Ubuntu Local Security Checks : Ubuntu Update for krb5 vulnerabilities USN-1062-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.840584

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for krb5 vulnerabilities USN-1062-1

Resumen: Ubuntu Update for Linux kernel vulnerabilities USN-1062-1

Descripción: Summary:
Ubuntu Update for Linux kernel vulnerabilities USN-1062-1

Vulnerability Insight:
Keiichi Mori discovered that the MIT krb5 KDC database propagation
daemon (kpropd) is vulnerable to a denial of service attack due
to improper logic when a worker child process exited because
of invalid network input. This could only occur when kpropd is
running in standalone mode. kpropd was not affected when running in
incremental propagation mode ('iprop') or as an inetd server. This
issue only affects Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-4022)

Kevin Longfellow and others discovered that the MIT krb5 Key
Distribution Center (KDC) daemon is vulnerable to denial of service
attacks when using an LDAP back end due to improper handling of
network input. (CVE-2011-0281, CVE-2011-0282)

Affected Software/OS:
krb5 vulnerabilities on Ubuntu 8.04 LTS,
Ubuntu 9.10,
Ubuntu 10.04 LTS,
Ubuntu 10.10

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4022
BugTraq ID: 46269
http://www.securityfocus.com/bid/46269
Bugtraq: 20110208 MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022] (Google Search)
http://www.securityfocus.com/archive/1/516286/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2011:025
http://www.redhat.com/support/errata/RHSA-2011-0200.html
http://www.securitytracker.com/id?1025035
http://secunia.com/advisories/43260
http://secunia.com/advisories/43275
http://securityreason.com/securityalert/8070
SuSE Security Announcement: SUSE-SR:2011:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
http://www.vupen.com/english/advisories/2011/0329
http://www.vupen.com/english/advisories/2011/0333
http://www.vupen.com/english/advisories/2011/0347
http://www.vupen.com/english/advisories/2011/0464
Common Vulnerability Exposure (CVE) ID: CVE-2011-0281
BugTraq ID: 46265
http://www.securityfocus.com/bid/46265
Bugtraq: 20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] (Google Search)
http://www.securityfocus.com/archive/1/516299/100/0/threaded
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2011:024
http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html
http://www.redhat.com/support/errata/RHSA-2011-0199.html
http://www.securitytracker.com/id?1025037
http://secunia.com/advisories/43273
http://secunia.com/advisories/46397
http://securityreason.com/securityalert/8073
http://www.vupen.com/english/advisories/2011/0330
XForce ISS Database: kerberos-ldap-descriptor-dos(65324)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65324
Common Vulnerability Exposure (CVE) ID: CVE-2011-0282
BugTraq ID: 46271
http://www.securityfocus.com/bid/46271
XForce ISS Database: kerberos-ldap-dos(65323)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65323

Copyright Copyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.840584
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for krb5 vulnerabilities USN-1062-1
Resumen:	Ubuntu Update for Linux kernel vulnerabilities USN-1062-1
Descripción:	Summary: Ubuntu Update for Linux kernel vulnerabilities USN-1062-1 Vulnerability Insight: Keiichi Mori discovered that the MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial of service attack due to improper logic when a worker child process exited because of invalid network input. This could only occur when kpropd is running in standalone mode. kpropd was not affected when running in incremental propagation mode ('iprop') or as an inetd server. This issue only affects Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-4022) Kevin Longfellow and others discovered that the MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks when using an LDAP back end due to improper handling of network input. (CVE-2011-0281, CVE-2011-0282) Affected Software/OS: krb5 vulnerabilities on Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4022 BugTraq ID: 46269 http://www.securityfocus.com/bid/46269 Bugtraq: 20110208 MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022] (Google Search) http://www.securityfocus.com/archive/1/516286/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2011:025 http://www.redhat.com/support/errata/RHSA-2011-0200.html http://www.securitytracker.com/id?1025035 http://secunia.com/advisories/43260 http://secunia.com/advisories/43275 http://securityreason.com/securityalert/8070 SuSE Security Announcement: SUSE-SR:2011:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://www.vupen.com/english/advisories/2011/0329 http://www.vupen.com/english/advisories/2011/0333 http://www.vupen.com/english/advisories/2011/0347 http://www.vupen.com/english/advisories/2011/0464 Common Vulnerability Exposure (CVE) ID: CVE-2011-0281 BugTraq ID: 46265 http://www.securityfocus.com/bid/46265 Bugtraq: 20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] (Google Search) http://www.securityfocus.com/archive/1/516299/100/0/threaded Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2011:024 http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html http://www.redhat.com/support/errata/RHSA-2011-0199.html http://www.securitytracker.com/id?1025037 http://secunia.com/advisories/43273 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8073 http://www.vupen.com/english/advisories/2011/0330 XForce ISS Database: kerberos-ldap-descriptor-dos(65324) https://exchange.xforce.ibmcloud.com/vulnerabilities/65324 Common Vulnerability Exposure (CVE) ID: CVE-2011-0282 BugTraq ID: 46271 http://www.securityfocus.com/bid/46271 XForce ISS Database: kerberos-ldap-dos(65323) https://exchange.xforce.ibmcloud.com/vulnerabilities/65323
Copyright	Copyright (c) 2011 Greenbone Networks GmbH