Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.891265 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for krb5 (DLA-1265-1) |
Zusammenfassung: | Kerberos, a system for authenticating users and services on a network,;was affected by several vulnerabilities. The Common Vulnerabilities;and Exposures project identifies the following issues.;;CVE-2013-1418;Kerberos allows remote attackers to cause a denial of service;(NULL pointer dereference and daemon crash) via a crafted request;when multiple realms are configured.;;CVE-2014-5351;Kerberos sends old keys in a response to a -randkey -keepold;request, which allows remote authenticated users to forge tickets by;leveraging administrative access.;;CVE-2014-5353;When the KDC uses LDAP, allows remote authenticated users to cause a;denial of service (daemon crash) via a successful LDAP query with no;results, as demonstrated by using an incorrect object type for a;password policy.;;CVE-2014-5355;Kerberos expects that a krb5_read_message data field is represented;as a string ending with a '\0' character, which allows remote;attackers to (1) cause a denial of service (NULL pointer;dereference) via a zero-byte version string or (2) cause a denial of;service (out-of-bounds read) by omitting the '\0' character,;;CVE-2016-3119;Kerberos allows remote authenticated users to cause a denial of;service (NULL pointer dereference and daemon crash) via a crafted;request to modify a principal.;;CVE-2016-3120;Kerberos allows remote authenticated users to cause a denial of;service (NULL pointer dereference and daemon crash) via an S4U2Self;request. |
Beschreibung: | Summary: Kerberos, a system for authenticating users and services on a network, was affected by several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2013-1418 Kerberos allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request when multiple realms are configured. CVE-2014-5351 Kerberos sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5353 When the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. CVE-2014-5355 Kerberos expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, CVE-2016-3119 Kerberos allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. CVE-2016-3120 Kerberos allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. Affected Software/OS: krb5 on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 1.10.1+dfsg-5+deb7u9. We recommend that you upgrade your krb5 packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-1418 BugTraq ID: 63555 http://www.securityfocus.com/bid/63555 https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html SuSE Security Announcement: openSUSE-SU-2013:1738 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html SuSE Security Announcement: openSUSE-SU-2013:1751 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html SuSE Security Announcement: openSUSE-SU-2013:1833 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html Common Vulnerability Exposure (CVE) ID: CVE-2014-5351 BugTraq ID: 70380 http://www.securityfocus.com/bid/70380 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html http://security.gentoo.org/glsa/glsa-201412-53.xml http://www.mandriva.com/security/advisories?name=MDVSA-2014:224 http://www.securitytracker.com/id/1031003 SuSE Security Announcement: SUSE-SU-2015:0290 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html SuSE Security Announcement: openSUSE-SU-2015:0255 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html http://www.ubuntu.com/usn/USN-2498-1 XForce ISS Database: kerberos-cve20145351-sec-bypass(97028) https://exchange.xforce.ibmcloud.com/vulnerabilities/97028 Common Vulnerability Exposure (CVE) ID: CVE-2014-5353 BugTraq ID: 71679 http://www.securityfocus.com/bid/71679 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:009 RedHat Security Advisories: RHSA-2015:0439 http://rhn.redhat.com/errata/RHSA-2015-0439.html RedHat Security Advisories: RHSA-2015:0794 http://rhn.redhat.com/errata/RHSA-2015-0794.html http://www.securitytracker.com/id/1031376 SuSE Security Announcement: openSUSE-SU-2015:0542 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html Common Vulnerability Exposure (CVE) ID: CVE-2014-5355 BugTraq ID: 74042 http://www.securityfocus.com/bid/74042 http://www.mandriva.com/security/advisories?name=MDVSA-2015:069 http://www.ubuntu.com/usn/USN-2810-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-3119 BugTraq ID: 85392 http://www.securityfocus.com/bid/85392 RedHat Security Advisories: RHSA-2016:2591 http://rhn.redhat.com/errata/RHSA-2016-2591.html http://www.securitytracker.com/id/1035399 SuSE Security Announcement: openSUSE-SU-2016:0947 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html SuSE Security Announcement: openSUSE-SU-2016:1072 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3120 BugTraq ID: 92132 http://www.securityfocus.com/bid/92132 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/ http://www.securitytracker.com/id/1036442 SuSE Security Announcement: openSUSE-SU-2016:2268 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |