Vulnerabilities > CVE-2006-5989 - Denial of Service vulnerability in MOD Auth Kerb MOD Auth Kerb 5.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0746.NASL description From Red Hat Security Advisory 2006:0746 : Updated mod_auth_kerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989). A bug in the handling of multiple realms configured using the last seen 2020-06-01 modified 2020-06-02 plugin id 67427 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67427 title Oracle Linux 4 : mod_auth_kerb (ELSA-2006-0746) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0746 and # Oracle Linux Security Advisory ELSA-2006-0746 respectively. # include("compat.inc"); if (description) { script_id(67427); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2006-5989"); script_xref(name:"RHSA", value:"2006:0746"); script_name(english:"Oracle Linux 4 : mod_auth_kerb (ELSA-2006-0746)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2006:0746 : Updated mod_auth_kerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989). A bug in the handling of multiple realms configured using the 'KrbAuthRealms' directive has also been fixed. All users of mod_auth_kerb should upgrade to these updated packages, which contain backported patches that resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2006-December/000030.html" ); script_set_attribute( attribute:"solution", value:"Update the affected mod_auth_kerb package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_auth_kerb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/20"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"mod_auth_kerb-5.0-1.3")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"mod_auth_kerb-5.0-1.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_auth_kerb"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200701-14.NASL description The remote host is affected by the vulnerability described in GLSA-200701-14 (Mod_auth_kerb: Denial of Service) Mod_auth_kerb improperly handles component byte encoding in the der_get_oid() function, allowing for a buffer overflow to occur if there are no components which require more than one byte for encoding. Impact : An attacker could try to access a Kerberos protected resource on an Apache server with an incorrectly configured service principal and crash the server process. It is important to note that this buffer overflow is not known to allow for the execution of code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24250 published 2007-01-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24250 title GLSA-200701-14 : Mod_auth_kerb: Denial of Service NASL family Fedora Local Security Checks NASL id FEDORA_2006-1341.NASL description This update includes the latest upstream release of mod_auth_kerb, version 5.3, which includes the fix for a security issue. An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24063 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24063 title Fedora Core 5 : mod_auth_kerb-5.3-2.fc5 (2006-1341) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0746.NASL description Updated mod_auth_kerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989). A bug in the handling of multiple realms configured using the last seen 2020-06-01 modified 2020-06-02 plugin id 23797 published 2006-12-11 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23797 title RHEL 4 : mod_auth_kerb (RHSA-2006:0746) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1247.NASL description An off-by-one error leading to a heap-based buffer overflow has been identified in libapache-mod-auth-kerb, an Apache module for Kerberos authentication. The error could allow an attacker to trigger an application crash or potentially execute arbitrary code by sending a specially crafted kerberos message. last seen 2020-06-01 modified 2020-06-02 plugin id 25225 published 2007-05-16 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25225 title Debian DSA-1247-1 : libapache-mod-auth-kerb - heap overflow NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0746.NASL description Updated mod_auth_kerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989). A bug in the handling of multiple realms configured using the last seen 2020-06-01 modified 2020-06-02 plugin id 23788 published 2006-12-11 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23788 title CentOS 4 : mod_auth_kerb (CESA-2006:0746)
Oval
| accepted | 2013-04-29T04:00:55.729-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10051 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. | ||||||||||||
| version | 25 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://secunia.com/advisories/23023
- http://secunia.com/advisories/23251
- http://secunia.com/advisories/23681
- http://secunia.com/advisories/23820
- http://security.gentoo.org/glsa/glsa-200701-14.xml
- http://securitytracker.com/id?1017348
- http://www.debian.org/security/2007/dsa-1247
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:218
- http://www.redhat.com/support/errata/RHSA-2006-0746.html
- http://www.securityfocus.com/bid/21214
- http://www.vupen.com/english/advisories/2006/4633
- https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30456
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10051