Test ID:	1.3.6.1.4.1.25623.1.0.50671
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2002:073-1 (krb5)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to krb5 announced via advisory MDKSA-2002:073-1. A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately. Update: The /etc/rc.d/init.d/kadmin initscript improperly pointed to a non-existant location for the kadmind binary. This update corrects the problem. Affected versions: 8.1, 8.2, 9.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:073-1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1235 http://www.kb.cert.org/vuls/id/875073 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	BugTraq ID: 6024 Common Vulnerability Exposure (CVE) ID: CVE-2002-1235 http://www.securityfocus.com/bid/6024 Bugtraq: 20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103539530729206&w=2 Bugtraq: 20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103564944215101&w=2 Bugtraq: 20021027 KRB5-SORCERER2002-10-27 Security Update (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html Bugtraq: 20021027 Re: Buffer overflow in kadmind4 (Google Search) http://marc.info/?l=bugtraq&m=103582805330339&w=2 Bugtraq: 20021028 GLSA: krb5 (Google Search) http://marc.info/?l=bugtraq&m=103582517126392&w=2 http://www.cert.org/advisories/CA-2002-29.html CERT/CC vulnerability note: VU#875073 http://www.kb.cert.org/vuls/id/875073 Conectiva Linux advisory: CLA-2002:534 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534 Debian Security Information: DSA-183 (Google Search) http://www.debian.org/security/2002/dsa-183 Debian Security Information: DSA-184 (Google Search) http://www.debian.org/security/2002/dsa-184 Debian Security Information: DSA-185 (Google Search) http://www.debian.org/security/2002/dsa-185 FreeBSD Security Advisory: FreeBSD-SA-02:40 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php NETBSD Security Advisory: NetBSD-SA2002-026 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc http://www.redhat.com/support/errata/RHSA-2002-242.html http://www.iss.net/security_center/static/10430.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.