ID de Prueba:	1.3.6.1.4.1.25623.1.0.120614
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-624)
Resumen:	The remote host is missing an update announced via the referenced Security Advisory.
Descripción:	Summary: The remote host is missing an update announced via the referenced Security Advisory. Vulnerability Insight: A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. Solution: Run yum update krb5 to update your system. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2694 BugTraq ID: 74824 http://www.securityfocus.com/bid/74824 http://www.ubuntu.com/usn/USN-2810-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-5355 BugTraq ID: 74042 http://www.securityfocus.com/bid/74042 http://www.mandriva.com/security/advisories?name=MDVSA-2015:069 https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html RedHat Security Advisories: RHSA-2015:0794 http://rhn.redhat.com/errata/RHSA-2015-0794.html SuSE Security Announcement: openSUSE-SU-2015:0542 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html
Copyright	Copyright (C) 2015 Eero Volotinen

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.