Vulnerabilities > CVE-2007-0957 - Out-Of-Bounds Write vulnerability in multiple products

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
mit
debian
canonical
CWE-787
critical
nessus

Summary

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200704-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200704-02 (MIT Kerberos 5: Arbitrary remote code execution) The Kerberos telnet daemon fails to properly handle usernames allowing unauthorized access to any account (CVE-2007-0956). The Kerberos administration daemon, the KDC and possibly other applications using the MIT Kerberos libraries are vulnerable to the following issues. The krb5_klog_syslog function from the kadm5 library fails to properly validate input leading to a stack overflow (CVE-2007-0957). The GSS-API library is vulnerable to a double-free attack (CVE-2007-1216). Impact : By exploiting the telnet vulnerability a remote attacker may obtain access with root privileges. The remaining vulnerabilities may allow an authenticated remote attacker to execute arbitrary code with root privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id24935
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24935
    titleGLSA-200704-02 : MIT Kerberos 5: Arbitrary remote code execution
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200704-02.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24935);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216");
      script_xref(name:"GLSA", value:"200704-02");
    
      script_name(english:"GLSA-200704-02 : MIT Kerberos 5: Arbitrary remote code execution");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200704-02
    (MIT Kerberos 5: Arbitrary remote code execution)
    
        The Kerberos telnet daemon fails to properly handle usernames allowing
        unauthorized access to any account (CVE-2007-0956). The Kerberos
        administration daemon, the KDC and possibly other applications using
        the MIT Kerberos libraries are vulnerable to the following issues. The
        krb5_klog_syslog function from the kadm5 library fails to properly
        validate input leading to a stack overflow (CVE-2007-0957). The GSS-API
        library is vulnerable to a double-free attack (CVE-2007-1216).
      
    Impact :
    
        By exploiting the telnet vulnerability a remote attacker may obtain
        access with root privileges. The remaining vulnerabilities may allow an
        authenticated remote attacker to execute arbitrary code with root
        privileges.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200704-02"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All MIT Kerberos 5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-crypt/mit-krb5-1.5.2-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mit-krb5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/05");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-crypt/mit-krb5", unaffected:make_list("ge 1.5.2-r1"), vulnerable:make_list("lt 1.5.2-r1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MIT Kerberos 5");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1276.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-0956 It was discovered that the krb5 telnet daemon performs insufficient validation of usernames, which might allow unauthorized logins or privilege escalation. - CVE-2007-0957 iDefense discovered that a buffer overflow in the logging code of the KDC and the administration daemon might lead to arbitrary code execution. - CVE-2007-1216 It was discovered that a double free in the RPCSEC_GSS part of the GSS library code might lead to arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id25010
    published2007-04-10
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25010
    titleDebian DSA-1276-1 : krb5 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1276. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25010);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216");
      script_xref(name:"DSA", value:"1276");
    
      script_name(english:"Debian DSA-1276-1 : krb5 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several remote vulnerabilities have been discovered in the MIT
    reference implementation of the Kerberos network authentication
    protocol suite, which may lead to the execution of arbitrary code. The
    Common Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2007-0956
        It was discovered that the krb5 telnet daemon performs
        insufficient validation of usernames, which might allow
        unauthorized logins or privilege escalation.
    
      - CVE-2007-0957
        iDefense discovered that a buffer overflow in the
        logging code of the KDC and the administration daemon
        might lead to arbitrary code execution.
    
      - CVE-2007-1216
        It was discovered that a double free in the RPCSEC_GSS
        part of the GSS library code might lead to arbitrary
        code execution."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-0956"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-0957"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-1216"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2007/dsa-1276"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the Kerberos packages.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 1.3.6-2sarge4.
    
    For the upcoming stable distribution (etch) these problems have been
    fixed in version 1.4.4-7etch1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"krb5-admin-server", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"krb5-clients", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"krb5-doc", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"krb5-ftpd", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"krb5-kdc", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"krb5-rsh-server", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"krb5-telnetd", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"krb5-user", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"libkadm55", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"libkrb5-dev", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"libkrb53", reference:"1.3.6-2sarge4")) flag++;
    if (deb_check(release:"4.0", prefix:"krb5-admin-server", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"krb5-clients", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"krb5-doc", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"krb5-ftpd", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"krb5-kdc", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"krb5-rsh-server", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"krb5-telnetd", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"krb5-user", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libkadm55", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libkrb5-dbg", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libkrb5-dev", reference:"1.4.4-7etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libkrb53", reference:"1.4.4-7etch1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-449-1.NASL
    descriptionThe krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. (CVE-2007-0956) The krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted message and execute arbitrary code with root privileges. (CVE-2007-0957) The krb5 administration service was vulnerable to a double-free in the GSS RPC library. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges. (CVE-2007-1216). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28046
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28046
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : krb5 vulnerabilities (USN-449-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-449-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28046);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2007-0956", "CVE-2007-0957", "CVE-2007-1216");
      script_xref(name:"USN", value:"449-1");
    
      script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : krb5 vulnerabilities (USN-449-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The krb5 telnet service did not appropriately verify user names. A
    remote attacker could log in as the root user by requesting a
    specially crafted user name. (CVE-2007-0956)
    
    The krb5 syslog library did not correctly verify the size of log
    messages. A remote attacker could send a specially crafted message and
    execute arbitrary code with root privileges. (CVE-2007-0957)
    
    The krb5 administration service was vulnerable to a double-free in the
    GSS RPC library. A remote attacker could send a specially crafted
    request and execute arbitrary code with root privileges.
    (CVE-2007-1216).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/449-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-ftpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-rsh-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-telnetd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krb5-user");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkadm55");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libkrb53");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(5\.10|6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"5.10", pkgname:"krb5-admin-server", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"krb5-clients", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"krb5-doc", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"krb5-ftpd", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"krb5-kdc", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"krb5-rsh-server", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"krb5-telnetd", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"krb5-user", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libkadm55", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libkrb5-dev", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libkrb53", pkgver:"1.3.6-4ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krb5-admin-server", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krb5-clients", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krb5-doc", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krb5-ftpd", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krb5-kdc", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krb5-rsh-server", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krb5-telnetd", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krb5-user", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libkadm55", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libkrb5-dev", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libkrb53", pkgver:"1.4.3-5ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krb5-admin-server", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krb5-clients", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krb5-doc", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krb5-ftpd", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krb5-kdc", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krb5-rsh-server", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krb5-telnetd", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krb5-user", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libkadm55", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libkrb5-dbg", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libkrb5-dev", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libkrb53", pkgver:"1.4.3-9ubuntu1.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-admin-server / krb5-clients / krb5-doc / krb5-ftpd / krb5-kdc / etc");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_110061.NASL
    descriptionSEAM 1.0.1_x86: patch for Solaris 8_x86. Date this patch was last updated by Sun : Jul/27/07
    last seen2016-09-26
    modified2013-03-30
    plugin id23444
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23444
    titleSolaris 5.8 (x86) : 110061-22
    code
    #%NASL_MIN_LEVEL 999999
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/09/17.
    
    #
    # (C) Tenable Network Security
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(23444);
     script_version("1.17");
    
     script_name(english: "Solaris 5.8 (x86) : 110061-22");
     script_cve_id("CVE-2007-0957", "CVE-2007-2798");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 110061-22");
     script_set_attribute(attribute: "description", value:
    'SEAM 1.0.1_x86: patch for Solaris 8_x86.
    Date this patch was last updated by Sun : Jul/27/07');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/110061-22");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
     script_cwe_id(119);
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/11/06");
     script_cvs_date("Date: 2018/07/20  0:18:53");
     script_end_attributes();
    
     script_summary(english: "Check for patch 110061-22");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
    include("solaris.inc");
    
    e +=  solaris_check_patch(release:"5.8", arch:"i386", patch:"110061-22", obsoleted_by:"", package:"SUNWkr5ma", version:"5.8.0,REV=99.12.09.18.58");
    e +=  solaris_check_patch(release:"5.8", arch:"i386", patch:"110061-22", obsoleted_by:"", package:"SUNWkr5sl", version:"5.8.0,REV=99.12.09.21.52");
    e +=  solaris_check_patch(release:"5.8", arch:"i386", patch:"110061-22", obsoleted_by:"", package:"SUNWkr5sv", version:"5.8.0,REV=99.12.09.21.52");
    if ( e < 0 ) { 
    	if ( NASL_LEVEL < 3000 ) 
    	   security_hole(0);
    	else  
    	   security_hole(port:0, extra:solaris_get_report());
    	exit(0); 
    } 
    exit(0, "Host is not affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2007-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-004 applied. This update fixes security flaws in the following applications : AFP Client AirPort CarbonCore diskdev_cmds fetchmail ftpd gnutar Help Viewer HID Family Installer Kerberos Libinfo Login Window network_cmds SMB System Configuration URLMount Video Conference WebDAV
    last seen2020-06-01
    modified2020-06-02
    plugin id25081
    published2007-04-21
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25081
    titleMac OS X Multiple Vulnerabilities (Security Update 2007-004)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(25081);
     script_version ("1.22");
     script_cvs_date("Date: 2018/07/14  1:59:35");
     
     script_cve_id("CVE-2006-0300", "CVE-2006-5867", "CVE-2006-6143", "CVE-2006-6652", "CVE-2007-0022",
                   "CVE-2007-0465", "CVE-2007-0646", "CVE-2007-0724", "CVE-2007-0725", "CVE-2007-0729",
                   "CVE-2007-0732", "CVE-2007-0734", "CVE-2007-0735", "CVE-2007-0736", "CVE-2007-0737",
                   "CVE-2007-0738", "CVE-2007-0739", "CVE-2007-0741", "CVE-2007-0742", "CVE-2007-0743",
                   "CVE-2007-0744", "CVE-2007-0746", "CVE-2007-0747", "CVE-2007-0957", "CVE-2007-1216");
     script_bugtraq_id(23569);
    
     script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-004)");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes a security
    issue." );
     script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.4 that does not have
    Security Update 2007-004 applied.
    
    This update fixes security flaws in the following applications :
    
    AFP Client
    AirPort
    CarbonCore
    diskdev_cmds
    fetchmail
    ftpd
    gnutar
    Help Viewer
    HID Family
    Installer
    Kerberos
    Libinfo
    Login Window
    network_cmds
    SMB
    System Configuration
    URLMount
    Video Conference
    WebDAV" );
     # http://web.archive.org/web/20071213053008/http://docs.info.apple.com/article.html?artnum=305391
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cf3b0926" );
     script_set_attribute(attribute:"solution", value:
    "Install Security Update 2007-004 :
    
    # http://web.archive.org/web/20070423190224/http://www.apple.com/support/downloads/securityupdate2007004universal.html
    http://www.nessus.org/u?f44d0fd9" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_cwe_id(119, 134, 264);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/04/21");
     script_set_attribute(attribute:"vuln_publication_date", value: "2007/04/09");
     script_set_attribute(attribute:"patch_publication_date", value: "2007/04/19");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
     script_end_attributes();
    
     script_summary(english:"Check for the presence of Security Update 2007-004");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    #
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    
    
    uname = get_kb_item("Host/uname");
    if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-9]\.)", string:uname) )
    {
      if (!egrep(pattern:"^SecUpd(Srvr)?(2007-00[4-9]|200[89]-|20[1-9][0-9]-)", string:packages))
        security_hole(0);
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_109224.NASL
    descriptionSunOS 5.8_x86: kpasswd, libgss.so.1 and li. Date this patch was last updated by Sun : Aug/10/07
    last seen2020-06-01
    modified2020-06-02
    plugin id18070
    published2005-04-17
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18070
    titleSolaris 8 (x86) : 109224-10
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(18070);
      script_version("1.30");
      script_cvs_date("Date: 2019/10/25 13:36:24");
    
      script_cve_id("CVE-2007-0957");
    
      script_name(english:"Solaris 8 (x86) : 109224-10");
      script_summary(english:"Check for patch 109224-10");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 109224-10"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.8_x86: kpasswd, libgss.so.1 and li.
    Date this patch was last updated by Sun : Aug/10/07"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://download.oracle.com/sunalerts/1017350.1.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109224-10", obsoleted_by:"", package:"SUNWcstl", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109224-10", obsoleted_by:"", package:"SUNWgss", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109224-10", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109224-10", obsoleted_by:"", package:"SUNWcsl", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KRB5-3045.NASL
    descriptionA bug in the function krb5_klog_syslog() leads to a buffer overflow which could be exploited to execute arbitrary code (CVE-2007-0957). A double-free bug in the GSS-API library could crash kadmind. It
    last seen2020-06-01
    modified2020-06-02
    plugin id27308
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27308
    titleopenSUSE 10 Security Update : krb5 (krb5-3045)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0095.NASL
    descriptionUpdated krb5 packages that fix a number of issues are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. (CVE-2007-0956) Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package. For users who have enabled the krb5 telnet daemon and have it accessible remotely, this update should be applied immediately. Whilst we are not aware at this time that the flaw is being actively exploited, we have confirmed that the flaw is very easily exploitable. This update also fixes two additional security issues : Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. (CVE-2007-0957) A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux 4 and 5 successful exploitation of this issue can only lead to a denial of service. Applications which use this library in earlier releases of Red Hat Enterprise Linux may also be affected. (CVE-2007-1216) All users are advised to update to these erratum packages which contain a backported fix to correct these issues. Red Hat would like to thank MIT and iDefense for reporting these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id24919
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24919
    titleCentOS 3 / 4 : krb5 (CESA-2007:0095)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_110060.NASL
    descriptionSEAM 1.0.1: patch for Solaris 8. Date this patch was last updated by Sun : Jul/24/07
    last seen2017-10-29
    modified2013-03-30
    plugin id23323
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=23323
    titleSolaris 5.8 (sparc) : 110060-22
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KRB5-3046.NASL
    descriptionA bug in the function krb5_klog_syslog() leads to a buffer overflow which could be exploited to execute arbitrary code. (CVE-2007-0957) A double-free bug in the GSS-API library could crash kadmind. It
    last seen2020-06-01
    modified2020-06-02
    plugin id29492
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29492
    titleSuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 3046)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0095.NASL
    descriptionFrom Red Hat Security Advisory 2007:0095 : Updated krb5 packages that fix a number of issues are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. (CVE-2007-0956) Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package. For users who have enabled the krb5 telnet daemon and have it accessible remotely, this update should be applied immediately. Whilst we are not aware at this time that the flaw is being actively exploited, we have confirmed that the flaw is very easily exploitable. This update also fixes two additional security issues : Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. (CVE-2007-0957) A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux 4 and 5 successful exploitation of this issue can only lead to a denial of service. Applications which use this library in earlier releases of Red Hat Enterprise Linux may also be affected. (CVE-2007-1216) All users are advised to update to these erratum packages which contain a backported fix to correct these issues. Red Hat would like to thank MIT and iDefense for reporting these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id67458
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67458
    titleOracle Linux 3 / 4 / 5 : krb5 (ELSA-2007-0095)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_110061.NASL
    descriptionSEAM 1.0.1_x86: patch for Solaris 8_x86. Date this patch was last updated by Sun : Jul/27/07
    last seen2016-09-26
    modified2013-03-30
    plugin id36315
    published2009-04-23
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=36315
    titleSolaris 5.8 (sparc) : 110061-22
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0095.NASL
    descriptionUpdated krb5 packages that fix a number of issues are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. (CVE-2007-0956) Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package. For users who have enabled the krb5 telnet daemon and have it accessible remotely, this update should be applied immediately. Whilst we are not aware at this time that the flaw is being actively exploited, we have confirmed that the flaw is very easily exploitable. This update also fixes two additional security issues : Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. (CVE-2007-0957) A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux 4 and 5 successful exploitation of this issue can only lead to a denial of service. Applications which use this library in earlier releases of Red Hat Enterprise Linux may also be affected. (CVE-2007-1216) All users are advised to update to these erratum packages which contain a backported fix to correct these issues. Red Hat would like to thank MIT and iDefense for reporting these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id24948
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24948
    titleRHEL 2.1 / 3 / 4 / 5 : krb5 (RHSA-2007:0095)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-077.NASL
    descriptionA vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password (CVE-2007-0956). Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes (CVE-2007-0957). Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes (CVE-2007-1216). Updated packages have been patched to address this issue. Update : Packages for Mandriva Linux 2007.1 are now available.
    last seen2020-06-01
    modified2020-06-02
    plugin id24943
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24943
    titleMandrake Linux Security Advisory : krb5 (MDKSA-2007:077-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_109223.NASL
    descriptionSunOS 5.8: kpasswd, libgss.so.1 and libkad. Date this patch was last updated by Sun : Aug/03/07
    last seen2020-06-01
    modified2020-06-02
    plugin id18068
    published2005-04-17
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18068
    titleSolaris 8 (sparc) : 109223-10

Oval

accepted2013-04-29T04:08:25.951-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionStack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
familyunix
idoval:org.mitre.oval:def:10757
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleStack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
version27

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/55828/kadmind-overflow.txt
idPACKETSTORM:55828
last seen2016-12-05
published2007-04-11
reporterc0ntex
sourcehttps://packetstormsecurity.com/files/55828/kadmind-overflow.txt.html
titlekadmind-overflow.txt

Redhat

advisories
rhsa
idRHSA-2007:0095
rpms
  • krb5-debuginfo-0:1.2.7-61
  • krb5-debuginfo-0:1.3.4-46
  • krb5-debuginfo-0:1.5-23
  • krb5-devel-0:1.2.2-44
  • krb5-devel-0:1.2.7-61
  • krb5-devel-0:1.3.4-46
  • krb5-devel-0:1.5-23
  • krb5-libs-0:1.2.2-44
  • krb5-libs-0:1.2.7-61
  • krb5-libs-0:1.3.4-46
  • krb5-libs-0:1.5-23
  • krb5-server-0:1.2.2-44
  • krb5-server-0:1.2.7-61
  • krb5-server-0:1.3.4-46
  • krb5-server-0:1.5-23
  • krb5-workstation-0:1.2.2-44
  • krb5-workstation-0:1.2.7-61
  • krb5-workstation-0:1.3.4-46
  • krb5-workstation-0:1.5-23

References