Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-1184)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.2.2019.1184

Kategorie: Huawei EulerOS Local Security Checks

Titel: Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-1184)

Zusammenfassung: The remote host is missing an update for the Huawei EulerOS 'krb5' package(s) announced via the EulerOS-SA-2019-1184 advisory.

Beschreibung: Summary:
The remote host is missing an update for the Huawei EulerOS 'krb5' package(s) announced via the EulerOS-SA-2019-1184 advisory.

Vulnerability Insight:
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.(CVE-2018-5729)

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a 'linkdn' and 'containerdn' database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.(CVE-2018-5730)

Affected Software/OS:
'krb5' package(s) on Huawei EulerOS Virtualization 2.5.3.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-5729
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/
https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
RedHat Security Advisories: RHBA-2019:0327
https://access.redhat.com/errata/RHBA-2019:0327
RedHat Security Advisories: RHSA-2018:3071
https://access.redhat.com/errata/RHSA-2018:3071
http://www.securitytracker.com/id/1042071
Common Vulnerability Exposure (CVE) ID: CVE-2018-5730

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2019.1184
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-1184)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'krb5' package(s) announced via the EulerOS-SA-2019-1184 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'krb5' package(s) announced via the EulerOS-SA-2019-1184 advisory. Vulnerability Insight: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.(CVE-2018-5729) MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a 'linkdn' and 'containerdn' database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.(CVE-2018-5730) Affected Software/OS: 'krb5' package(s) on Huawei EulerOS Virtualization 2.5.3. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5729 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/ https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html RedHat Security Advisories: RHBA-2019:0327 https://access.redhat.com/errata/RHBA-2019:0327 RedHat Security Advisories: RHSA-2018:3071 https://access.redhat.com/errata/RHSA-2018:3071 http://www.securitytracker.com/id/1042071 Common Vulnerability Exposure (CVE) ID: CVE-2018-5730
Copyright	Copyright (C) 2020 Greenbone Networks GmbH