English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 146377 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.120539
Kategorie:Amazon Linux Local Security Checks
Titel:Amazon Linux: Security Advisory (ALAS-2015-518)
Zusammenfassung:The remote host is missing an update for the 'krb5' package(s) announced via the ALAS-2015-518 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'krb5' package(s) announced via the ALAS-2015-518 advisory.

Vulnerability Insight:
A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352)

If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353)

It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. (CVE-2014-5355)

A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421)

It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)

Affected Software/OS:
'krb5' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-5352
BugTraq ID: 72495
http://www.securityfocus.com/bid/72495
Debian Security Information: DSA-3153 (Google Search)
http://www.debian.org/security/2015/dsa-3153
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
RedHat Security Advisories: RHSA-2015:0439
http://rhn.redhat.com/errata/RHSA-2015-0439.html
RedHat Security Advisories: RHSA-2015:0794
http://rhn.redhat.com/errata/RHSA-2015-0794.html
SuSE Security Announcement: SUSE-SU-2015:0257 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html
SuSE Security Announcement: SUSE-SU-2015:0290 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
SuSE Security Announcement: openSUSE-SU-2015:0255 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
http://www.ubuntu.com/usn/USN-2498-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-5353
BugTraq ID: 71679
http://www.securityfocus.com/bid/71679
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:009
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
http://www.securitytracker.com/id/1031376
SuSE Security Announcement: openSUSE-SU-2015:0542 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-5355
BugTraq ID: 74042
http://www.securityfocus.com/bid/74042
http://www.ubuntu.com/usn/USN-2810-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-9421
BugTraq ID: 72496
http://www.securityfocus.com/bid/72496
Common Vulnerability Exposure (CVE) ID: CVE-2014-9422
BugTraq ID: 72494
http://www.securityfocus.com/bid/72494
CopyrightCopyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.