English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.891265
Kategorie:Debian Local Security Checks
Titel:Debian LTS: Security Advisory for krb5 (DLA-1265-1)
Zusammenfassung:Kerberos, a system for authenticating users and services on a network,;was affected by several vulnerabilities. The Common Vulnerabilities;and Exposures project identifies the following issues.;;CVE-2013-1418;Kerberos allows remote attackers to cause a denial of service;(NULL pointer dereference and daemon crash) via a crafted request;when multiple realms are configured.;;CVE-2014-5351;Kerberos sends old keys in a response to a -randkey -keepold;request, which allows remote authenticated users to forge tickets by;leveraging administrative access.;;CVE-2014-5353;When the KDC uses LDAP, allows remote authenticated users to cause a;denial of service (daemon crash) via a successful LDAP query with no;results, as demonstrated by using an incorrect object type for a;password policy.;;CVE-2014-5355;Kerberos expects that a krb5_read_message data field is represented;as a string ending with a '\0' character, which allows remote;attackers to (1) cause a denial of service (NULL pointer;dereference) via a zero-byte version string or (2) cause a denial of;service (out-of-bounds read) by omitting the '\0' character,;;CVE-2016-3119;Kerberos allows remote authenticated users to cause a denial of;service (NULL pointer dereference and daemon crash) via a crafted;request to modify a principal.;;CVE-2016-3120;Kerberos allows remote authenticated users to cause a denial of;service (NULL pointer dereference and daemon crash) via an S4U2Self;request.
Beschreibung:Summary:
Kerberos, a system for authenticating users and services on a network,
was affected by several vulnerabilities. The Common Vulnerabilities
and Exposures project identifies the following issues.

CVE-2013-1418
Kerberos allows remote attackers to cause a denial of service
(NULL pointer dereference and daemon crash) via a crafted request
when multiple realms are configured.

CVE-2014-5351
Kerberos sends old keys in a response to a -randkey -keepold
request, which allows remote authenticated users to forge tickets by
leveraging administrative access.

CVE-2014-5353
When the KDC uses LDAP, allows remote authenticated users to cause a
denial of service (daemon crash) via a successful LDAP query with no
results, as demonstrated by using an incorrect object type for a
password policy.

CVE-2014-5355
Kerberos expects that a krb5_read_message data field is represented
as a string ending with a '\0' character, which allows remote
attackers to (1) cause a denial of service (NULL pointer
dereference) via a zero-byte version string or (2) cause a denial of
service (out-of-bounds read) by omitting the '\0' character,

CVE-2016-3119
Kerberos allows remote authenticated users to cause a denial of
service (NULL pointer dereference and daemon crash) via a crafted
request to modify a principal.

CVE-2016-3120
Kerberos allows remote authenticated users to cause a denial of
service (NULL pointer dereference and daemon crash) via an S4U2Self
request.

Affected Software/OS:
krb5 on Debian Linux

Solution:
For Debian 7 'Wheezy', these problems have been fixed in version
1.10.1+dfsg-5+deb7u9.

We recommend that you upgrade your krb5 packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-1418
BugTraq ID: 63555
http://www.securityfocus.com/bid/63555
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
SuSE Security Announcement: openSUSE-SU-2013:1738 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html
SuSE Security Announcement: openSUSE-SU-2013:1751 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html
SuSE Security Announcement: openSUSE-SU-2013:1833 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-5351
BugTraq ID: 70380
http://www.securityfocus.com/bid/70380
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
http://security.gentoo.org/glsa/glsa-201412-53.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:224
http://www.securitytracker.com/id/1031003
SuSE Security Announcement: SUSE-SU-2015:0290 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
SuSE Security Announcement: openSUSE-SU-2015:0255 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
http://www.ubuntu.com/usn/USN-2498-1
XForce ISS Database: kerberos-cve20145351-sec-bypass(97028)
https://exchange.xforce.ibmcloud.com/vulnerabilities/97028
Common Vulnerability Exposure (CVE) ID: CVE-2014-5353
BugTraq ID: 71679
http://www.securityfocus.com/bid/71679
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:009
RedHat Security Advisories: RHSA-2015:0439
http://rhn.redhat.com/errata/RHSA-2015-0439.html
RedHat Security Advisories: RHSA-2015:0794
http://rhn.redhat.com/errata/RHSA-2015-0794.html
http://www.securitytracker.com/id/1031376
SuSE Security Announcement: openSUSE-SU-2015:0542 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-5355
BugTraq ID: 74042
http://www.securityfocus.com/bid/74042
http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
http://www.ubuntu.com/usn/USN-2810-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-3119
BugTraq ID: 85392
http://www.securityfocus.com/bid/85392
RedHat Security Advisories: RHSA-2016:2591
http://rhn.redhat.com/errata/RHSA-2016-2591.html
http://www.securitytracker.com/id/1035399
SuSE Security Announcement: openSUSE-SU-2016:0947 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html
SuSE Security Announcement: openSUSE-SU-2016:1072 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-3120
BugTraq ID: 92132
http://www.securityfocus.com/bid/92132
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/
http://www.securitytracker.com/id/1036442
SuSE Security Announcement: openSUSE-SU-2016:2268 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html
CopyrightCopyright (C) 2018 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.