND krb5-workstation is earlier than 0:1.10.3-10.el6_4.2 AND krb5-libs is earlier than 0:1.10.3-10.el6_4.2 AND krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.2 AND krb5-server is earlier than 0:1.10.3-10.el6_4.2 AND krb5 is earlier than 0:1.10.3-10.el6_4.2

Definition Id: oval:org.mitre.oval:def:23680

Oval ID:	oval:org.mitre.oval:def:23680
Title:	ELSA-2013:0656: krb5 security update (Moderate)
Description:	The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0656-01 CVE-2012-1016 CVE-2013-1415	Version:	13
Platform(s):	Oracle Linux 6	Product(s):	krb5
Definition Synopsis:
Oracle Linux 6.x rpm test krb5-devel is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.1 AND krb5-workstation is earlier than 0:1.10.3-10.el6_4.1 AND krb5-libs is earlier than 0:1.10.3-10.el6_4.1 AND krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server is earlier than 0:1.10.3-10.el6_4.1 AND krb5 is earlier than 0:1.10.3-10.el6_4.1

Definition Id: oval:org.mitre.oval:def:24122

Oval ID:	oval:org.mitre.oval:def:24122
Title:	ELSA-2013:0748: krb5 security update (Moderate)
Description:	The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0748-01 CVE-2013-1416	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	krb5
Definition Synopsis:
Oracle Linux 6.x rpm test krb5-devel is earlier than 0:1.10.3-10.el6_4.2 AND krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.2 AND krb5-workstation is earlier than 0:1.10.3-10.el6_4.2 AND krb5-libs is earlier than 0:1.10.3-10.el6_4.2 AND krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.2 AND krb5-server is earlier than 0:1.10.3-10.el6_4.2 AND krb5 is earlier than 0:1.10.3-10.el6_4.2

Definition Id: oval:org.mitre.oval:def:25740

Oval ID:	oval:org.mitre.oval:def:25740
Title:	SUSE-SU-2013:0558-1 -- Security update for Kerberos 5
Description:	This update for Kerberos 5 fixes one security issue: The KDC plugin for PKINIT can dereference a null pointer when processing malformed packets, leading to a crash of the KDC process. (bnc#806715, CVE-2013-1415) Additionally, it improves compatibility with processes that handle large numbers of open files. (bnc#787272)
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0558-1 CVE-2013-1415	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Kerberos 5
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section krb5 RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-client RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-32bit RPM is earlier than 0:1.6.3-133.49.54.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section krb5-apps-clients RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-apps-servers RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-plugin-kdb-ldap RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-plugin-preauth-pkinit RPM is earlier than 0:1.6.3-133.49.54.1 AND krb5-server RPM is earlier than 0:1.6.3-133.49.54.1

Definition Id: oval:org.mitre.oval:def:27142

Oval ID:	oval:org.mitre.oval:def:27142
Title:	DEPRECATED: ELSA-2013-0656 -- krb5 security update (moderate)
Description:	[1.10.3-10.1] - incorporate upstream patch to fix a NULL pointer dereference when the client supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917909) - add patch to avoid dereferencing a NULL pointer in the KDC when handling a draft9 PKINIT request (#917909, CVE-2012-1016)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0656 CVE-2012-1016 CVE-2013-1415	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	krb5
Definition Synopsis:
Oracle Linux 6.x Packages match section krb5 is earlier than 0:1.10.3-10.el6_4.1 AND krb5-devel is earlier than 0:1.10.3-10.el6_4.1 AND krb5-libs is earlier than 0:1.10.3-10.el6_4.1 AND krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server is earlier than 0:1.10.3-10.el6_4.1 AND krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.1 AND krb5-workstation is earlier than 0:1.10.3-10.el6_4.1

Definition Id: oval:org.mitre.oval:def:27468

Oval ID:	oval:org.mitre.oval:def:27468
Title:	DEPRECATED: ELSA-2013-0748 -- krb5 security update (moderate)
Description:	[1.10.3-10.2] - incorporate upstream patch to fix a NULL pointer dereference while processing certain TGS requests (CVE-2013-1416, #950342)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0748 CVE-2013-1416	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	krb5
Definition Synopsis:
Oracle Linux 6.x Packages match section krb5 is earlier than 0:1.10.3-10.el6_4.2 AND krb5-devel is earlier than 0:1.10.3-10.el6_4.2 AND krb5-libs is earlier than 0:1.10.3-10.el6_4.2 AND krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.2 AND krb5-server is earlier than 0:1.10.3-10.el6_4.2 AND krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.2 AND krb5-workstation is earlier than 0:1.10.3-10.el6_4.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.9.4:::::::* cpe:2.3:a:mit:kerberos_5:1.9.3:::::::* cpe:2.3:a:mit:kerberos_5:1.9.2:::::::* cpe:2.3:a:mit:kerberos_5:1.9.1:::::::* cpe:2.3:a:mit:kerberos_5:1.9:::::::* cpe:2.3:a:mit:kerberos_5:1.8.6:::::::* cpe:2.3:a:mit:kerberos_5:1.8.5:::::::* cpe:2.3:a:mit:kerberos_5:1.8.4:::::::* cpe:2.3:a:mit:kerberos_5:1.8.3:::::::* cpe:2.3:a:mit:kerberos_5:1.8.2:::::::* cpe:2.3:a:mit:kerberos_5:1.8.1:::::::* cpe:2.3:a:mit:kerberos_5:1.8:::::::* cpe:2.3:a:mit:kerberos_5:1.7.1:::::::* cpe:2.3:a:mit:kerberos_5:1.7:::::::* cpe:2.3:a:mit:kerberos_5:1.6.3_kdc:::::::* cpe:2.3:a:mit:kerberos_5:1.6.3:::::::* cpe:2.3:a:mit:kerberos_5:1.6.2:::::::* cpe:2.3:a:mit:kerberos_5:1.6.1:::::::* cpe:2.3:a:mit:kerberos_5:1.6:::::::* cpe:2.3:a:mit:kerberos_5:1.5.3:::::::* cpe:2.3:a:mit:kerberos_5:1.5.2:::::::* cpe:2.3:a:mit:kerberos_5:1.5.1:::::::* cpe:2.3:a:mit:kerberos_5:1.5:::::::* cpe:2.3:a:mit:kerberos_5:1.4.4:::::::* cpe:2.3:a:mit:kerberos_5:1.4.3:::::::* cpe:2.3:a:mit:kerberos_5:1.4.2:::::::* cpe:2.3:a:mit:kerberos_5:1.4.1:::::::* cpe:2.3:a:mit:kerberos_5:1.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.6:::::::* cpe:2.3:a:mit:kerberos_5:1.3.5:::::::* cpe:2.3:a:mit:kerberos_5:1.3.4:::::::* cpe:2.3:a:mit:kerberos_5:1.3.3:::::::* cpe:2.3:a:mit:kerberos_5:1.3.2:::::::* cpe:2.3:a:mit:kerberos_5:1.3.1:::::::* cpe:2.3:a:mit:kerberos_5:1.3:-:::::: cpe:2.3:a:mit:kerberos_5:1.3:alpha1:::::: cpe:2.3:a:mit:kerberos_5:1.2.8:::::::* cpe:2.3:a:mit:kerberos_5:1.2.7:::::::* cpe:2.3:a:mit:kerberos_5:1.2.6:::::::* cpe:2.3:a:mit:kerberos_5:1.2.5:::::::* cpe:2.3:a:mit:kerberos_5:1.2.4:::::::* cpe:2.3:a:mit:kerberos_5:1.2.3:::::::* cpe:2.3:a:mit:kerberos_5:1.2.2:::::::* cpe:2.3:a:mit:kerberos_5:1.2.1:::::::* cpe:2.3:a:mit:kerberos_5:1.2:-:::::: cpe:2.3:a:mit:kerberos_5:1.2:beta1:::::: cpe:2.3:a:mit:kerberos_5:1.2:beta2:::::: cpe:2.3:a:mit:kerberos_5:1.11:::::::* cpe:2.3:a:mit:kerberos_5:1.10.4:::::::* cpe:2.3:a:mit:kerberos_5:1.10.3:::::::* cpe:2.3:a:mit:kerberos_5:1.10.2:::::::* cpe:2.3:a:mit:kerberos_5:1.10.1:::::::* cpe:2.3:a:mit:kerberos_5:1.10:::::::* cpe:2.3:a:mit:kerberos_5:1.1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.0.6:::::::* cpe:2.3:a:mit:kerberos_5:1.0:-:::::: cpe:2.3:a:mit:kerberos_5:::::::: cpe:2.3:a:mit:kerberos_5:-:::::::*	59
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:18:::::::* cpe:2.3:o:fedoraproject:fedora:17:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:12.3:::::::* cpe:2.3:o:opensuse:opensuse:12.2:::::::* cpe:2.3:o:opensuse:opensuse:12.1:::::::* cpe:2.3:o:opensuse:opensuse:11.4:::::::*	4
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	1
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	1
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*	1
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-05-09	IAVM : 2013-B-0044 - MIT Kerberos Denial of Service Vulnerabilities Severity : Category I - VMSKEY : V0037773

Snort® IPS/IDS

Date	Description
2014-01-10	MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt RuleID : 27906 - Revision : 3 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20130924.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20130716.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0034.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2310-1.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-401.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-224.nasl - Type : ACT_GATHER_INFO
2013-12-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-12.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-182.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0748.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0656.nasl - Type : ACT_GATHER_INFO
2013-05-01	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-158.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-042.nasl - Type : ACT_GATHER_INFO
2013-04-18	Name : The remote Fedora host is missing a security update. File : fedora_2013-5286.nasl - Type : ACT_GATHER_INFO
2013-04-18	Name : The remote Fedora host is missing a security update. File : fedora_2013-5280.nasl - Type : ACT_GATHER_INFO
2013-04-18	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0748.nasl - Type : ACT_GATHER_INFO
2013-04-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0748.nasl - Type : ACT_GATHER_INFO
2013-04-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130416_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-130306.nasl - Type : ACT_GATHER_INFO
2013-03-23	Name : The remote Fedora host is missing a security update. File : fedora_2013-3147.nasl - Type : ACT_GATHER_INFO
2013-03-20	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0656.nasl - Type : ACT_GATHER_INFO
2013-03-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0656.nasl - Type : ACT_GATHER_INFO
2013-03-19	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130318_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-03-17	Name : The remote Fedora host is missing a security update. File : fedora_2013-3116.nasl - Type : ACT_GATHER_INFO
2013-02-24	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f54584bc7d2b11e29bd1206a8a720317.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-07 21:18:47	First insertion

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	7
CPE ID(s)	70
IAVM(s)	1
Snort® Rule(s)	1
Nessus® Exploit(s)	24

	Related
5	CVE-2013-1415
4	CVE-2013-1416
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

7.1 - MDVSA-2013:157

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU