Test Kennung:	1.3.6.1.4.1.25623.1.0.881341
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for krb5-devel CESA-2011:0199 centos5 x86_64
Zusammenfassung:	The remote host is missing an update for the 'krb5-devel'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'krb5-devel' package(s) announced via the referenced advisory. Vulnerability Insight: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially-crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially-crafted request. (CVE-2011-0281) Red Hat would like to thank the MIT Kerberos Team for reporting these issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. Affected Software/OS: krb5-devel on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0281 BugTraq ID: 46265 http://www.securityfocus.com/bid/46265 Bugtraq: 20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] (Google Search) http://www.securityfocus.com/archive/1/516299/100/0/threaded Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2011:024 http://www.mandriva.com/security/advisories?name=MDVSA-2011:025 http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html http://www.redhat.com/support/errata/RHSA-2011-0199.html http://www.redhat.com/support/errata/RHSA-2011-0200.html http://www.securitytracker.com/id?1025037 http://secunia.com/advisories/43260 http://secunia.com/advisories/43273 http://secunia.com/advisories/43275 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8073 SuSE Security Announcement: SUSE-SR:2011:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://www.vupen.com/english/advisories/2011/0330 http://www.vupen.com/english/advisories/2011/0333 http://www.vupen.com/english/advisories/2011/0347 http://www.vupen.com/english/advisories/2011/0464 XForce ISS Database: kerberos-ldap-descriptor-dos(65324) https://exchange.xforce.ibmcloud.com/vulnerabilities/65324 Common Vulnerability Exposure (CVE) ID: CVE-2011-0282 BugTraq ID: 46271 http://www.securityfocus.com/bid/46271 XForce ISS Database: kerberos-ldap-dos(65323) https://exchange.xforce.ibmcloud.com/vulnerabilities/65323
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.