Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68693
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: krb5
Summary:The remote host is missing an update to the system;as announced in the referenced advisory.
Description:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: krb5

CVE-2010-1324
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not
properly determine the acceptability of checksums, which might allow
remote attackers to forge GSS tokens, gain privileges, or have
unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed
PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: BugTraq ID: 45116
Common Vulnerability Exposure (CVE) ID: CVE-2010-1324
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://www.securityfocus.com/bid/45116
Bugtraq: 20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] (Google Search)
http://www.securityfocus.com/archive/1/514953/100/0/threaded
Bugtraq: 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
HPdes Security Advisory: HPSBUX02623
http://marc.info/?l=bugtraq&m=129562442714657&w=2
HPdes Security Advisory: SSRT100355
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://osvdb.org/69609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
http://www.redhat.com/support/errata/RHSA-2010-0925.html
http://www.securitytracker.com/id?1024803
http://secunia.com/advisories/42399
http://secunia.com/advisories/43015
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://www.ubuntu.com/usn/USN-1030-1
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3095
http://www.vupen.com/english/advisories/2010/3118
http://www.vupen.com/english/advisories/2011/0187
CopyrightCopyright (C) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.