ID de Prueba:	1.3.6.1.4.1.25623.1.0.50537
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:056 (krb5)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to krb5 announced via advisory MDKSA-2004:056. Multiple buffer overflows exist in the krb5_aname_to_localname() library function that if exploited could lead to unauthorized root privileges. In order to exploit this flaw, an attacker must first successfully authenticate to a vulnerable service, which must be configured to enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname, which is not a default configuration. Mandrakesoft encourages all users to upgrade to these patched krb5 packages. Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:056 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0523 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 10448 Common Vulnerability Exposure (CVE) ID: CVE-2004-0523 http://www.securityfocus.com/bid/10448 Bugtraq: 20040601 MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname (Google Search) http://marc.info/?l=bugtraq&m=108612325909496&w=2 Bugtraq: 20040602 TSSA-2004-009 - kerberos5 (Google Search) http://marc.info/?l=bugtraq&m=108619161815320&w=2 CERT/CC vulnerability note: VU#686862 http://www.kb.cert.org/vuls/id/686862 Conectiva Linux advisory: CLA-2004:860 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860 Debian Security Information: DSA-520 (Google Search) http://www.debian.org/security/2004/dsa-520 http://lwn.net/Articles/88206/ http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10295 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A724 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A991 http://www.redhat.com/support/errata/RHSA-2004-236.html SGI Security Advisory: 20040604-01-U ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc SGI Security Advisory: 20040605-01-U ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1 http://marc.info/?l=bugtraq&m=108619250923790&w=2 XForce ISS Database: Kerberos-krb5anametolocalname-bo(16268) https://exchange.xforce.ibmcloud.com/vulnerabilities/16268
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.