Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.851052 |
Categoría: | SuSE Local Security Checks |
Título: | SUSE: Security Advisory for krb5 (SUSE-SU-2015:0290-2) |
Resumen: | The remote host is missing an update for the 'krb5'; package(s) announced via the referenced advisory. |
Descripción: | Summary: The remote host is missing an update for the 'krb5' package(s) announced via the referenced advisory. Vulnerability Insight: MIT kerberos krb5 was updated to fix several security issues and bugs. Security issues fixed: CVE-2014-5351: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) sent old keys in a response to a -randkey -keepold request, which allowed remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after gss_process_context_token() is used to process a valid context deletion token, the caller was left with a security context handle containing a dangling pointer. Further uses of this handle would have resulted in use-after-free and double-free memory access violations. libgssrpc server applications such as kadmind were vulnerable as they can be instructed to call gss_process_context_token(). CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR data from an authenticated user, it may have performed use-after-free and double-free memory access violations while cleaning up the partial deserialization results. Other libgssrpc server applications might also been vulnerable if they contain insufficiently defensive XDR functions. CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted authentications to two-component server principals whose first component is a left substring of 'kadmin' or whose realm is a left prefix of the default realm. CVE-2014-9423: libgssrpc applications including kadmind output four or eight bytes of uninitialized memory to the network as part of an unused 'handle' field in replies to clients. Bugs fixed: - Work around replay cache creation race (bnc#898439). Affected Software/OS: krb5 on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12 Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-5351 BugTraq ID: 70380 http://www.securityfocus.com/bid/70380 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html http://security.gentoo.org/glsa/glsa-201412-53.xml http://www.mandriva.com/security/advisories?name=MDVSA-2014:224 https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html http://www.securitytracker.com/id/1031003 SuSE Security Announcement: SUSE-SU-2015:0290 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html SuSE Security Announcement: openSUSE-SU-2015:0255 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html http://www.ubuntu.com/usn/USN-2498-1 XForce ISS Database: kerberos-cve20145351-sec-bypass(97028) https://exchange.xforce.ibmcloud.com/vulnerabilities/97028 Common Vulnerability Exposure (CVE) ID: CVE-2014-5352 BugTraq ID: 72495 http://www.securityfocus.com/bid/72495 Debian Security Information: DSA-3153 (Google Search) http://www.debian.org/security/2015/dsa-3153 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:069 RedHat Security Advisories: RHSA-2015:0439 http://rhn.redhat.com/errata/RHSA-2015-0439.html RedHat Security Advisories: RHSA-2015:0794 http://rhn.redhat.com/errata/RHSA-2015-0794.html SuSE Security Announcement: SUSE-SU-2015:0257 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9421 BugTraq ID: 72496 http://www.securityfocus.com/bid/72496 Common Vulnerability Exposure (CVE) ID: CVE-2014-9422 BugTraq ID: 72494 http://www.securityfocus.com/bid/72494 Common Vulnerability Exposure (CVE) ID: CVE-2014-9423 BugTraq ID: 72503 http://www.securityfocus.com/bid/72503 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |