Test Kennung:	1.3.6.1.4.1.25623.1.0.51547
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:534
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:534. The krb5 packages are MIT's[1] implementation of the Kerberos 5 authentication protocol. There is a buffer overflow vulnerability[2][3] in the Kerberos 4 remote administration service (kadmind4) that could be used by a remote attacker to execute arbitrary commands on the server with root privileges. The daemon which implements this service, kadmind4, is included in our krb5-server package, but not used by default. The package defaults to using the kadmind daemon, which is not vulnerable to this problem. Only administrators who explicitly run kadmind4 will be at risk. The authors released an advisory[2] with a patch which fixes the vulnerability. This patch has been applied to the updated packages below. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://web.mit.edu/Kerberos/www/index.html http://web.mit.edu/Kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt http://www.cert.org/advisories/CA-2002-29.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1235 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:534 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Critical CVSS Score: 10.0
Querverweis:	BugTraq ID: 6024 Common Vulnerability Exposure (CVE) ID: CVE-2002-1235 http://www.securityfocus.com/bid/6024 Bugtraq: 20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103539530729206&w=2 Bugtraq: 20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103564944215101&w=2 Bugtraq: 20021027 KRB5-SORCERER2002-10-27 Security Update (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html Bugtraq: 20021027 Re: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103582805330339&w=2 Bugtraq: 20021028 GLSA: krb5 (Google Search) http://marc.info/?l=bugtraq&m=103582517126392&w=2 http://www.cert.org/advisories/CA-2002-29.html CERT/CC vulnerability note: VU#875073 http://www.kb.cert.org/vuls/id/875073 Conectiva Linux advisory: CLA-2002:534 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534 Debian Security Information: DSA-183 (Google Search) http://www.debian.org/security/2002/dsa-183 Debian Security Information: DSA-184 (Google Search) http://www.debian.org/security/2002/dsa-184 Debian Security Information: DSA-185 (Google Search) http://www.debian.org/security/2002/dsa-185 FreeBSD Security Advisory: FreeBSD-SA-02:40 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php NETBSD Security Advisory: NetBSD-SA2002-026 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc http://www.redhat.com/support/errata/RHSA-2002-242.html http://www.iss.net/security_center/static/10430.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.