ID de Prueba:	1.3.6.1.4.1.25623.1.0.51547
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:534
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:534. The krb5 packages are MIT's[1] implementation of the Kerberos 5 authentication protocol. There is a buffer overflow vulnerability[2][3] in the Kerberos 4 remote administration service (kadmind4) that could be used by a remote attacker to execute arbitrary commands on the server with root privileges. The daemon which implements this service, kadmind4, is included in our krb5-server package, but not used by default. The package defaults to using the kadmind daemon, which is not vulnerable to this problem. Only administrators who explicitly run kadmind4 will be at risk. The authors released an advisory[2] with a patch which fixes the vulnerability. This patch has been applied to the updated packages below. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://web.mit.edu/Kerberos/www/index.html http://web.mit.edu/Kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt http://www.cert.org/advisories/CA-2002-29.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1235 https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2002:534 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 6024 Common Vulnerability Exposure (CVE) ID: CVE-2002-1235 http://www.securityfocus.com/bid/6024 Bugtraq: 20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103539530729206&w=2 Bugtraq: 20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103564944215101&w=2 Bugtraq: 20021027 KRB5-SORCERER2002-10-27 Security Update (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html Bugtraq: 20021027 Re: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103582805330339&w=2 Bugtraq: 20021028 GLSA: krb5 (Google Search) http://marc.info/?l=bugtraq&m=103582517126392&w=2 http://www.cert.org/advisories/CA-2002-29.html CERT/CC vulnerability note: VU#875073 http://www.kb.cert.org/vuls/id/875073 Conectiva Linux advisory: CLA-2002:534 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534 Debian Security Information: DSA-183 (Google Search) http://www.debian.org/security/2002/dsa-183 Debian Security Information: DSA-184 (Google Search) http://www.debian.org/security/2002/dsa-184 Debian Security Information: DSA-185 (Google Search) http://www.debian.org/security/2002/dsa-185 FreeBSD Security Advisory: FreeBSD-SA-02:40 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php NETBSD Security Advisory: NetBSD-SA2002-026 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc http://www.redhat.com/support/errata/RHSA-2002-242.html http://www.iss.net/security_center/static/10430.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.