 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.71621 |
| Categoría: | Ubuntu Local Security Checks |
| Título: | Ubuntu USN-1520-1 (krb5-admin-server) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to krb5-admin-server announced via advisory USN-1520-1. Details: Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2012-1015) Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014) Simo Sorce discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference a NULL pointer when handling a malformed TGS-REQ message. A remote authenticated attacker could use this to cause a denial of service. (CVE-2012-1013) It was discovered that the kadmin protocol implementation in MIT krb5 did not properly restrict access to the SET_STRING and GET_STRINGS operations. A remote authenticated attacker could use this to expose or modify sensitive information. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1012) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: krb5-admin-server 1.9.1+dfsg-1ubuntu2.3 krb5-kdc 1.9.1+dfsg-1ubuntu2.3 krb5-kdc-ldap 1.9.1+dfsg-1ubuntu2.3 Ubuntu 11.04: krb5-admin-server 1.8.3+dfsg-5ubuntu2.3 krb5-kdc 1.8.3+dfsg-5ubuntu2.3 krb5-kdc-ldap 1.8.3+dfsg-5ubuntu2.3 Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.11 krb5-kdc 1.8.1+dfsg-2ubuntu0.11 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.11 http://www.securityspace.com/smysecure/catid.html?in=USN-1520-1 CVSS Score: 9.3 CVSS Vector: AV:L/AC:H/Au:NR/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1015 Debian Security Information: DSA-2518 (Google Search) http://www.debian.org/security/2012/dsa-2518 http://www.mandriva.com/security/advisories?name=MDVSA-2012:120 RedHat Security Advisories: RHSA-2012:1131 http://rhn.redhat.com/errata/RHSA-2012-1131.html SuSE Security Announcement: openSUSE-SU-2012:0967 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-08/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1014 Common Vulnerability Exposure (CVE) ID: CVE-2012-1013 BugTraq ID: 53784 http://www.securityfocus.com/bid/53784 http://www.mandriva.com/security/advisories?name=MDVSA-2012:102 http://mailman.mit.edu/pipermail/kerberos-announce/2012q2/000136.html SuSE Security Announcement: openSUSE-SU-2012:0834 (Google Search) https://hermes.opensuse.org/messages/15083635 Common Vulnerability Exposure (CVE) ID: CVE-2012-1012 |
| Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |