Executive Summary
Summary | |
---|---|
Title | Updated kerberos packages fix various vulnerabilities |
Informations | |||
---|---|---|---|
Name | RHSA-2003:052 | First vendor Publication | 2003-03-27 |
Vendor | RedHat | Last vendor Modification | 2003-03-27 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2003-052.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1110 | |||
Oval ID: | oval:org.mitre.oval:def:1110 | ||
Title: | Kerberos V5 Null Pointer DoS Vulnerability | ||
Description: | MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0058 | Version: | 1 |
Platform(s): | Sun Solaris 7 Sun Solaris 8 Sun Solaris 9 | Product(s): | Solaris Enterprise Authentication Mechanism (SEAM) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:230 | |||
Oval ID: | oval:org.mitre.oval:def:230 | ||
Title: | xdrmem_bytes() Integer Overflow Vulnerability | ||
Description: | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0028 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:244 | |||
Oval ID: | oval:org.mitre.oval:def:244 | ||
Title: | Kerberos KDC Heap Corruption Denial of Service | ||
Description: | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0082 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:248 | |||
Oval ID: | oval:org.mitre.oval:def:248 | ||
Title: | Kerberos krb4 Plaintext Attack Vulnerability | ||
Description: | Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0138 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:250 | |||
Oval ID: | oval:org.mitre.oval:def:250 | ||
Title: | Kerberos krb4 Ticket Splicing Vulnerability | ||
Description: | Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0139 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2536 | |||
Oval ID: | oval:org.mitre.oval:def:2536 | ||
Title: | Kerberos 5 KDC Heap Corruption Vulnerability | ||
Description: | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0082 | Version: | 2 |
Platform(s): | Sun Solaris 8 | Product(s): | Kerberos5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4430 | |||
Oval ID: | oval:org.mitre.oval:def:4430 | ||
Title: | Kerberos 5 KDC Buffer Underrun in Principle Name Handling | ||
Description: | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0082 | Version: | 2 |
Platform(s): | Sun Solaris 7 | Product(s): | Solaris Enterprise Authentication Mechanism (SEAM) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 266-1 (krb5) File : nvt/deb_266_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 269-1 (heimdal) File : nvt/deb_269_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 269-2 (heimdal) File : nvt/deb_269_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 272-1 (dietlibc) File : nvt/deb_272_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 273-1 (krb4) File : nvt/deb_273_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 282-1 (glibc) File : nvt/deb_282_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
4902 | MIT Kerberos 5 Key Distribution Center Heap Corruption DoS Kerberos 5 contains a flaw within principal name handling that may allow a remote denial of service. The issue is triggered when a specially crafted request is sent to the KDC, this can result in a heap corruption (buffer underrun) or possibly remote code execution resulting in a loss of avilability and possibly confidentiality and/or integrity. |
4901 | MIT Kerberos 5 KDC Array Overrun DoS Kerberos 5 contains a flaw that may allow an authenticated attacker to perform a remote denial of service. By sending a request with a name containing no components, one or more empty components, or a missing host name, the KDC will read memory past the end of an array, possibly causing it to crash. |
4896 | MIT Kerberos 5 ASN.1 Decoder Heap Corruption DoS A remote overflow exists in MIT Kerberos 5. The ASN.1 decoder fails to properly sanitize user suplied input resulting in heap corruption. If an attacker sends a specially crafted packet with a negative length value, they may cause the services to crash resulting in a loss of availability. |
4887 | MIT Kerberos 5 chk_trans.c libkrb5 Key Distribution Center (KDC) Cross-realm ... |
4874 | MIT Kerberos 5 Key Distribution Center (KDC) Null Pointer Derefernce DoS |
4869 | MIT Kerberos 4 Chosen-plaintext Attack Realm Principle Impersonation |
4868 | MIT Kerberos 4 Triple DES Service Ticket Splicing |
4501 | RPC XDR xdrmem_getbytes() Function Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | kerberos principal name overflow TCP RuleID : 2579-community - Revision : 8 - Type : SERVER-OTHER |
2014-01-10 | kerberos principal name overflow TCP RuleID : 2579 - Revision : 8 - Type : SERVER-OTHER |
2014-01-10 | kerberos principal name overflow UDP RuleID : 2578-community - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | kerberos principal name overflow UDP RuleID : 2578 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | portmap proxy integer overflow attempt TCP RuleID : 2093-community - Revision : 13 - Type : PROTOCOL-RPC |
2014-01-10 | portmap proxy integer overflow attempt TCP RuleID : 2093 - Revision : 13 - Type : PROTOCOL-RPC |
2014-01-10 | portmap proxy integer overflow attempt UDP RuleID : 2092-community - Revision : 14 - Type : PROTOCOL-RPC |
2014-01-10 | portmap proxy integer overflow attempt UDP RuleID : 2092 - Revision : 14 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-266.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-269.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-272.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-273.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-282.nasl - Type : ACT_GATHER_INFO |
2004-09-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-448.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-037.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-043.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2003_027.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-052.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-090.nasl - Type : ACT_GATHER_INFO |
2003-04-03 | Name : The remote host is using an authentication protocol with cryptographic weakne... File : kerberos4_crypto_weaknesses.nasl - Type : ACT_GATHER_INFO |
2003-04-03 | Name : It may be possible to execute arbitrary code on the remote Kerberos server. File : kerberos5_issues.nasl - Type : ACT_GATHER_INFO |
2003-03-19 | Name : Arbitrary code may be run on the remote server. File : rpc_xdrmem_bytes.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:48:03 |
|