Red Hat Local Security Checks : RedHat Update for krb5 RHSA-2016:0493-01

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.871583

Kategorie: Red Hat Local Security Checks

Titel: RedHat Update for krb5 RHSA-2016:0493-01

Zusammenfassung: The remote host is missing an update for the 'krb5'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'krb5'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Kerberos is a networked authentication
system which allows clients and servers to authenticate to each other with the
help of a trusted third party, the Kerberos KDC.

A memory leak flaw was found in the krb5_unparse_name() function of the MIT
Kerberos kadmind service. An authenticated attacker could repeatedly send
specially crafted requests to the server, which could cause the server to
consume large amounts of memory resources, ultimately leading to a denial
of service due to memory exhaustion. (CVE-2015-8631)

An out-of-bounds read flaw was found in the kadmind service of MIT
Kerberos. An authenticated attacker could send a maliciously crafted
message to force kadmind to read beyond the end of allocated memory, and
write the memory contents to the KDC database if the attacker has write
permission, leading to information disclosure. (CVE-2015-8629)

The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.

All krb5 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, running Kerberos services (krb5kdc, kadmin, and kprop)
will be restarted automatically.

Affected Software/OS:
krb5 on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-8629
BugTraq ID: 82801
http://www.securityfocus.com/bid/82801
Debian Security Information: DSA-3466 (Google Search)
http://www.debian.org/security/2016/dsa-3466
RedHat Security Advisories: RHSA-2016:0493
http://rhn.redhat.com/errata/RHSA-2016-0493.html
RedHat Security Advisories: RHSA-2016:0532
http://rhn.redhat.com/errata/RHSA-2016-0532.html
http://www.securitytracker.com/id/1034914
SuSE Security Announcement: openSUSE-SU-2016:0406 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html
SuSE Security Announcement: openSUSE-SU-2016:0501 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8631
http://www.securitytracker.com/id/1034916

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.871583
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Update for krb5 RHSA-2016:0493-01
Zusammenfassung:	The remote host is missing an update for the 'krb5'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the referenced advisory. Vulnerability Insight: Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. Affected Software/OS: krb5 on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8629 BugTraq ID: 82801 http://www.securityfocus.com/bid/82801 Debian Security Information: DSA-3466 (Google Search) http://www.debian.org/security/2016/dsa-3466 RedHat Security Advisories: RHSA-2016:0493 http://rhn.redhat.com/errata/RHSA-2016-0493.html RedHat Security Advisories: RHSA-2016:0532 http://rhn.redhat.com/errata/RHSA-2016-0532.html http://www.securitytracker.com/id/1034914 SuSE Security Announcement: openSUSE-SU-2016:0406 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html SuSE Security Announcement: openSUSE-SU-2016:0501 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8631 http://www.securitytracker.com/id/1034916
Copyright	Copyright (C) 2016 Greenbone Networks GmbH