Test Kennung:	1.3.6.1.4.1.25623.1.0.703395
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3395-1 (krb5 - security update)
Zusammenfassung:	Several vulnerabilities were;discovered in krb5, the MIT implementation of Kerberos. The Common;Vulnerabilities and Exposures project identifies the following problems:;;CVE-2015-2695;It was discovered that applications which call gss_inquire_context();on a partially-established SPNEGO context can cause the GSS-API;library to read from a pointer using the wrong type, leading to a;process crash.;;CVE-2015-2696;It was discovered that applications which call gss_inquire_context();on a partially-established IAKERB context can cause the GSS-API;library to read from a pointer using the wrong type, leading to a;process crash.;;CVE-2015-2697;It was discovered that the build_principal_va() function incorrectly;handles input strings. An authenticated attacker can take advantage;of this flaw to cause a KDC to crash using a TGS request with a;large realm field beginning with a null byte.
Beschreibung:	Summary: Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2695 It was discovered that applications which call gss_inquire_context() on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2696 It was discovered that applications which call gss_inquire_context() on a partially-established IAKERB context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2697 It was discovered that the build_principal_va() function incorrectly handles input strings. An authenticated attacker can take advantage of this flaw to cause a KDC to crash using a TGS request with a large realm field beginning with a null byte. Affected Software/OS: krb5 on Debian Linux Solution: For the oldstable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u4. For the stable distribution (jessie), these problems have been fixed in version 1.12.1+dfsg-19+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1.13.2+dfsg-3. For the unstable distribution (sid), these problems have been fixed in version 1.13.2+dfsg-3. We recommend that you upgrade your krb5 packages. CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2695 BugTraq ID: 90687 http://www.securityfocus.com/bid/90687 Debian Security Information: DSA-3395 (Google Search) http://www.debian.org/security/2015/dsa-3395 https://security.gentoo.org/glsa/201611-14 http://www.securitytracker.com/id/1034084 SuSE Security Announcement: SUSE-SU-2015:1897 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html SuSE Security Announcement: SUSE-SU-2015:1898 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html SuSE Security Announcement: openSUSE-SU-2015:1928 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:1997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://www.ubuntu.com/usn/USN-2810-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2696 BugTraq ID: 90675 http://www.securityfocus.com/bid/90675 Common Vulnerability Exposure (CVE) ID: CVE-2015-2697 BugTraq ID: 77581 http://www.securityfocus.com/bid/77581
Copyright	Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.