Vulnerabilities > CVE-2002-2443 - Improper Input Validation vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Vulnerable Configurations

Part Description Count
Application
Mit
74
OS
Opensuse
3
OS
Fedoraproject
3
OS
Redhat
9
OS
Debian
3
OS
Canonical
4

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KRB5-130626.NASL
    descriptionThis krb5 update fixes a security issue. - kpasswd UDP ping-pong (bug#825985 / CVE-2002-2443)
    last seen2020-06-05
    modified2013-07-14
    plugin id68875
    published2013-07-14
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/68875
    titleSuSE 11.2 / 11.3 Security Update : krb5 (SAT Patch Numbers 7962 / 7968)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68875);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2002-2443");
    
      script_name(english:"SuSE 11.2 / 11.3 Security Update : krb5 (SAT Patch Numbers 7962 / 7968)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This krb5 update fixes a security issue.
    
      - kpasswd UDP ping-pong (bug#825985 / CVE-2002-2443)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2002-2443.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 7962 / 7968 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-apps-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-apps-servers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:krb5-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"krb5-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"krb5-client-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"krb5-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"krb5-client-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"krb5-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"krb5-client-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"krb5-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"krb5-client-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"krb5-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"krb5-apps-clients-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"krb5-apps-servers-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"krb5-client-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"krb5-server-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"krb5-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"krb5-apps-clients-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"krb5-apps-servers-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"krb5-client-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"krb5-server-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.56.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-166.NASL
    descriptionA vulnerability has been discovered and corrected in krb5 : The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack (CVE-2002-2443). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id66535
    published2013-05-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66535
    titleMandriva Linux Security Advisory : krb5 (MDVSA-2013:166)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:166. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66535);
      script_version("1.8");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2002-2443");
      script_bugtraq_id(60008);
      script_xref(name:"MDVSA", value:"2013:166");
    
      script_name(english:"Mandriva Linux Security Advisory : krb5 (MDVSA-2013:166)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability has been discovered and corrected in krb5 :
    
    The kpasswd service provided by kadmind was vulnerable to a UDP
    ping-pong attack (CVE-2002-2443).
    
    The updated packages have been patched to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=962531"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-pkinit-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-server-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:krb5-workstation");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64krb53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64krb53-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-1.9.2-3.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-pkinit-openssl-1.9.2-3.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-server-1.9.2-3.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-server-ldap-1.9.2-3.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"krb5-workstation-1.9.2-3.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64krb53-1.9.2-3.3.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64krb53-devel-1.9.2-3.3.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idKRB_PINGPONG.NASL
    descriptionThe remote host is running a Kerberos server that seems to be vulnerable to a
    last seen2020-06-01
    modified2020-06-02
    plugin id10640
    published2001-03-25
    reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10640
    titleKerberos Server Spoofed Packet Amplification DoS (PingPong)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(10640);
     script_version("1.24");
     script_cvs_date("Date: 2018/11/15 20:50:23");
    
     script_cve_id("CVE-2002-2443");
    
     script_name(english:"Kerberos Server Spoofed Packet Amplification DoS (PingPong)");
     script_summary(english:"Checks for the presence of a bad krb server");
    
     script_set_attribute(attribute:"synopsis", value:"The remote service is vulnerable to a denial of service attack.");
     script_set_attribute(attribute:"description", value:
    "The remote host is running a Kerberos server that seems to be
    vulnerable to a 'ping-pong' attack. 
    
    When contacted on the UDP port, this service always responds, even to
    malformed requests.  This makes it possible to involve it in a
    'ping-pong' attack, in which an attacker spoofs a packet between two
    machines running this service, causing them to spew characters at each
    other, slowing the machines down and saturating the network.");
     script_set_attribute(attribute:"solution", value:"Upgrade to krb5-1.11.3 or later. Additionally, you can disable this service if it is not required.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"vuln_publication_date", value:"1996/02/08");
     script_set_attribute(attribute:"plugin_publication_date", value:"2001/03/25");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"see_also", value:"https://seclists.org/oss-sec/2013/q2/316");
     script_set_attribute(attribute:"see_also", value:"htp://krbdev.mit.edu/rt/Ticket/Display.html?id=7637");
    
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
     script_family(english:"Misc.");
     exit(0);
    }
     
    
    if(!get_udp_port_state(464))exit(0);
    
    soc = open_sock_udp(464);
    crp = crap(25);
    if(soc)
    {
     send(socket:soc, data:crp);
     r = recv(socket:soc, length:255);
     if(r){
    	send(socket:soc, data:r);
    	r = recv(socket:soc, length:255);
    	if ( r ) security_hole(port:464, protocol:"udp");
         }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2810-1.NASL
    descriptionIt was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443) It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5355) It was discovered that the Kerberos kdcpreauth modules incorrectly tracked certain client requests. A remote attacker could possibly use this issue to bypass intended preauthentication requirements. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694) It was discovered that Kerberos incorrectly handled certain SPNEGO packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2695) It was discovered that Kerberos incorrectly handled certain IAKERB packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2696, CVE-2015-2698) It was discovered that Kerberos incorrectly handled certain TGS requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2697). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86872
    published2015-11-13
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86872
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : krb5 vulnerabilities (USN-2810-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2810-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86872);
      script_version("2.13");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2002-2443", "CVE-2014-5355", "CVE-2015-2694", "CVE-2015-2695", "CVE-2015-2696", "CVE-2015-2697", "CVE-2015-2698");
      script_xref(name:"USN", value:"2810-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : krb5 vulnerabilities (USN-2810-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the Kerberos kpasswd service incorrectly
    handled certain UDP packets. A remote attacker could possibly use this
    issue to cause resource consumption, resulting in a denial of service.
    This issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443)
    
    It was discovered that Kerberos incorrectly handled null bytes in
    certain data fields. A remote attacker could possibly use this issue
    to cause a denial of service. This issue only affected Ubuntu 12.04
    LTS and Ubuntu 14.04 LTS. (CVE-2014-5355)
    
    It was discovered that the Kerberos kdcpreauth modules incorrectly
    tracked certain client requests. A remote attacker could possibly use
    this issue to bypass intended preauthentication requirements. This
    issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694)
    
    It was discovered that Kerberos incorrectly handled certain SPNEGO
    packets. A remote attacker could possibly use this issue to cause a
    denial of service. (CVE-2015-2695)
    
    It was discovered that Kerberos incorrectly handled certain IAKERB
    packets. A remote attacker could possibly use this issue to cause a
    denial of service. (CVE-2015-2696, CVE-2015-2698)
    
    It was discovered that Kerberos incorrectly handled certain TGS
    requests. A remote attacker could possibly use this issue to cause a
    denial of service. (CVE-2015-2697).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2810-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-k5tls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-otp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgssrpc4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libk5crypto3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkdb5-6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkdb5-7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkdb5-8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrad0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb5-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb53");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb5support0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|15\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.04 / 15.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"krb5-admin-server", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"krb5-kdc", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"krb5-kdc-ldap", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"krb5-pkinit", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"krb5-user", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libgssapi-krb5-2", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libgssrpc4", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libk5crypto3", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libkadm5clnt-mit8", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libkdb5-6", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libkrb5-3", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libkrb53", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libkrb5support0", pkgver:"1.10+dfsg~beta1-2ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"krb5-admin-server", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"krb5-kdc", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"krb5-kdc-ldap", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"krb5-otp", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"krb5-pkinit", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"krb5-user", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libgssapi-krb5-2", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libgssrpc4", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libk5crypto3", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libkadm5clnt-mit9", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libkdb5-7", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libkrad0", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libkrb5-3", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libkrb5support0", pkgver:"1.12+dfsg-2ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"krb5-admin-server", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"krb5-kdc", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"krb5-kdc-ldap", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"krb5-otp", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"krb5-pkinit", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"krb5-user", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libgssapi-krb5-2", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libgssrpc4", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libk5crypto3", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libkadm5clnt-mit9", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libkdb5-7", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libkrad0", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libkrb5-3", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libkrb5support0", pkgver:"1.12.1+dfsg-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"krb5-admin-server", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"krb5-k5tls", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"krb5-kdc", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"krb5-kdc-ldap", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"krb5-otp", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"krb5-pkinit", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"krb5-user", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libgssapi-krb5-2", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libgssrpc4", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libk5crypto3", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libkadm5clnt-mit9", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libkdb5-8", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libkrad0", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libkrb5-3", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"libkrb5support0", pkgver:"1.13.2+dfsg-2ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-admin-server / krb5-k5tls / krb5-kdc / krb5-kdc-ldap / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0942.NASL
    descriptionUpdated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind
    last seen2020-06-01
    modified2020-06-02
    plugin id66888
    published2013-06-14
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66888
    titleCentOS 5 / 6 : krb5 (CESA-2013:0942)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:0942 and 
    # CentOS Errata and Security Advisory 2013:0942 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66888);
      script_version("1.7");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2002-2443");
      script_bugtraq_id(60008);
      script_xref(name:"RHSA", value:"2013:0942");
    
      script_name(english:"CentOS 5 / 6 : krb5 (CESA-2013:0942)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated krb5 packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    Kerberos is a network authentication system which allows clients and
    servers to authenticate to each other using symmetric encryption and a
    trusted third-party, the Key Distribution Center (KDC).
    
    It was found that kadmind's kpasswd service did not perform any
    validation on incoming network packets, causing it to reply to all
    requests. A remote attacker could use this flaw to send spoofed
    packets to a kpasswd service that appear to come from kadmind on a
    different server, causing the services to keep replying packets to
    each other, consuming network bandwidth and CPU. (CVE-2002-2443)
    
    All krb5 users should upgrade to these updated packages, which contain
    a backported patch to correct this issue. After installing the updated
    packages, the krb5kdc and kadmind daemons will be restarted
    automatically."
      );
      # https://lists.centos.org/pipermail/centos-announce/2013-June/019785.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?74e27261"
      );
      # https://lists.centos.org/pipermail/centos-announce/2013-June/019786.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2302d2ab"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2002-2443");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-pkinit-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-workstation");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"krb5-devel-1.6.1-70.el5_9.2")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"krb5-libs-1.6.1-70.el5_9.2")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"krb5-server-1.6.1-70.el5_9.2")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"krb5-server-ldap-1.6.1-70.el5_9.2")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"krb5-workstation-1.6.1-70.el5_9.2")) flag++;
    
    if (rpm_check(release:"CentOS-6", reference:"krb5-devel-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"krb5-libs-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"krb5-pkinit-openssl-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"krb5-server-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"krb5-server-ldap-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"krb5-workstation-1.10.3-10.el6_4.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2701.NASL
    descriptionIt was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition.
    last seen2020-03-17
    modified2013-06-03
    plugin id66768
    published2013-06-03
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66768
    titleDebian DSA-2701-1 : krb5 - denial of service
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2701. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66768);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2002-2443");
      script_bugtraq_id(60008);
      script_xref(name:"DSA", value:"2701");
    
      script_name(english:"Debian DSA-2701-1 : krb5 - denial of service");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the kpasswd service running on UDP port 464
    could respond to response packets, creating a packet loop and a denial
    of service condition."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/krb5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/krb5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2701"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the krb5 packages.
    
    For the oldstable distribution (squeeze), this problem has been fixed
    in version 1.8.3+dfsg-4squeeze7.
    
    For the stable distribution (wheezy), this problem has been fixed in
    version 1.10.1+dfsg-5+deb7u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"krb5-admin-server", reference:"1.8.3+dfsg-4squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"krb5-doc", reference:"1.8.3+dfsg-4squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"krb5-kdc", reference:"1.8.3+dfsg-4squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"krb5-kdc-ldap", reference:"1.8.3+dfsg-4squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"krb5-multidev", reference:"1.8.3+dfsg-4squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"krb5-pkinit", reference:"1.8.3+dfsg-4squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"krb5-user", reference:"1.8.3+dfsg-4squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"libkrb5-dev", reference:"1.8.3+dfsg-4squeeze7")) flag++;
    if (deb_check(release:"6.0", prefix:"libkrb53", reference:"1.8.3+dfsg-4squeeze7")) flag++;
    if (deb_check(release:"7.0", prefix:"krb5-admin-server", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"krb5-doc", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"krb5-gss-samples", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"krb5-kdc", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"krb5-kdc-ldap", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"krb5-locales", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"krb5-multidev", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"krb5-pkinit", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"krb5-user", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libgssapi-krb5-2", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libgssrpc4", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libk5crypto3", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libkadm5clnt-mit8", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libkadm5srv-mit8", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libkdb5-6", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libkrb5-3", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libkrb5-dbg", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libkrb5-dev", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libkrb5support0", reference:"1.10.1+dfsg-5+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0942.NASL
    descriptionFrom Red Hat Security Advisory 2013:0942 : Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind
    last seen2020-06-01
    modified2020-06-02
    plugin id68835
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68835
    titleOracle Linux 5 / 6 : krb5 (ELSA-2013-0942)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2013:0942 and 
    # Oracle Linux Security Advisory ELSA-2013-0942 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68835);
      script_version("1.6");
      script_cvs_date("Date: 2019/09/30 10:58:18");
    
      script_cve_id("CVE-2002-2443");
      script_bugtraq_id(60008);
      script_xref(name:"RHSA", value:"2013:0942");
    
      script_name(english:"Oracle Linux 5 / 6 : krb5 (ELSA-2013-0942)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2013:0942 :
    
    Updated krb5 packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    Kerberos is a network authentication system which allows clients and
    servers to authenticate to each other using symmetric encryption and a
    trusted third-party, the Key Distribution Center (KDC).
    
    It was found that kadmind's kpasswd service did not perform any
    validation on incoming network packets, causing it to reply to all
    requests. A remote attacker could use this flaw to send spoofed
    packets to a kpasswd service that appear to come from kadmind on a
    different server, causing the services to keep replying packets to
    each other, consuming network bandwidth and CPU. (CVE-2002-2443)
    
    All krb5 users should upgrade to these updated packages, which contain
    a backported patch to correct this issue. After installing the updated
    packages, the krb5kdc and kadmind daemons will be restarted
    automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2013-June/003514.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2013-June/003515.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-pkinit-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-workstation");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"krb5-devel-1.6.1-70.el5_9.2")) flag++;
    if (rpm_check(release:"EL5", reference:"krb5-libs-1.6.1-70.el5_9.2")) flag++;
    if (rpm_check(release:"EL5", reference:"krb5-server-1.6.1-70.el5_9.2")) flag++;
    if (rpm_check(release:"EL5", reference:"krb5-server-ldap-1.6.1-70.el5_9.2")) flag++;
    if (rpm_check(release:"EL5", reference:"krb5-workstation-1.6.1-70.el5_9.2")) flag++;
    
    if (rpm_check(release:"EL6", reference:"krb5-devel-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-libs-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-pkinit-openssl-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-server-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-server-ldap-1.10.3-10.el6_4.3")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-workstation-1.10.3-10.el6_4.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0034.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - actually apply that last patch - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) - ksu: when evaluating .k5users, don
    last seen2020-06-01
    modified2020-06-02
    plugin id79549
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79549
    titleOracleVM 3.3 : krb5 (OVMSA-2014-0034)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-8212.NASL
    descriptionThis update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind (CVE-2002-2443). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-05-22
    plugin id66534
    published2013-05-22
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66534
    titleFedora 18 : krb5-1.10.3-17.fc18 (2013-8212)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-546.NASL
    descriptionThis update fixes a kpasswd UDP ping-pong security bug (CVE-2002-2443).
    last seen2020-06-05
    modified2014-06-13
    plugin id75067
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75067
    titleopenSUSE Security Update : krb5 (openSUSE-SU-2013:1119-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0942.NASL
    descriptionUpdated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind
    last seen2020-06-01
    modified2020-06-02
    plugin id66883
    published2013-06-13
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66883
    titleRHEL 5 / 6 : krb5 (RHSA-2013:0942)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KRB5-8631.NASL
    descriptionThis krb5 update fixes a security issue. - kpasswd UDP ping-pong (bug#825985 / CVE-2002-2443)
    last seen2020-06-05
    modified2013-07-14
    plugin id68877
    published2013-07-14
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/68877
    titleSuSE 10 Security Update : krb5 (ZYPP Patch Number 8631)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E3F64457CCCD11E2AF76206A8A720317.NASL
    descriptionNo advisory has been released yet. schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. [CVE-2002-2443].
    last seen2020-06-01
    modified2020-06-02
    plugin id66777
    published2013-06-04
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66777
    titleFreeBSD : krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] (e3f64457-cccd-11e2-af76-206a8a720317)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-8113.NASL
    descriptionThis update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind (CVE-2002-2443), and modifies the client library to treat KRB5CCNAME values which begin with
    last seen2020-03-17
    modified2013-05-26
    plugin id66597
    published2013-05-26
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66597
    titleFedora 19 : krb5-1.11.2-6.fc19 (2013-8113)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_KERBEROS_20130924.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. (CVE-2002-2443) - The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request. (CVE-2012-1016) - The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/ pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. (CVE-2013-1415)
    last seen2020-06-01
    modified2020-06-02
    plugin id80652
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80652
    titleOracle Solaris Third-Party Patch Update : kerberos (cve_2002_2443_denial_of)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-208.NASL
    descriptionIt was found that kadmind
    last seen2020-06-01
    modified2020-06-02
    plugin id69766
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69766
    titleAmazon Linux AMI : krb5 (ALAS-2013-208)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201312-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201312-12 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Additionally, a remote attacker could impersonate a kadmind server and send a specially crafted packet to the password change port, which can result in a ping-pong condition and a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id71487
    published2013-12-17
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71487
    titleGLSA-201312-12 : MIT Kerberos 5: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130612_KRB5_ON_SL5_X.NASL
    descriptionIt was found that kadmind
    last seen2020-03-18
    modified2013-06-14
    plugin id66891
    published2013-06-14
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66891
    titleScientific Linux Security Update : krb5 on SL5.x, SL6.x i386/x86_64 (20130612)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1076.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. (CVE-2013-2116) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-2174 (curl issue) CVE-2012-6548, CVE-2013-0914, CVE-2013-1848, CVE-2013-2128, CVE-2013-2634, CVE-2013-2635, CVE-2013-2852, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, and CVE-2013-3301 (kernel issues) CVE-2002-2443 (krb5 issue) CVE-2013-1950 (libtirpc issue) Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of
    last seen2020-06-01
    modified2020-06-02
    plugin id78965
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78965
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2013:1076)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-8219.NASL
    descriptionThis update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind (CVE-2002-2443). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-05-24
    plugin id66579
    published2013-05-24
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66579
    titleFedora 17 : krb5-1.10.2-12.fc17 (2013-8219)

Redhat

advisories
bugzilla
id962531
titleCVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentkrb5-workstation is earlier than 0:1.6.1-70.el5_9.2
          ovaloval:com.redhat.rhsa:tst:20130942001
        • commentkrb5-workstation is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070095011
      • AND
        • commentkrb5-libs is earlier than 0:1.6.1-70.el5_9.2
          ovaloval:com.redhat.rhsa:tst:20130942003
        • commentkrb5-libs is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070095013
      • AND
        • commentkrb5-devel is earlier than 0:1.6.1-70.el5_9.2
          ovaloval:com.redhat.rhsa:tst:20130942005
        • commentkrb5-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070095015
      • AND
        • commentkrb5-server is earlier than 0:1.6.1-70.el5_9.2
          ovaloval:com.redhat.rhsa:tst:20130942007
        • commentkrb5-server is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070095017
      • AND
        • commentkrb5-server-ldap is earlier than 0:1.6.1-70.el5_9.2
          ovaloval:com.redhat.rhsa:tst:20130942009
        • commentkrb5-server-ldap is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20110199008
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentkrb5-libs is earlier than 0:1.10.3-10.el6_4.3
          ovaloval:com.redhat.rhsa:tst:20130942012
        • commentkrb5-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192599014
      • AND
        • commentkrb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.3
          ovaloval:com.redhat.rhsa:tst:20130942014
        • commentkrb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100863002
      • AND
        • commentkrb5-workstation is earlier than 0:1.10.3-10.el6_4.3
          ovaloval:com.redhat.rhsa:tst:20130942016
        • commentkrb5-workstation is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192599008
      • AND
        • commentkrb5-server-ldap is earlier than 0:1.10.3-10.el6_4.3
          ovaloval:com.redhat.rhsa:tst:20130942018
        • commentkrb5-server-ldap is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192599004
      • AND
        • commentkrb5-devel is earlier than 0:1.10.3-10.el6_4.3
          ovaloval:com.redhat.rhsa:tst:20130942020
        • commentkrb5-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192599002
      • AND
        • commentkrb5-server is earlier than 0:1.10.3-10.el6_4.3
          ovaloval:com.redhat.rhsa:tst:20130942022
        • commentkrb5-server is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192599006
rhsa
idRHSA-2013:0942
released2013-06-12
severityModerate
titleRHSA-2013:0942: krb5 security update (Moderate)
rpms
  • krb5-debuginfo-0:1.10.3-10.el6_4.3
  • krb5-debuginfo-0:1.6.1-70.el5_9.2
  • krb5-devel-0:1.10.3-10.el6_4.3
  • krb5-devel-0:1.6.1-70.el5_9.2
  • krb5-libs-0:1.10.3-10.el6_4.3
  • krb5-libs-0:1.6.1-70.el5_9.2
  • krb5-pkinit-openssl-0:1.10.3-10.el6_4.3
  • krb5-server-0:1.10.3-10.el6_4.3
  • krb5-server-0:1.6.1-70.el5_9.2
  • krb5-server-ldap-0:1.10.3-10.el6_4.3
  • krb5-server-ldap-0:1.6.1-70.el5_9.2
  • krb5-workstation-0:1.10.3-10.el6_4.3
  • krb5-workstation-0:1.6.1-70.el5_9.2