Vulnerabilities > CVE-2002-2443 - Improper Input Validation vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_KRB5-130626.NASL description This krb5 update fixes a security issue. - kpasswd UDP ping-pong (bug#825985 / CVE-2002-2443) last seen 2020-06-05 modified 2013-07-14 plugin id 68875 published 2013-07-14 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68875 title SuSE 11.2 / 11.3 Security Update : krb5 (SAT Patch Numbers 7962 / 7968) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(68875); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2002-2443"); script_name(english:"SuSE 11.2 / 11.3 Security Update : krb5 (SAT Patch Numbers 7962 / 7968)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This krb5 update fixes a security issue. - kpasswd UDP ping-pong (bug#825985 / CVE-2002-2443)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=825985" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2002-2443.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 7962 / 7968 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-apps-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-apps-servers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"krb5-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"krb5-client-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"krb5-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"krb5-client-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"krb5-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"krb5-client-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"krb5-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"krb5-client-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"krb5-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"krb5-apps-clients-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"krb5-apps-servers-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"krb5-client-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"krb5-server-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"krb5-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"krb5-apps-clients-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"krb5-apps-servers-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"krb5-client-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"krb5-server-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-166.NASL description A vulnerability has been discovered and corrected in krb5 : The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack (CVE-2002-2443). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 66535 published 2013-05-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66535 title Mandriva Linux Security Advisory : krb5 (MDVSA-2013:166) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:166. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66535); script_version("1.8"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2002-2443"); script_bugtraq_id(60008); script_xref(name:"MDVSA", value:"2013:166"); script_name(english:"Mandriva Linux Security Advisory : krb5 (MDVSA-2013:166)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been discovered and corrected in krb5 : The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack (CVE-2002-2443). The updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=962531" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-pkinit-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64krb53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64krb53-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-1.9.2-3.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-pkinit-openssl-1.9.2-3.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-server-1.9.2-3.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-server-ldap-1.9.2-3.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-workstation-1.9.2-3.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64krb53-1.9.2-3.3.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64krb53-devel-1.9.2-3.3.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id KRB_PINGPONG.NASL description The remote host is running a Kerberos server that seems to be vulnerable to a last seen 2020-06-01 modified 2020-06-02 plugin id 10640 published 2001-03-25 reporter This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10640 title Kerberos Server Spoofed Packet Amplification DoS (PingPong) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10640); script_version("1.24"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id("CVE-2002-2443"); script_name(english:"Kerberos Server Spoofed Packet Amplification DoS (PingPong)"); script_summary(english:"Checks for the presence of a bad krb server"); script_set_attribute(attribute:"synopsis", value:"The remote service is vulnerable to a denial of service attack."); script_set_attribute(attribute:"description", value: "The remote host is running a Kerberos server that seems to be vulnerable to a 'ping-pong' attack. When contacted on the UDP port, this service always responds, even to malformed requests. This makes it possible to involve it in a 'ping-pong' attack, in which an attacker spoofs a packet between two machines running this service, causing them to spew characters at each other, slowing the machines down and saturating the network."); script_set_attribute(attribute:"solution", value:"Upgrade to krb5-1.11.3 or later. Additionally, you can disable this service if it is not required."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"1996/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2001/03/25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/oss-sec/2013/q2/316"); script_set_attribute(attribute:"see_also", value:"htp://krbdev.mit.edu/rt/Ticket/Display.html?id=7637"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc."); script_family(english:"Misc."); exit(0); } if(!get_udp_port_state(464))exit(0); soc = open_sock_udp(464); crp = crap(25); if(soc) { send(socket:soc, data:crp); r = recv(socket:soc, length:255); if(r){ send(socket:soc, data:r); r = recv(socket:soc, length:255); if ( r ) security_hole(port:464, protocol:"udp"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2810-1.NASL description It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443) It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5355) It was discovered that the Kerberos kdcpreauth modules incorrectly tracked certain client requests. A remote attacker could possibly use this issue to bypass intended preauthentication requirements. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694) It was discovered that Kerberos incorrectly handled certain SPNEGO packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2695) It was discovered that Kerberos incorrectly handled certain IAKERB packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2696, CVE-2015-2698) It was discovered that Kerberos incorrectly handled certain TGS requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2697). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86872 published 2015-11-13 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86872 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : krb5 vulnerabilities (USN-2810-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2810-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(86872); script_version("2.13"); script_cvs_date("Date: 2019/09/18 12:31:45"); script_cve_id("CVE-2002-2443", "CVE-2014-5355", "CVE-2015-2694", "CVE-2015-2695", "CVE-2015-2696", "CVE-2015-2697", "CVE-2015-2698"); script_xref(name:"USN", value:"2810-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : krb5 vulnerabilities (USN-2810-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443) It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5355) It was discovered that the Kerberos kdcpreauth modules incorrectly tracked certain client requests. A remote attacker could possibly use this issue to bypass intended preauthentication requirements. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694) It was discovered that Kerberos incorrectly handled certain SPNEGO packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2695) It was discovered that Kerberos incorrectly handled certain IAKERB packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2696, CVE-2015-2698) It was discovered that Kerberos incorrectly handled certain TGS requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2697). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2810-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-k5tls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-otp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-user"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgssrpc4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libk5crypto3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkdb5-6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkdb5-7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkdb5-8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrad0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb5-3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb5support0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|15\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.04 / 15.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"krb5-admin-server", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"krb5-kdc", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"krb5-kdc-ldap", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"krb5-pkinit", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"krb5-user", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libgssapi-krb5-2", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libgssrpc4", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libk5crypto3", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libkadm5clnt-mit8", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libkdb5-6", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libkrb5-3", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libkrb53", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libkrb5support0", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"krb5-admin-server", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"krb5-kdc", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"krb5-kdc-ldap", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"krb5-otp", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"krb5-pkinit", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"krb5-user", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libgssapi-krb5-2", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libgssrpc4", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libk5crypto3", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libkadm5clnt-mit9", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libkdb5-7", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libkrad0", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libkrb5-3", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libkrb5support0", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"krb5-admin-server", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"krb5-kdc", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"krb5-kdc-ldap", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"krb5-otp", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"krb5-pkinit", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"krb5-user", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libgssapi-krb5-2", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libgssrpc4", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libk5crypto3", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libkadm5clnt-mit9", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libkdb5-7", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libkrad0", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libkrb5-3", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libkrb5support0", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"krb5-admin-server", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"krb5-k5tls", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"krb5-kdc", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"krb5-kdc-ldap", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"krb5-otp", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"krb5-pkinit", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"krb5-user", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"libgssapi-krb5-2", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"libgssrpc4", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"libk5crypto3", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"libkadm5clnt-mit9", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"libkdb5-8", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"libkrad0", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"libkrb5-3", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"libkrb5support0", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-admin-server / krb5-k5tls / krb5-kdc / krb5-kdc-ldap / etc"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0942.NASL description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind last seen 2020-06-01 modified 2020-06-02 plugin id 66888 published 2013-06-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66888 title CentOS 5 / 6 : krb5 (CESA-2013:0942) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0942 and # CentOS Errata and Security Advisory 2013:0942 respectively. # include("compat.inc"); if (description) { script_id(66888); script_version("1.7"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2002-2443"); script_bugtraq_id(60008); script_xref(name:"RHSA", value:"2013:0942"); script_name(english:"CentOS 5 / 6 : krb5 (CESA-2013:0942)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming network bandwidth and CPU. (CVE-2002-2443) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically." ); # https://lists.centos.org/pipermail/centos-announce/2013-June/019785.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?74e27261" ); # https://lists.centos.org/pipermail/centos-announce/2013-June/019786.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2302d2ab" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2002-2443"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-pkinit-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"krb5-devel-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"CentOS-5", reference:"krb5-libs-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"CentOS-5", reference:"krb5-server-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"CentOS-5", reference:"krb5-server-ldap-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"CentOS-5", reference:"krb5-workstation-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"CentOS-6", reference:"krb5-devel-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"krb5-libs-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"krb5-pkinit-openssl-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"krb5-server-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"krb5-server-ldap-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"krb5-workstation-1.10.3-10.el6_4.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2701.NASL description It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition. last seen 2020-03-17 modified 2013-06-03 plugin id 66768 published 2013-06-03 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66768 title Debian DSA-2701-1 : krb5 - denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2701. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(66768); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2002-2443"); script_bugtraq_id(60008); script_xref(name:"DSA", value:"2701"); script_name(english:"Debian DSA-2701-1 : krb5 - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/krb5" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/krb5" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2701" ); script_set_attribute( attribute:"solution", value: "Upgrade the krb5 packages. For the oldstable distribution (squeeze), this problem has been fixed in version 1.8.3+dfsg-4squeeze7. For the stable distribution (wheezy), this problem has been fixed in version 1.10.1+dfsg-5+deb7u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"krb5-admin-server", reference:"1.8.3+dfsg-4squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"krb5-doc", reference:"1.8.3+dfsg-4squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"krb5-kdc", reference:"1.8.3+dfsg-4squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"krb5-kdc-ldap", reference:"1.8.3+dfsg-4squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"krb5-multidev", reference:"1.8.3+dfsg-4squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"krb5-pkinit", reference:"1.8.3+dfsg-4squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"krb5-user", reference:"1.8.3+dfsg-4squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"libkrb5-dev", reference:"1.8.3+dfsg-4squeeze7")) flag++; if (deb_check(release:"6.0", prefix:"libkrb53", reference:"1.8.3+dfsg-4squeeze7")) flag++; if (deb_check(release:"7.0", prefix:"krb5-admin-server", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"krb5-doc", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"krb5-gss-samples", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"krb5-kdc", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"krb5-kdc-ldap", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"krb5-locales", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"krb5-multidev", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"krb5-pkinit", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"krb5-user", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libgssapi-krb5-2", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libgssrpc4", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libk5crypto3", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libkadm5clnt-mit8", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libkadm5srv-mit8", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libkdb5-6", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libkrb5-3", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libkrb5-dbg", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libkrb5-dev", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libkrb5support0", reference:"1.10.1+dfsg-5+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0942.NASL description From Red Hat Security Advisory 2013:0942 : Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind last seen 2020-06-01 modified 2020-06-02 plugin id 68835 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68835 title Oracle Linux 5 / 6 : krb5 (ELSA-2013-0942) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0942 and # Oracle Linux Security Advisory ELSA-2013-0942 respectively. # include("compat.inc"); if (description) { script_id(68835); script_version("1.6"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2002-2443"); script_bugtraq_id(60008); script_xref(name:"RHSA", value:"2013:0942"); script_name(english:"Oracle Linux 5 / 6 : krb5 (ELSA-2013-0942)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0942 : Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming network bandwidth and CPU. (CVE-2002-2443) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-June/003514.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-June/003515.html" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-pkinit-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"krb5-devel-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"EL5", reference:"krb5-libs-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"EL5", reference:"krb5-server-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"EL5", reference:"krb5-server-ldap-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"EL5", reference:"krb5-workstation-1.6.1-70.el5_9.2")) flag++; if (rpm_check(release:"EL6", reference:"krb5-devel-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"EL6", reference:"krb5-libs-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"EL6", reference:"krb5-pkinit-openssl-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"EL6", reference:"krb5-server-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"EL6", reference:"krb5-server-ldap-1.10.3-10.el6_4.3")) flag++; if (rpm_check(release:"EL6", reference:"krb5-workstation-1.10.3-10.el6_4.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc"); }NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0034.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - actually apply that last patch - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) - ksu: when evaluating .k5users, don last seen 2020-06-01 modified 2020-06-02 plugin id 79549 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79549 title OracleVM 3.3 : krb5 (OVMSA-2014-0034) NASL family Fedora Local Security Checks NASL id FEDORA_2013-8212.NASL description This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind (CVE-2002-2443). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-05-22 plugin id 66534 published 2013-05-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66534 title Fedora 18 : krb5-1.10.3-17.fc18 (2013-8212) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-546.NASL description This update fixes a kpasswd UDP ping-pong security bug (CVE-2002-2443). last seen 2020-06-05 modified 2014-06-13 plugin id 75067 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75067 title openSUSE Security Update : krb5 (openSUSE-SU-2013:1119-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0942.NASL description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind last seen 2020-06-01 modified 2020-06-02 plugin id 66883 published 2013-06-13 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66883 title RHEL 5 / 6 : krb5 (RHSA-2013:0942) NASL family SuSE Local Security Checks NASL id SUSE_KRB5-8631.NASL description This krb5 update fixes a security issue. - kpasswd UDP ping-pong (bug#825985 / CVE-2002-2443) last seen 2020-06-05 modified 2013-07-14 plugin id 68877 published 2013-07-14 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68877 title SuSE 10 Security Update : krb5 (ZYPP Patch Number 8631) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E3F64457CCCD11E2AF76206A8A720317.NASL description No advisory has been released yet. schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. [CVE-2002-2443]. last seen 2020-06-01 modified 2020-06-02 plugin id 66777 published 2013-06-04 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66777 title FreeBSD : krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] (e3f64457-cccd-11e2-af76-206a8a720317) NASL family Fedora Local Security Checks NASL id FEDORA_2013-8113.NASL description This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind (CVE-2002-2443), and modifies the client library to treat KRB5CCNAME values which begin with last seen 2020-03-17 modified 2013-05-26 plugin id 66597 published 2013-05-26 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66597 title Fedora 19 : krb5-1.11.2-6.fc19 (2013-8113) NASL family Solaris Local Security Checks NASL id SOLARIS11_KERBEROS_20130924.NASL description The remote Solaris system is missing necessary patches to address security updates : - schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. (CVE-2002-2443) - The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request. (CVE-2012-1016) - The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/ pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. (CVE-2013-1415) last seen 2020-06-01 modified 2020-06-02 plugin id 80652 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80652 title Oracle Solaris Third-Party Patch Update : kerberos (cve_2002_2443_denial_of) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-208.NASL description It was found that kadmind last seen 2020-06-01 modified 2020-06-02 plugin id 69766 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69766 title Amazon Linux AMI : krb5 (ALAS-2013-208) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201312-12.NASL description The remote host is affected by the vulnerability described in GLSA-201312-12 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Additionally, a remote attacker could impersonate a kadmind server and send a specially crafted packet to the password change port, which can result in a ping-pong condition and a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71487 published 2013-12-17 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71487 title GLSA-201312-12 : MIT Kerberos 5: Multiple vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20130612_KRB5_ON_SL5_X.NASL description It was found that kadmind last seen 2020-03-18 modified 2013-06-14 plugin id 66891 published 2013-06-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66891 title Scientific Linux Security Update : krb5 on SL5.x, SL6.x i386/x86_64 (20130612) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1076.NASL description An updated rhev-hypervisor6 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. (CVE-2013-2116) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-2174 (curl issue) CVE-2012-6548, CVE-2013-0914, CVE-2013-1848, CVE-2013-2128, CVE-2013-2634, CVE-2013-2635, CVE-2013-2852, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, and CVE-2013-3301 (kernel issues) CVE-2002-2443 (krb5 issue) CVE-2013-1950 (libtirpc issue) Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of last seen 2020-06-01 modified 2020-06-02 plugin id 78965 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78965 title RHEL 6 : rhev-hypervisor6 (RHSA-2013:1076) NASL family Fedora Local Security Checks NASL id FEDORA_2013-8219.NASL description This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind (CVE-2002-2443). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-05-24 plugin id 66579 published 2013-05-24 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66579 title Fedora 17 : krb5-1.10.2-12.fc17 (2013-8219)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105879.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106698.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00007.html
- http://rhn.redhat.com/errata/RHSA-2013-0942.html
- http://www.debian.org/security/2013/dsa-2701
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:166
- http://www.ubuntu.com/usn/USN-2810-1
- https://bugzilla.redhat.com/show_bug.cgi?id=962531
- https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c