Executive Summary
Summary | |
---|---|
Title | krb5 security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:567 | First vendor Publication | 2005-07-12 |
Vendor | RedHat | Last vendor Modification | 2005-07-12 |
Severity (Vendor) | Important | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. A double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Red Hat Enterprise Linux 4 contains checks within glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux 4 successful exploitation of this issue can only lead to a denial of service (KDC crash). The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1689 to this issue. Daniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of this flaw would lead to a denial of service (crash). To trigger this flaw an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CAN-2005-1175). Daniel Wachdorf also discovered that in error conditions that may occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory. This could allow a remote attacker to cause a denial of service (KDC crash) (CAN-2005-1174). Gaël Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CAN-2005-0488). The rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CAN-2004-0175). All users of krb5 should update to these erratum packages, which contain backported patches to correct these issues. Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 157103 - CAN-2005-1174 krb5 buffer overflow, heap corruption in KDC (CAN-2005-1175) 159304 - CAN-2005-0488 telnet Information Disclosure Vulnerability 159756 - CAN-2005-1689 double-free in krb5_recvauth 161471 - krb5 krb5_principal_compare NULL pointer crash 161611 - CAN-2004-0175 malicious rsh server can cause rcp to write to arbitrary files |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-567.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-415 | Double Free |
50 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10184 | |||
Oval ID: | oval:org.mitre.oval:def:10184 | ||
Title: | Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. | ||
Description: | Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0175 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10229 | |||
Oval ID: | oval:org.mitre.oval:def:10229 | ||
Title: | MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory. | ||
Description: | MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1174 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11373 | |||
Oval ID: | oval:org.mitre.oval:def:11373 | ||
Title: | Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. | ||
Description: | Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0488 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1139 | |||
Oval ID: | oval:org.mitre.oval:def:1139 | ||
Title: | Telnet Client Information Disclosure Vulnerability | ||
Description: | Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0488 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | telnet |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:397 | |||
Oval ID: | oval:org.mitre.oval:def:397 | ||
Title: | MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability | ||
Description: | MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1174 | Version: | 2 |
Platform(s): | Sun Solaris 7 Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | Kerberos |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:736 | |||
Oval ID: | oval:org.mitre.oval:def:736 | ||
Title: | MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability | ||
Description: | Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1175 | Version: | 2 |
Platform(s): | Sun Solaris 7 Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | Kerberos |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9819 | |||
Oval ID: | oval:org.mitre.oval:def:9819 | ||
Title: | Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. | ||
Description: | Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1689 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9902 | |||
Oval ID: | oval:org.mitre.oval:def:9902 | ||
Title: | Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request. | ||
Description: | Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1175 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-06-03 | Name : Solaris Update for telnet 110668-05 File : nvt/gb_solaris_110668_05.nasl |
2009-06-03 | Name : Solaris Update for telnet 110669-05 File : nvt/gb_solaris_110669_05.nasl |
2009-06-03 | Name : Solaris Update for telnet 119433-01 File : nvt/gb_solaris_119433_01.nasl |
2009-06-03 | Name : Solaris Update for telnet 119434-01 File : nvt/gb_solaris_119434_01.nasl |
2009-04-09 | Name : Mandriva Update for rsh MDVSA-2008:191 (rsh) File : nvt/gb_mandriva_MDVSA_2008_191.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-11 (mit-krb5) File : nvt/glsa_200507_11.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 757-1 (krb5) File : nvt/deb_757_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
17843 | MIT Kerberos 5 Key Distribution Center (KDC) krb5_unparse_name Overflow |
17842 | MIT Kerberos 5 Key Distribution Center (KDC) Unallocated Memory Free DoS |
17841 | MIT Kerberos kpropd krb5_recvauth Double-free Command Execution |
17303 | Multiple Vendor Telnet Client NEW-ENVIRON Variable Information Disclosure |
9550 | OpenSSH scp Traversal Arbitrary File Overwrite OpenSSH contains a flaw that may allow a context-dependent attacker to overwrite arbitrary files on a remote system. The issue is due to the scp utility not properly sanitizing file copy requests which could allow a remote server to overwrite arbitrary files on the target system. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | MIT Kerberos V5 KDC krb5_unparse_name overflow attempt RuleID : 17274 - Revision : 13 - Type : SERVER-OTHER |
2014-01-10 | MIT Kerberos V5 KDC krb5_unparse_name overflow attempt RuleID : 17273 - Revision : 13 - Type : SERVER-OTHER |
2014-01-10 | MIT Kerberos V5 krb5_recvauth double free attempt RuleID : 17243 - Revision : 9 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : A file transfer client on the remote host could be abused to overwrite arbitr... File : openssh_34p1.nasl - Type : ACT_GATHER_INFO |
2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-191.nasl - Type : ACT_GATHER_INFO |
2006-09-27 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33389.nasl - Type : ACT_GATHER_INFO |
2006-09-27 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33384.nasl - Type : ACT_GATHER_INFO |
2006-08-01 | Name : The remote operating system is missing a vendor-supplied patch. File : macosx_SecUpd2006-004.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-165.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-567.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-106.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-074.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-562.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-504.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-224-1.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2005-007.nasl - Type : ACT_GATHER_INFO |
2005-07-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-757.nasl - Type : ACT_GATHER_INFO |
2005-07-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-119.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-553.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-567.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-562.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-11.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-552.nasl - Type : ACT_GATHER_INFO |
2005-06-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-100.nasl - Type : ACT_GATHER_INFO |
2005-06-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-504.nasl - Type : ACT_GATHER_INFO |
2005-06-14 | Name : It is possible to disclose user information. File : smb_nt_ms05-033.nasl - Type : ACT_GATHER_INFO |
2005-06-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-495.nasl - Type : ACT_GATHER_INFO |
2005-06-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-165.nasl - Type : ACT_GATHER_INFO |
2005-06-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-481.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-074.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-106.nasl - Type : ACT_GATHER_INFO |
2004-09-08 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20040907.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 112237-16 File : solaris8_112237.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 112390-14 File : solaris8_112390.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 112238-15 File : solaris8_x86_112238.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 112240-13 File : solaris8_x86_112240.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 112908-38 File : solaris9_112908.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 115168-24 File : solaris9_x86_115168.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:30 |
|
2013-05-11 12:23:09 |
|