Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.53233
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 543-1 (krb5)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to krb5
announced via advisory DSA 543-1.

The MIT Kerberos Development Team has discovered a number of
vulnerabilities in the MIT Kerberos Version 5 software. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

CVE-2004-0642 [VU#795632]

A double-free error may allow unauthenticated remote attackers to
execute arbitrary code on KDC or clients.

CVE-2004-0643 [VU#866472]

Several double-free errors may allow authenticated attackers to
execute arbitrary code on Kerberos application servers.

CVE-2004-0644 [VU#550464]

A remotely eploitable denial of service vulnerability has been
found in the KDC and libraries.

CVE-2004-0772 [VU#350792]

Several double-free errors may allow remote attackers to execute
arbitrary code on the server. This does not affect the version in
woody.

For the stable distribution (woody) these problems have been fixed in
version 1.2.4-5woody6.

For the unstable distribution (sid) these problems have been fixed in
version 1.3.4-3.

We recommend that you upgrade your krb5 packages.


Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20543-1

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0642
BugTraq ID: 11078
http://www.securityfocus.com/bid/11078
Bugtraq: 20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos) (Google Search)
http://marc.info/?l=bugtraq&m=109508872524753&w=2
Cert/CC Advisory: TA04-247A
http://www.us-cert.gov/cas/techalerts/TA04-247A.html
CERT/CC vulnerability note: VU#795632
http://www.kb.cert.org/vuls/id/795632
Conectiva Linux advisory: CLA-2004:860
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860
Debian Security Information: DSA-543 (Google Search)
http://www.debian.org/security/2004/dsa-543
http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10709
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4936
RedHat Security Advisories: RHSA-2004:350
http://rhn.redhat.com/errata/RHSA-2004-350.html
http://www.trustix.net/errata/2004/0045/
XForce ISS Database: kerberos-kdc-double-free(17157)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17157
Common Vulnerability Exposure (CVE) ID: CVE-2004-0643
CERT/CC vulnerability note: VU#866472
http://www.kb.cert.org/vuls/id/866472
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10267
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3322
XForce ISS Database: kerberos-krb5rdcred-double-free(17159)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17159
Common Vulnerability Exposure (CVE) ID: CVE-2004-0644
BugTraq ID: 11079
http://www.securityfocus.com/bid/11079
CERT/CC vulnerability note: VU#550464
http://www.kb.cert.org/vuls/id/550464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2139
XForce ISS Database: kerberos-asn1-library-dos(17160)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17160
Common Vulnerability Exposure (CVE) ID: CVE-2004-0772
CERT/CC vulnerability note: VU#350792
http://www.kb.cert.org/vuls/id/350792
http://www.mandriva.com/security/advisories?name=MDKSA-2004:088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661
XForce ISS Database: kerberos-krb524d-double-free(17158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17158
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.