Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703395 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3395-1 (krb5 - security update) |
Zusammenfassung: | Several vulnerabilities were;discovered in krb5, the MIT implementation of Kerberos. The Common;Vulnerabilities and Exposures project identifies the following problems:;;CVE-2015-2695;It was discovered that applications which call gss_inquire_context();on a partially-established SPNEGO context can cause the GSS-API;library to read from a pointer using the wrong type, leading to a;process crash.;;CVE-2015-2696;It was discovered that applications which call gss_inquire_context();on a partially-established IAKERB context can cause the GSS-API;library to read from a pointer using the wrong type, leading to a;process crash.;;CVE-2015-2697;It was discovered that the build_principal_va() function incorrectly;handles input strings. An authenticated attacker can take advantage;of this flaw to cause a KDC to crash using a TGS request with a;large realm field beginning with a null byte. |
Beschreibung: | Summary: Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2695 It was discovered that applications which call gss_inquire_context() on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2696 It was discovered that applications which call gss_inquire_context() on a partially-established IAKERB context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2697 It was discovered that the build_principal_va() function incorrectly handles input strings. An authenticated attacker can take advantage of this flaw to cause a KDC to crash using a TGS request with a large realm field beginning with a null byte. Affected Software/OS: krb5 on Debian Linux Solution: For the oldstable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u4. For the stable distribution (jessie), these problems have been fixed in version 1.12.1+dfsg-19+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1.13.2+dfsg-3. For the unstable distribution (sid), these problems have been fixed in version 1.13.2+dfsg-3. We recommend that you upgrade your krb5 packages. CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2695 BugTraq ID: 90687 http://www.securityfocus.com/bid/90687 Debian Security Information: DSA-3395 (Google Search) http://www.debian.org/security/2015/dsa-3395 https://security.gentoo.org/glsa/201611-14 http://www.securitytracker.com/id/1034084 SuSE Security Announcement: SUSE-SU-2015:1897 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html SuSE Security Announcement: SUSE-SU-2015:1898 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html SuSE Security Announcement: openSUSE-SU-2015:1928 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:1997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://www.ubuntu.com/usn/USN-2810-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2696 BugTraq ID: 90675 http://www.securityfocus.com/bid/90675 Common Vulnerability Exposure (CVE) ID: CVE-2015-2697 BugTraq ID: 77581 http://www.securityfocus.com/bid/77581 |
Copyright | Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |