FreeBSD Local Security Checks : FreeBSD Ports: krb5

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68694

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: krb5

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: krb5

CVE-2010-1324
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not
properly determine the acceptability of checksums, which might allow
remote attackers to forge GSS tokens, gain privileges, or have
unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed
PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: BugTraq ID: 45116
Common Vulnerability Exposure (CVE) ID: CVE-2010-1324
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://www.securityfocus.com/bid/45116
Bugtraq: 20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] (Google Search)
http://www.securityfocus.com/archive/1/514953/100/0/threaded
Bugtraq: 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
HPdes Security Advisory: HPSBUX02623
http://marc.info/?l=bugtraq&m=129562442714657&w=2
HPdes Security Advisory: SSRT100355
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://osvdb.org/69609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
http://www.redhat.com/support/errata/RHSA-2010-0925.html
http://www.securitytracker.com/id?1024803
http://secunia.com/advisories/42399
http://secunia.com/advisories/43015
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://www.ubuntu.com/usn/USN-1030-1
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3095
http://www.vupen.com/english/advisories/2010/3118
http://www.vupen.com/english/advisories/2011/0187

Copyright Copyright (C) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68694
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: krb5
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: krb5 CVE-2010-1324 MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	BugTraq ID: 45116 Common Vulnerability Exposure (CVE) ID: CVE-2010-1324 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://www.securityfocus.com/bid/45116 Bugtraq: 20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] (Google Search) http://www.securityfocus.com/archive/1/514953/100/0/threaded Bugtraq: 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/517739/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html HPdes Security Advisory: HPSBUX02623 http://marc.info/?l=bugtraq&m=129562442714657&w=2 HPdes Security Advisory: SSRT100355 http://www.mandriva.com/security/advisories?name=MDVSA-2010:246 http://lists.vmware.com/pipermail/security-announce/2011/000133.html http://osvdb.org/69609 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936 http://www.redhat.com/support/errata/RHSA-2010-0925.html http://www.securitytracker.com/id?1024803 http://secunia.com/advisories/42399 http://secunia.com/advisories/43015 SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://www.ubuntu.com/usn/USN-1030-1 http://www.vupen.com/english/advisories/2010/3094 http://www.vupen.com/english/advisories/2010/3095 http://www.vupen.com/english/advisories/2010/3118 http://www.vupen.com/english/advisories/2011/0187
Copyright	Copyright (C) 2011 E-Soft Inc. http://www.securityspace.com