Test ID:	1.3.6.1.4.1.25623.1.0.840433
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-940-1)
Summary:	The remote host is missing an update for the 'krb5' package(s) announced via the USN-940-1 advisory.
Description:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the USN-940-1 advisory. Vulnerability Insight: It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. (CVE-2010-1320, CVE-2010-1321) Affected Software/OS: 'krb5' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 9.04, Ubuntu 9.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5902 BugTraq ID: 26750 http://www.securityfocus.com/bid/26750 Bugtraq: 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/489883/100/0/threaded http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://bugs.gentoo.org/show_bug.cgi?id=199214 http://osvdb.org/44748 http://secunia.com/advisories/28636 http://secunia.com/advisories/29457 http://secunia.com/advisories/39290 http://secunia.com/advisories/39784 SuSE Security Announcement: SUSE-SR:2008:002 (Google Search) http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://ubuntu.com/usn/usn-924-1 http://www.ubuntu.com/usn/USN-940-1 http://www.vupen.com/english/advisories/2010/1192 Common Vulnerability Exposure (CVE) ID: CVE-2007-5971 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html http://security.gentoo.org/glsa/glsa-200803-31.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 http://bugs.gentoo.org/show_bug.cgi?id=199212 http://osvdb.org/43345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10296 http://www.redhat.com/support/errata/RHSA-2008-0164.html http://www.redhat.com/support/errata/RHSA-2008-0180.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29450 http://secunia.com/advisories/29451 http://secunia.com/advisories/29462 http://secunia.com/advisories/29464 http://secunia.com/advisories/29516 http://www.vupen.com/english/advisories/2008/0924/references Common Vulnerability Exposure (CVE) ID: CVE-2007-5972 http://bugs.gentoo.org/show_bug.cgi?id=199211 http://osvdb.org/44747 Common Vulnerability Exposure (CVE) ID: CVE-2010-1320 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 39599 http://www.securityfocus.com/bid/39599 Bugtraq: 20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC (Google Search) http://www.securityfocus.com/archive/1/510843/100/0/threaded http://securitytracker.com/id?1023904 http://secunia.com/advisories/39656 http://secunia.com/advisories/40220 SuSE Security Announcement: SUSE-SR:2010:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://www.vupen.com/english/advisories/2010/1001 http://www.vupen.com/english/advisories/2010/1481 Common Vulnerability Exposure (CVE) ID: CVE-2010-1321 BugTraq ID: 40235 http://www.securityfocus.com/bid/40235 Bugtraq: 20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref (Google Search) http://www.securityfocus.com/archive/1/511331/100/0/threaded Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://www.securityfocus.com/archive/1/516397/100/0/threaded Cert/CC Advisory: TA10-287A http://www.us-cert.gov/cas/techalerts/TA10-287A.html Cert/CC Advisory: TA11-201A http://www.us-cert.gov/cas/techalerts/TA11-201A.html Debian Security Information: DSA-2052 (Google Search) http://www.debian.org/security/2010/dsa-2052 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html HPdes Security Advisory: HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPdes Security Advisory: HPSBUX02544 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 HPdes Security Advisory: SSRT100107 http://www.mandriva.com/security/advisories?name=MDVSA-2010:100 http://osvdb.org/64744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450 http://www.redhat.com/support/errata/RHSA-2010-0423.html http://www.redhat.com/support/errata/RHSA-2010-0770.html http://www.redhat.com/support/errata/RHSA-2010-0807.html http://www.redhat.com/support/errata/RHSA-2010-0873.html http://www.redhat.com/support/errata/RHSA-2010-0935.html http://www.redhat.com/support/errata/RHSA-2010-0987.html http://www.redhat.com/support/errata/RHSA-2011-0152.html http://www.redhat.com/support/errata/RHSA-2011-0880.html http://secunia.com/advisories/39762 http://secunia.com/advisories/39799 http://secunia.com/advisories/39818 http://secunia.com/advisories/39849 http://secunia.com/advisories/40346 http://secunia.com/advisories/40685 http://secunia.com/advisories/41967 http://secunia.com/advisories/42432 http://secunia.com/advisories/42974 http://secunia.com/advisories/43335 http://secunia.com/advisories/44954 SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SuSE Security Announcement: SUSE-SU-2012:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html SuSE Security Announcement: SUSE-SU-2012:0042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html http://www.ubuntu.com/usn/USN-940-2 http://www.vupen.com/english/advisories/2010/1177 http://www.vupen.com/english/advisories/2010/1193 http://www.vupen.com/english/advisories/2010/1196 http://www.vupen.com/english/advisories/2010/1222 http://www.vupen.com/english/advisories/2010/1574 http://www.vupen.com/english/advisories/2010/1882 http://www.vupen.com/english/advisories/2010/3112 http://www.vupen.com/english/advisories/2011/0134
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.