Test Kennung:	1.3.6.1.4.1.25623.1.0.58199
Kategorie:	Turbolinux Local Security Tests
Titel:	Turbolinux TLSA-2007-24 (krb5)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to krb5 announced via advisory TLSA-2007-24. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. - The MIT krb5 telnet daemon (krb5-telnet) allows unauthorized login as an arbitrary user, when presented with a specially crafted username. Exploitation of this vulnerability is trivial. - The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. Exploitation of this vulnerability is probably simple. - The GSS-API library provided with MIT krb5 contains a vulnerability that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. A user can gain unauthorized access to any account (including root) on a host running telnetd. The krb5 allows remote attackers to cause a host running kadmind to execute arbitrary code. The krb5 allows remote attackers to cause a denial of service. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2007-24 Risk factor : Critical CVSS Score: 9.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0956 BugTraq ID: 23281 http://www.securityfocus.com/bid/23281 Bugtraq: 20070403 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956] (Google Search) http://www.securityfocus.com/archive/1/464590/100/0/threaded Bugtraq: 20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/464666/100/0/threaded Bugtraq: 20070405 FLEA-2007-0008-1: krb5 (Google Search) http://www.securityfocus.com/archive/1/464814/30/7170/threaded Cert/CC Advisory: TA07-093B http://www.us-cert.gov/cas/techalerts/TA07-093B.html CERT/CC vulnerability note: VU#220816 http://www.kb.cert.org/vuls/id/220816 Debian Security Information: DSA-1276 (Google Search) http://www.debian.org/security/2007/dsa-1276 http://security.gentoo.org/glsa/glsa-200704-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10046 http://www.redhat.com/support/errata/RHSA-2007-0095.html http://www.securitytracker.com/id?1017848 http://secunia.com/advisories/24706 http://secunia.com/advisories/24735 http://secunia.com/advisories/24736 http://secunia.com/advisories/24740 http://secunia.com/advisories/24750 http://secunia.com/advisories/24755 http://secunia.com/advisories/24757 http://secunia.com/advisories/24785 http://secunia.com/advisories/24786 http://secunia.com/advisories/24817 SGI Security Advisory: 20070401-01-P ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1 SuSE Security Announcement: SUSE-SA:2007:025 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html http://www.ubuntu.com/usn/usn-449-1 http://www.vupen.com/english/advisories/2007/1218 http://www.vupen.com/english/advisories/2007/1249 XForce ISS Database: kerberos-telnet-security-bypass(33414) https://exchange.xforce.ibmcloud.com/vulnerabilities/33414 Common Vulnerability Exposure (CVE) ID: CVE-2007-0957 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html BugTraq ID: 23285 http://www.securityfocus.com/bid/23285 Bugtraq: 20070403 MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957] (Google Search) http://www.securityfocus.com/archive/1/464592/100/0/threaded Cert/CC Advisory: TA07-109A http://www.us-cert.gov/cas/techalerts/TA07-109A.html CERT/CC vulnerability note: VU#704024 http://www.kb.cert.org/vuls/id/704024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757 http://www.securitytracker.com/id?1017849 http://secunia.com/advisories/24798 http://secunia.com/advisories/24966 http://secunia.com/advisories/25464 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1 http://www.vupen.com/english/advisories/2007/1250 http://www.vupen.com/english/advisories/2007/1470 http://www.vupen.com/english/advisories/2007/1983 XForce ISS Database: kerberos-krb5klogsyslog-bo(33411) https://exchange.xforce.ibmcloud.com/vulnerabilities/33411 Common Vulnerability Exposure (CVE) ID: CVE-2007-1216 BugTraq ID: 23282 http://www.securityfocus.com/bid/23282 Bugtraq: 20070403 MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216] (Google Search) http://www.securityfocus.com/archive/1/464591/100/0/threaded CERT/CC vulnerability note: VU#419344 http://www.kb.cert.org/vuls/id/419344 HPdes Security Advisory: HPSBUX02217 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056923 HPdes Security Advisory: SSRT071337 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11135 http://www.securitytracker.com/id?1017852 http://secunia.com/advisories/25388 http://www.vupen.com/english/advisories/2007/1916 XForce ISS Database: kerberos-kadmind-code-execution(33413) https://exchange.xforce.ibmcloud.com/vulnerabilities/33413
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.