Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Kerberos vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-2310-1 | First vendor Publication | 2014-08-11 |
| Vendor | Ubuntu | Last vendor Modification | 2014-08-11 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 8.5 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Kerberos. Software Description: - krb5: MIT Kerberos Network Authentication Protocol Details: It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1016) It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415) It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ requests. A remote authenticated attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1416) It was discovered that Kerberos incorrectly handled certain crafted requests when multiple realms were configured. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1418, CVE-2013-6800) It was discovered that Kerberos incorrectly handled certain invalid tokens. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4341, CVE-2014-4342) It was discovered that Kerberos incorrectly handled certain mechanisms when used with SPNEGO. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to cause clients to crash, resulting in a denial of service. (CVE-2014-4343) It was discovered that Kerberos incorrectly handled certain continuation tokens during SPNEGO negotiations. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4344) Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4345) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: Ubuntu 12.04 LTS: Ubuntu 10.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
| Url : http://www.ubuntu.com/usn/USN-2310-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 56 % | CWE-476 | NULL Pointer Dereference |
| 11 % | CWE-415 | Double Free |
| 11 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 11 % | CWE-125 | Out-of-bounds Read |
| 11 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20746 | |||
| Oval ID: | oval:org.mitre.oval:def:20746 | ||
| Title: | RHSA-2013:0656: krb5 security update (Moderate) | ||
| Description: | The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0656-01 CESA-2013:0656 CVE-2012-1016 CVE-2013-1415 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21099 | |||
| Oval ID: | oval:org.mitre.oval:def:21099 | ||
| Title: | RHSA-2013:0748: krb5 security update (Moderate) | ||
| Description: | The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0748-01 CESA-2013:0748 CVE-2013-1416 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23680 | |||
| Oval ID: | oval:org.mitre.oval:def:23680 | ||
| Title: | ELSA-2013:0656: krb5 security update (Moderate) | ||
| Description: | The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0656-01 CVE-2012-1016 CVE-2013-1415 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24122 | |||
| Oval ID: | oval:org.mitre.oval:def:24122 | ||
| Title: | ELSA-2013:0748: krb5 security update (Moderate) | ||
| Description: | The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0748-01 CVE-2013-1416 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25491 | |||
| Oval ID: | oval:org.mitre.oval:def:25491 | ||
| Title: | DSA-3000-1 krb5 - security update | ||
| Description: | Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-3000-1 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25702 | |||
| Oval ID: | oval:org.mitre.oval:def:25702 | ||
| Title: | SUSE-SU-2013:1875-1 -- Security update for krb5 | ||
| Description: | This update for krb5 fixes the following security issue: * If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a null pointer, crashing the KDC. (CVE-2013-1418) Security Issues: * CVE-2013-1418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418 > | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1875-1 CVE-2013-1418 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25740 | |||
| Oval ID: | oval:org.mitre.oval:def:25740 | ||
| Title: | SUSE-SU-2013:0558-1 -- Security update for Kerberos 5 | ||
| Description: | This update for Kerberos 5 fixes one security issue: The KDC plugin for PKINIT can dereference a null pointer when processing malformed packets, leading to a crash of the KDC process. (bnc#806715, CVE-2013-1415) Additionally, it improves compatibility with processes that handle large numbers of open files. (bnc#787272) | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0558-1 CVE-2013-1415 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Kerberos 5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25901 | |||
| Oval ID: | oval:org.mitre.oval:def:25901 | ||
| Title: | SUSE-SU-2014:1028-1 -- Security update for krb5 | ||
| Description: | This MIT krb5 update fixes a buffer overrun problem in kadmind. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1028-1 CVE-2014-4345 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26536 | |||
| Oval ID: | oval:org.mitre.oval:def:26536 | ||
| Title: | ELSA-2014-1245 -- krb5 security and bug fix update (Moderate) | ||
| Description: | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. (BZ#1089732) All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-1245 CVE-2014-4344 CVE-2014-4341 CVE-2013-1418 CVE-2013-6800 | Version: | 3 |
| Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26718 | |||
| Oval ID: | oval:org.mitre.oval:def:26718 | ||
| Title: | RHSA-2014:1255: krb5 security update (Moderate) | ||
| Description: | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1255-00 CVE-2014-4345 CESA-2014:1255 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26722 | |||
| Oval ID: | oval:org.mitre.oval:def:26722 | ||
| Title: | AIX NAS null deref in SPNEGO acceptor | ||
| Description: | The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-4344 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26777 | |||
| Oval ID: | oval:org.mitre.oval:def:26777 | ||
| Title: | RHSA-2014:1245: krb5 security and bug fix update (Moderate) | ||
| Description: | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. (BZ#1089732) All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1245-00 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4344 CESA-2014:1245 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26809 | |||
| Oval ID: | oval:org.mitre.oval:def:26809 | ||
| Title: | SUSE-SU-2014:0989-1 -- Security update for krb5 | ||
| Description: | The several security issues have been fixed in kerberos 5. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0989-1 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26856 | |||
| Oval ID: | oval:org.mitre.oval:def:26856 | ||
| Title: | ELSA-2014-1255 -- krb5 security update (Moderate) | ||
| Description: | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-1255 CVE-2014-4345 | Version: | 3 |
| Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26907 | |||
| Oval ID: | oval:org.mitre.oval:def:26907 | ||
| Title: | DEPRECATED: SUSE-SU-2014:1028-1 -- Security update for krb5 | ||
| Description: | This MIT krb5 update fixes a buffer overrun problem in kadmind. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1028-1 CVE-2014-4345 | Version: | 4 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26912 | |||
| Oval ID: | oval:org.mitre.oval:def:26912 | ||
| Title: | AIX NAS denial of service vulnerability | ||
| Description: | MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-4341 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26917 | |||
| Oval ID: | oval:org.mitre.oval:def:26917 | ||
| Title: | RHSA-2014:1389: krb5 security and bug fix update (Moderate) | ||
| Description: | Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1389-01 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CESA-2014:1389 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26961 | |||
| Oval ID: | oval:org.mitre.oval:def:26961 | ||
| Title: | AIX NAS double-free in SPNEGO | ||
| Description: | Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-4343 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27019 | |||
| Oval ID: | oval:org.mitre.oval:def:27019 | ||
| Title: | DEPRECATED: SUSE-SU-2014:0989-1 -- Security update for krb5 | ||
| Description: | The several security issues have been fixed in kerberos 5. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0989-1 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 | Version: | 4 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27032 | |||
| Oval ID: | oval:org.mitre.oval:def:27032 | ||
| Title: | ELSA-2014-1389 -- krb5 security and bug fix update | ||
| Description: | [1.10.3-33] - actually apply that last patch [1.10.3-32] - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) [1.10.3-31] - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-30] - ksu: when evaluating .k5users, treat lines with just a principal name as if they contained the principal name followed by '*', and don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-29] - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121510) - gssapi: pull in proposed-and-accepted fix for a double free in initiators (David Woodhouse, CVE-2014-4343, #1121510) [1.10.3-28] - correct a type mistake in the backported fix for CVE-2013-1418/CVE-2013-6800 [1.10.3-27] - pull in backported fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1121510) - incorporate backported patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800, more of [1.10.3-26] - pull in backport of patch to not subsequently always require that responses come from master KDCs if we get one from a master somewhere along the way while chasing referrals (RT#7650, #1113652) [1.10.3-25] - ksu: if the -e flag isn't used, use the target user's shell when checking for authorization via the target user's .k5users file (#1026721) [1.10.3-24] - define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that it's declared (#1059730) [1.10.3-23] - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1087068, RT#7858) [1.10.3-22] - add patch from Jatin Nansi to avoid attempting to clear memory at the NULL address if krb5_encrypt_helper() returns an error when called from encrypt_credencpart() (#1055329, pull #158) [1.10.3-21] - drop patch to add additional access() checks to ksu - they shouldn't be resulting in any benefit [1.10.3-20] - apply patch from Nikolai Kondrashov to pass a default realm set in /etc/sysconfig/krb5kdc to the kdb_check_weak helper, so that it doesn't produce an error if there isn't one set in krb5.conf (#1009389) [1.10.3-19] - packaging: don't Obsoletes: older versions of krb5-pkinit-openssl and virtual Provide: krb5-pkinit-openssl on EL6, where we don't need to bother with any of that (#1001961) [1.10.3-18] - pkinit: backport tweaks to avoid trying to call the prompter callback when one isn't set (part of #965721) - pkinit: backport the ability to use a prompter callback to prompt for a password when reading private keys (the rest of #965721) [1.10.3-17] - backport fix to not spin on a short read when reading the length of a response over TCP (RT#7508, #922884) [1.10.3-16] - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1070244) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-1389 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4344 CVE-2014-4345 CVE-2014-4342 CVE-2014-4343 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | krb5 krb5-devel krb5-libs krb5-pkinit-openssl krb5-server krb5-server-ldap krb5-workstation |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27142 | |||
| Oval ID: | oval:org.mitre.oval:def:27142 | ||
| Title: | DEPRECATED: ELSA-2013-0656 -- krb5 security update (moderate) | ||
| Description: | [1.10.3-10.1] - incorporate upstream patch to fix a NULL pointer dereference when the client supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917909) - add patch to avoid dereferencing a NULL pointer in the KDC when handling a draft9 PKINIT request (#917909, CVE-2012-1016) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0656 CVE-2012-1016 CVE-2013-1415 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27468 | |||
| Oval ID: | oval:org.mitre.oval:def:27468 | ||
| Title: | DEPRECATED: ELSA-2013-0748 -- krb5 security update (moderate) | ||
| Description: | [1.10.3-10.2] - incorporate upstream patch to fix a NULL pointer dereference while processing certain TGS requests (CVE-2013-1416, #950342) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0748 CVE-2013-1416 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-11-14 | IAVM : 2013-B-0130 - MIT Kerberos Denial of Service Vulnerabilities Severity : Category I - VMSKEY : V0042308 |
| 2013-05-09 | IAVM : 2013-B-0044 - MIT Kerberos Denial of Service Vulnerabilities Severity : Category I - VMSKEY : V0037773 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-03-27 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 8888889 - Revision : 1 - Type : SERVER-OTHER |
| 2015-03-27 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 8888888 - Revision : 1 - Type : SERVER-OTHER |
| 2016-03-14 | MIT Kerberos 5 IAKERB outbound token detected RuleID : 36816 - Revision : 5 - Type : SERVER-OTHER |
| 2016-03-14 | MIT Kerberos 5 SPNEGO incoming token detected RuleID : 36815 - Revision : 5 - Type : SERVER-OTHER |
| 2016-03-14 | MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt RuleID : 36814 - Revision : 5 - Type : SERVER-OTHER |
| 2015-06-23 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 34972 - Revision : 2 - Type : SERVER-OTHER |
| 2015-06-23 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 34971 - Revision : 2 - Type : SERVER-OTHER |
| 2014-01-10 | MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt RuleID : 27906 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-02-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-1265.nasl - Type : ACT_GATHER_INFO |
| 2018-01-11 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15552.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150305_krb5_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-37.nasl - Type : ACT_GATHER_INFO |
| 2015-03-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO |
| 2015-03-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0439.nasl - Type : ACT_GATHER_INFO |
| 2015-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO |
| 2015-02-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dbf9e66cbd5011e4a7ba206a8a720317.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20141216.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20141120.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20130924.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20130716.nasl - Type : ACT_GATHER_INFO |
| 2015-01-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-53.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0034.nasl - Type : ACT_GATHER_INFO |
| 2014-11-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-443.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO |
| 2014-11-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141014_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-10-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1389.nasl - Type : ACT_GATHER_INFO |
| 2014-10-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140916_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO |
| 2014-10-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1255.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15553.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15547.nasl - Type : ACT_GATHER_INFO |
| 2014-10-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1245.nasl - Type : ACT_GATHER_INFO |
| 2014-09-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1255.nasl - Type : ACT_GATHER_INFO |
| 2014-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1255.nasl - Type : ACT_GATHER_INFO |
| 2014-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1245.nasl - Type : ACT_GATHER_INFO |
| 2014-09-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1245.nasl - Type : ACT_GATHER_INFO |
| 2014-09-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-165.nasl - Type : ACT_GATHER_INFO |
| 2014-09-04 | Name : The remote AIX host has a version of NAS installed that is affected by multip... File : aix_nas_advisory1.nasl - Type : ACT_GATHER_INFO |
| 2014-08-27 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9305.nasl - Type : ACT_GATHER_INFO |
| 2014-08-21 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-508.nasl - Type : ACT_GATHER_INFO |
| 2014-08-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-140812.nasl - Type : ACT_GATHER_INFO |
| 2014-08-15 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9315.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2310-1.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-140729.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-486.nasl - Type : ACT_GATHER_INFO |
| 2014-08-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3000.nasl - Type : ACT_GATHER_INFO |
| 2014-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8189.nasl - Type : ACT_GATHER_INFO |
| 2014-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8176.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-941.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-880.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-401.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-224.nasl - Type : ACT_GATHER_INFO |
| 2013-12-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-12.nasl - Type : ACT_GATHER_INFO |
| 2013-12-04 | Name : The remote Fedora host is missing a security update. File : fedora_2013-21786.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-275.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : A single sign-on service is affected by a denial of service vulnerability. File : mit_kerberos_cve-2013-1418.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
| 2013-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-20687.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-182.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0748.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0656.nasl - Type : ACT_GATHER_INFO |
| 2013-05-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-158.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-042.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0748.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5286.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5280.nasl - Type : ACT_GATHER_INFO |
| 2013-04-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130416_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0748.nasl - Type : ACT_GATHER_INFO |
| 2013-03-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-130306.nasl - Type : ACT_GATHER_INFO |
| 2013-03-23 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3147.nasl - Type : ACT_GATHER_INFO |
| 2013-03-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0656.nasl - Type : ACT_GATHER_INFO |
| 2013-03-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0656.nasl - Type : ACT_GATHER_INFO |
| 2013-03-19 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130318_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3116.nasl - Type : ACT_GATHER_INFO |
| 2013-02-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f54584bc7d2b11e29bd1206a8a720317.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-08-15 00:26:18 |
|
| 2014-08-14 21:31:29 |
|
| 2014-08-14 17:24:53 |
|
| 2014-08-13 13:25:01 |
|
| 2014-08-11 17:21:07 |
|
