Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51529
Category:Conectiva Local Security Checks
Title:Conectiva Security Advisory CLA-2002:515
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory CLA-2002:515.

The krb5 packages are MIT's implementation of the Kerberos 5
authentication protocol.

There is a vulnerability[1][2][3] present in the remote
administration service, kadmind, that could potentially be used by
an attacker to execute arbitrary commands with administrator
privileges.

The vulnerability lies in the RPC library, derived from SunRPC, used
by this service. An unchecked multiplication could lead to an integer
overflow which would result in memory being incorrectly allocated and
potential buffer overflows.


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://web.mit.edu/Kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt
http://www.cert.org/advisories/CA-2002-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0391
https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2002:515
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: BugTraq ID: 5356
Common Vulnerability Exposure (CVE) ID: CVE-2002-0391
AIX APAR: IY34194
http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
http://www.securityfocus.com/bid/5356
Bugtraq: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC (Google Search)
http://marc.info/?l=bugtraq&m=102813809232532&w=2
Bugtraq: 20020801 RPC analysis (Google Search)
http://marc.info/?l=bugtraq&m=102821785316087&w=2
Bugtraq: 20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin (Google Search)
http://marc.info/?l=bugtraq&m=102831443208382&w=2
Bugtraq: 20020802 kerberos rpc xdr_array (Google Search)
http://online.securityfocus.com/archive/1/285740
Bugtraq: 20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
Bugtraq: 20020909 GLSA: glibc (Google Search)
http://marc.info/?l=bugtraq&m=103158632831416&w=2
Caldera Security Advisory: CSSA-2002-055.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
http://www.cert.org/advisories/CA-2002-25.html
CERT/CC vulnerability note: VU#192995
http://www.kb.cert.org/vuls/id/192995
Conectiva Linux advisory: CLA-2002:515
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
Conectiva Linux advisory: CLA-2002:535
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
Debian Security Information: DSA-142 (Google Search)
http://www.debian.org/security/2002/dsa-142
Debian Security Information: DSA-143 (Google Search)
http://www.debian.org/security/2002/dsa-143
Debian Security Information: DSA-146 (Google Search)
http://www.debian.org/security/2002/dsa-146
Debian Security Information: DSA-149 (Google Search)
http://www.debian.org/security/2002/dsa-149
Debian Security Information: DSA-333 (Google Search)
http://www.debian.org/security/2003/dsa-333
En Garde Linux Advisory: ESA-20021003-021
http://www.linuxsecurity.com/advisories/other_advisory-2399.html
FreeBSD Security Advisory: FreeBSD-SA-02:34.rpc
http://marc.info/?l=bugtraq&m=102821928418261&w=2
HPdes Security Advisory: HPSBTL0208-061
http://online.securityfocus.com/advisories/4402
HPdes Security Advisory: HPSBUX0209-215
http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
ISS Security Advisory: 20020731 Remote Buffer Overflow Vulnerability in Sun RPC
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057
Microsoft Security Bulletin: MS02-057
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
NETBSD Security Advisory: NetBSD-SA2002-011
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9
RedHat Security Advisories: RHSA-2002:166
http://rhn.redhat.com/errata/RHSA-2002-166.html
http://www.redhat.com/support/errata/RHSA-2002-167.html
RedHat Security Advisories: RHSA-2002:172
http://rhn.redhat.com/errata/RHSA-2002-172.html
http://www.redhat.com/support/errata/RHSA-2002-173.html
http://www.redhat.com/support/errata/RHSA-2003-168.html
http://www.redhat.com/support/errata/RHSA-2003-212.html
SGI Security Advisory: 20020801-01-A
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
SGI Security Advisory: 20020801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P
SuSE Security Announcement: SuSE-SA:2002:031 (Google Search)
http://www.iss.net/security_center/static/9170.php
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.