ID de Prueba:	1.3.6.1.4.1.25623.1.0.58364
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:077-1 (krb5)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to krb5 announced via advisory MDKSA-2007:077-1. A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password (CVE-2007-0956). Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes (CVE-2007-0957). Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes (CVE-2007-1216). Updated packages have been patched to address this issue. Update: Packages for Mandriva Linux 2007.1 are now available. Affected: 2007.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:077-1 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt Risk factor : Critical CVSS Score: 9.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0956 BugTraq ID: 23281 http://www.securityfocus.com/bid/23281 Bugtraq: 20070403 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956] (Google Search) http://www.securityfocus.com/archive/1/464590/100/0/threaded Bugtraq: 20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/464666/100/0/threaded Bugtraq: 20070405 FLEA-2007-0008-1: krb5 (Google Search) http://www.securityfocus.com/archive/1/464814/30/7170/threaded Cert/CC Advisory: TA07-093B http://www.us-cert.gov/cas/techalerts/TA07-093B.html CERT/CC vulnerability note: VU#220816 http://www.kb.cert.org/vuls/id/220816 Debian Security Information: DSA-1276 (Google Search) http://www.debian.org/security/2007/dsa-1276 http://security.gentoo.org/glsa/glsa-200704-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046 http://www.redhat.com/support/errata/RHSA-2007-0095.html http://www.securitytracker.com/id?1017848 http://secunia.com/advisories/24706 http://secunia.com/advisories/24735 http://secunia.com/advisories/24736 http://secunia.com/advisories/24740 http://secunia.com/advisories/24750 http://secunia.com/advisories/24755 http://secunia.com/advisories/24757 http://secunia.com/advisories/24785 http://secunia.com/advisories/24786 http://secunia.com/advisories/24817 SGI Security Advisory: 20070401-01-P ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1 SuSE Security Announcement: SUSE-SA:2007:025 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html http://www.ubuntu.com/usn/usn-449-1 http://www.vupen.com/english/advisories/2007/1218 http://www.vupen.com/english/advisories/2007/1249 XForce ISS Database: kerberos-telnet-security-bypass(33414) https://exchange.xforce.ibmcloud.com/vulnerabilities/33414 Common Vulnerability Exposure (CVE) ID: CVE-2007-0957 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html BugTraq ID: 23285 http://www.securityfocus.com/bid/23285 Bugtraq: 20070403 MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957] (Google Search) http://www.securityfocus.com/archive/1/464592/100/0/threaded Cert/CC Advisory: TA07-109A http://www.us-cert.gov/cas/techalerts/TA07-109A.html CERT/CC vulnerability note: VU#704024 http://www.kb.cert.org/vuls/id/704024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757 http://www.securitytracker.com/id?1017849 http://secunia.com/advisories/24798 http://secunia.com/advisories/24966 http://secunia.com/advisories/25464 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1 http://www.vupen.com/english/advisories/2007/1250 http://www.vupen.com/english/advisories/2007/1470 http://www.vupen.com/english/advisories/2007/1983 XForce ISS Database: kerberos-krb5klogsyslog-bo(33411) https://exchange.xforce.ibmcloud.com/vulnerabilities/33411 Common Vulnerability Exposure (CVE) ID: CVE-2007-1216 BugTraq ID: 23282 http://www.securityfocus.com/bid/23282 Bugtraq: 20070403 MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216] (Google Search) http://www.securityfocus.com/archive/1/464591/100/0/threaded CERT/CC vulnerability note: VU#419344 http://www.kb.cert.org/vuls/id/419344 HPdes Security Advisory: HPSBUX02217 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056923 HPdes Security Advisory: SSRT071337 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11135 http://www.securitytracker.com/id?1017852 http://secunia.com/advisories/25388 http://www.vupen.com/english/advisories/2007/1916 XForce ISS Database: kerberos-kadmind-code-execution(33413) https://exchange.xforce.ibmcloud.com/vulnerabilities/33413
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.