Vulnerabilities > CVE-2008-0062 - Improper Initialization vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0181.NASL description Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 31618 published 2008-03-19 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31618 title RHEL 2.1 / 3 : krb5 (RHSA-2008:0181) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0181. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(31618); script_version ("1.30"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947", "CVE-2008-0948"); script_bugtraq_id(28302, 28303); script_xref(name:"RHSA", value:"2008:0181"); script_name(english:"RHEL 2.1 / 3 : krb5 (RHSA-2008:0181)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf. A flaw was found in the RPC library used by the MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 2.1 or 3. (CVE-2008-0948) Red Hat would like to thank MIT for reporting these issues. All krb5 users are advised to update to these erratum packages which contain backported fixes to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0062" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0063" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0948" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0181" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/18"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0181"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"krb5-devel-1.2.2-48")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"krb5-libs-1.2.2-48")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"krb5-server-1.2.2-48")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"krb5-workstation-1.2.2-48")) flag++; if (rpm_check(release:"RHEL3", reference:"krb5-devel-1.2.7-68")) flag++; if (rpm_check(release:"RHEL3", reference:"krb5-libs-1.2.7-68")) flag++; if (rpm_check(release:"RHEL3", reference:"krb5-server-1.2.7-68")) flag++; if (rpm_check(release:"RHEL3", reference:"krb5-workstation-1.2.7-68")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-server / krb5-workstation"); } }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0182.NASL description Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 63850 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63850 title RHEL 4 : krb5 (RHSA-2008:0182) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0182. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(63850); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-0062", "CVE-2008-0063"); script_xref(name:"RHSA", value:"2008:0182"); script_name(english:"RHEL 4 : krb5 (RHSA-2008:0182)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf. Red Hat would like to thank MIT for reporting these issues. All krb5 users are advised to update to these erratum packages which contain backported fixes to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2008-0062.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2008-0063.html" ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2008-0182.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.5"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_check(release:"RHEL4", sp:"5", reference:"krb5-devel-1.3.4-49.el4_5.1")) flag++; if (rpm_check(release:"RHEL4", sp:"5", reference:"krb5-libs-1.3.4-49.el4_5.1")) flag++; if (rpm_check(release:"RHEL4", sp:"5", reference:"krb5-server-1.3.4-49.el4_5.1")) flag++; if (rpm_check(release:"RHEL4", sp:"5", reference:"krb5-workstation-1.3.4-49.el4_5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0164.NASL description Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 31616 published 2008-03-19 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31616 title RHEL 5 : krb5 (RHSA-2008:0164) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0164. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(31616); script_version ("1.32"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"); script_bugtraq_id(26750, 28302, 28303); script_xref(name:"RHSA", value:"2008:0164"); script_name(english:"RHEL 5 : krb5 (RHSA-2008:0164)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf. Jeff Altman of Secure Endpoints discovered a flaw in the RPC library as used by MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind or possibly execute arbitrary code. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 5. (CVE-2008-0947) Red Hat would like to thank MIT for reporting these issues. Multiple memory management flaws were discovered in the GSSAPI library used by MIT Kerberos. These flaws could possibly result in use of already freed memory or an attempt to free already freed memory blocks (double-free flaw), possibly causing a crash or arbitrary code execution. (CVE-2007-5901, CVE-2007-5971) In addition to the security issues resolved above, the following bugs were also fixed : * delegated krb5 credentials were not properly stored when SPNEGO was the underlying mechanism during GSSAPI authentication. Consequently, applications attempting to copy delegated Kerberos 5 credentials into a credential cache received an 'Invalid credential was supplied' message rather than a copy of the delegated credentials. With this update, SPNEGO credentials can be properly searched, allowing applications to copy delegated credentials as expected. * applications can initiate context acceptance (via gss_accept_sec_context) without passing a ret_flags value that would indicate that credentials were delegated. A delegated credential handle should have been returned in such instances. This updated package adds a temp_ret_flag that stores the credential status in the event no other ret_flags value is passed by an application calling gss_accept_sec_context. * kpasswd did not fallback to TCP on receipt of certain errors, or when a packet was too big for UDP. This update corrects this. * when the libkrb5 password-routine generated a set-password or change-password request, incorrect sequence numbers were generated for all requests subsequent to the first request. This caused password change requests to fail if the primary server was unavailable. This updated package corrects this by saving the sequence number value after the AP-REQ data is built and restoring this value before the request is generated. * when a user's password expired, kinit would not prompt that user to change the password, instead simply informing the user their password had expired. This update corrects this behavior: kinit now prompts for a new password to be set when a password has expired. All krb5 users are advised to upgrade to these updated packages, which contain backported fixes to address these vulnerabilities and fix these bugs." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5901" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5971" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0062" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0063" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0947" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0164" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0164"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"krb5-devel-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", reference:"krb5-libs-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"krb5-server-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"krb5-server-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"krb5-server-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"krb5-workstation-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"krb5-workstation-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"krb5-workstation-1.6.1-17.el5_1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-server / krb5-workstation"); } }
NASL family SuSE Local Security Checks NASL id SUSE_KRB5-5081.NASL description This update fixes the following security bugs in krb5/krb5-server : - CVE-2008-0062: null/dangling pointer (needs enabled krb4 support) - CVE-2008-0063: possible operations on uninitialized buffer content/information leak (needs enabled krb4 support) - CVE-2008-0947/CVE-2008-0948: out-of-bound array access in kadmind last seen 2020-06-01 modified 2020-06-02 plugin id 31623 published 2008-03-19 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31623 title openSUSE 10 Security Update : krb5 (krb5-5081) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update krb5-5081. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(31623); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947", "CVE-2008-0948"); script_name(english:"openSUSE 10 Security Update : krb5 (krb5-5081)"); script_summary(english:"Check for the krb5-5081 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes the following security bugs in krb5/krb5-server : - CVE-2008-0062: null/dangling pointer (needs enabled krb4 support) - CVE-2008-0063: possible operations on uninitialized buffer content/information leak (needs enabled krb4 support) - CVE-2008-0947/CVE-2008-0948: out-of-bound array access in kadmind's RPC lib" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-apps-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-apps-servers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"krb5-1.4.3-19.30.6") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"krb5-apps-clients-1.4.3-19.30.6") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"krb5-apps-servers-1.4.3-19.30.6") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"krb5-client-1.4.3-19.30.6") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"krb5-devel-1.4.3-19.30.6") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"krb5-server-1.4.3-19.30.6") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"krb5-32bit-1.4.3-19.30.6") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"krb5-devel-32bit-1.4.3-19.30.6") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"krb5-1.5.1-23.14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"krb5-apps-clients-1.5.1-23.14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"krb5-apps-servers-1.5.1-23.14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"krb5-client-1.5.1-23.14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"krb5-devel-1.5.1-23.14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"krb5-server-1.5.1-23.14") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"krb5-32bit-1.5.1-23.14") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"krb5-devel-32bit-1.5.1-23.14") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"krb5-1.6.2-22.4") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"krb5-apps-clients-1.6.2-22.4") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"krb5-apps-servers-1.6.2-22.4") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"krb5-client-1.6.2-22.4") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"krb5-devel-1.6.2-22.4") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"krb5-server-1.6.2-22.4") ) flag++; if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"krb5-32bit-1.6.2-22.4") ) flag++; if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"krb5-devel-32bit-1.6.2-22.4") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0181.NASL description Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 31609 published 2008-03-19 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31609 title CentOS 3 : krb5 (CESA-2008:0181) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0181 and # CentOS Errata and Security Advisory 2008:0181 respectively. # include("compat.inc"); if (description) { script_id(31609); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947", "CVE-2008-0948"); script_bugtraq_id(28302, 28303); script_xref(name:"RHSA", value:"2008:0181"); script_name(english:"CentOS 3 : krb5 (CESA-2008:0181)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf. A flaw was found in the RPC library used by the MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 2.1 or 3. (CVE-2008-0948) Red Hat would like to thank MIT for reporting these issues. All krb5 users are advised to update to these erratum packages which contain backported fixes to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-March/014754.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fc3f05c1" ); # https://lists.centos.org/pipermail/centos-announce/2008-March/014755.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?40b41450" ); # https://lists.centos.org/pipermail/centos-announce/2008-March/014773.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f0960a9c" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/18"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"krb5-devel-1.2.7-68")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"krb5-devel-1.2.7-68.c3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"krb5-devel-1.2.7-68")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"krb5-libs-1.2.7-68")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"krb5-libs-1.2.7-68.c3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"krb5-libs-1.2.7-68")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"krb5-server-1.2.7-68")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"krb5-server-1.2.7-68.c3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"krb5-server-1.2.7-68")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"krb5-workstation-1.2.7-68")) flag++; if (rpm_check(release:"CentOS-3", cpu:"ia64", reference:"krb5-workstation-1.2.7-68.c3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"krb5-workstation-1.2.7-68")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-server / krb5-workstation"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0164.NASL description From Red Hat Security Advisory 2008:0164 : Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 67664 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67664 title Oracle Linux 5 : krb5 (ELSA-2008-0164) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0164 and # Oracle Linux Security Advisory ELSA-2008-0164 respectively. # include("compat.inc"); if (description) { script_id(67664); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"); script_bugtraq_id(26750, 28302, 28303); script_xref(name:"RHSA", value:"2008:0164"); script_name(english:"Oracle Linux 5 : krb5 (ELSA-2008-0164)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0164 : Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf. Jeff Altman of Secure Endpoints discovered a flaw in the RPC library as used by MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind or possibly execute arbitrary code. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 5. (CVE-2008-0947) Red Hat would like to thank MIT for reporting these issues. Multiple memory management flaws were discovered in the GSSAPI library used by MIT Kerberos. These flaws could possibly result in use of already freed memory or an attempt to free already freed memory blocks (double-free flaw), possibly causing a crash or arbitrary code execution. (CVE-2007-5901, CVE-2007-5971) In addition to the security issues resolved above, the following bugs were also fixed : * delegated krb5 credentials were not properly stored when SPNEGO was the underlying mechanism during GSSAPI authentication. Consequently, applications attempting to copy delegated Kerberos 5 credentials into a credential cache received an 'Invalid credential was supplied' message rather than a copy of the delegated credentials. With this update, SPNEGO credentials can be properly searched, allowing applications to copy delegated credentials as expected. * applications can initiate context acceptance (via gss_accept_sec_context) without passing a ret_flags value that would indicate that credentials were delegated. A delegated credential handle should have been returned in such instances. This updated package adds a temp_ret_flag that stores the credential status in the event no other ret_flags value is passed by an application calling gss_accept_sec_context. * kpasswd did not fallback to TCP on receipt of certain errors, or when a packet was too big for UDP. This update corrects this. * when the libkrb5 password-routine generated a set-password or change-password request, incorrect sequence numbers were generated for all requests subsequent to the first request. This caused password change requests to fail if the primary server was unavailable. This updated package corrects this by saving the sequence number value after the AP-REQ data is built and restoring this value before the request is generated. * when a user's password expired, kinit would not prompt that user to change the password, instead simply informing the user their password had expired. This update corrects this behavior: kinit now prompts for a new password to be set when a password has expired. All krb5 users are advised to upgrade to these updated packages, which contain backported fixes to address these vulnerabilities and fix these bugs." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-March/000547.html" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"krb5-devel-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"EL5", reference:"krb5-libs-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"EL5", reference:"krb5-server-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"EL5", reference:"krb5-workstation-1.6.1-17.el5_1.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-server / krb5-workstation"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1524.NASL description Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0062 An unauthenticated remote attacker may cause a krb4-enabled KDC to crash, expose information, or execute arbitrary code. Successful exploitation of this vulnerability could compromise the Kerberos key database and host security on the KDC host. - CVE-2008-0063 An unauthenticated remote attacker may cause a krb4-enabled KDC to expose information. It is theoretically possible for the exposed information to include secret key data on some platforms. - CVE-2008-0947 An unauthenticated remote attacker can cause memory corruption in the kadmind process, which is likely to cause kadmind to crash, resulting in a denial of service. It is at least theoretically possible for such corruption to result in database corruption or arbitrary code execution, though we have no such exploit and are not aware of any such exploits in use in the wild. In versions of MIT Kerberos shipped by Debian, this bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. last seen 2020-06-01 modified 2020-06-02 plugin id 31630 published 2008-03-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31630 title Debian DSA-1524-1 : krb5 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1524. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(31630); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"); script_xref(name:"DSA", value:"1524"); script_name(english:"Debian DSA-1524-1 : krb5 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0062 An unauthenticated remote attacker may cause a krb4-enabled KDC to crash, expose information, or execute arbitrary code. Successful exploitation of this vulnerability could compromise the Kerberos key database and host security on the KDC host. - CVE-2008-0063 An unauthenticated remote attacker may cause a krb4-enabled KDC to expose information. It is theoretically possible for the exposed information to include secret key data on some platforms. - CVE-2008-0947 An unauthenticated remote attacker can cause memory corruption in the kadmind process, which is likely to cause kadmind to crash, resulting in a denial of service. It is at least theoretically possible for such corruption to result in database corruption or arbitrary code execution, though we have no such exploit and are not aware of any such exploits in use in the wild. In versions of MIT Kerberos shipped by Debian, this bug can only be triggered in configurations that allow large numbers of open file descriptors in a process." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0062" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0063" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0947" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1524" ); script_set_attribute( attribute:"solution", value: "Upgrade the krb5 packages. For the old stable distribution (sarge), these problems have been fixed in version krb5 1.3.6-2sarge6. For the stable distribution (etch), these problems have been fixed in version 1.4.4-7etch5." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"krb5-admin-server", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"krb5-clients", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"krb5-doc", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"krb5-ftpd", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"krb5-kdc", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"krb5-rsh-server", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"krb5-telnetd", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"krb5-user", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"libkadm55", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"libkrb5-dev", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"3.1", prefix:"libkrb53", reference:"1.3.6-2sarge6")) flag++; if (deb_check(release:"4.0", prefix:"krb5-admin-server", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"krb5-clients", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"krb5-doc", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"krb5-ftpd", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"krb5-kdc", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"krb5-rsh-server", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"krb5-telnetd", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"krb5-user", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"libkadm55", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"libkrb5-dbg", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"libkrb5-dev", reference:"1.4.4-7etch5")) flag++; if (deb_check(release:"4.0", prefix:"libkrb53", reference:"1.4.4-7etch5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0180.NASL description Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 31627 published 2008-03-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31627 title CentOS 4 : krb5 (CESA-2008:0180) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0180 and # CentOS Errata and Security Advisory 2008:0180 respectively. # include("compat.inc"); if (description) { script_id(31627); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063"); script_bugtraq_id(26750, 28303); script_xref(name:"RHSA", value:"2008:0180"); script_name(english:"CentOS 4 : krb5 (CESA-2008:0180)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf. Red Hat would like to thank MIT for reporting these issues. A double-free flaw was discovered in the GSSAPI library used by MIT Kerberos. This flaw could possibly cause a crash of the application using the GSSAPI library. (CVE-2007-5971) All krb5 users are advised to update to these erratum packages which contain backported fixes to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-March/014768.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e25e9b2d" ); # https://lists.centos.org/pipermail/centos-announce/2008-March/014769.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c62e5686" ); # https://lists.centos.org/pipermail/centos-announce/2008-March/014774.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?001dd4ab" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"krb5-devel-1.3.4-54.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"krb5-devel-1.3.4-54.c4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"krb5-devel-1.3.4-54.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"krb5-libs-1.3.4-54.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"krb5-libs-1.3.4-54.c4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"krb5-libs-1.3.4-54.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"krb5-server-1.3.4-54.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"krb5-server-1.3.4-54.c4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"krb5-server-1.3.4-54.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"krb5-workstation-1.3.4-54.el4_6.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"krb5-workstation-1.3.4-54.c4.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"krb5-workstation-1.3.4-54.el4_6.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-server / krb5-workstation"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0164.NASL description Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 43676 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43676 title CentOS 5 : krb5 (CESA-2008:0164) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0164 and # CentOS Errata and Security Advisory 2008:0164 respectively. # include("compat.inc"); if (description) { script_id(43676); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2007-5901", "CVE-2007-5971", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0947"); script_bugtraq_id(26750, 28302, 28303); script_xref(name:"RHSA", value:"2008:0164"); script_name(english:"CentOS 5 : krb5 (CESA-2008:0164)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated krb5 packages that resolve several issues and fix multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding 'v4_mode=none' (without the quotes) to the '[kdcdefaults]' section of /var/kerberos/krb5kdc/kdc.conf. Jeff Altman of Secure Endpoints discovered a flaw in the RPC library as used by MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind or possibly execute arbitrary code. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 5. (CVE-2008-0947) Red Hat would like to thank MIT for reporting these issues. Multiple memory management flaws were discovered in the GSSAPI library used by MIT Kerberos. These flaws could possibly result in use of already freed memory or an attempt to free already freed memory blocks (double-free flaw), possibly causing a crash or arbitrary code execution. (CVE-2007-5901, CVE-2007-5971) In addition to the security issues resolved above, the following bugs were also fixed : * delegated krb5 credentials were not properly stored when SPNEGO was the underlying mechanism during GSSAPI authentication. Consequently, applications attempting to copy delegated Kerberos 5 credentials into a credential cache received an 'Invalid credential was supplied' message rather than a copy of the delegated credentials. With this update, SPNEGO credentials can be properly searched, allowing applications to copy delegated credentials as expected. * applications can initiate context acceptance (via gss_accept_sec_context) without passing a ret_flags value that would indicate that credentials were delegated. A delegated credential handle should have been returned in such instances. This updated package adds a temp_ret_flag that stores the credential status in the event no other ret_flags value is passed by an application calling gss_accept_sec_context. * kpasswd did not fallback to TCP on receipt of certain errors, or when a packet was too big for UDP. This update corrects this. * when the libkrb5 password-routine generated a set-password or change-password request, incorrect sequence numbers were generated for all requests subsequent to the first request. This caused password change requests to fail if the primary server was unavailable. This updated package corrects this by saving the sequence number value after the AP-REQ data is built and restoring this value before the request is generated. * when a user's password expired, kinit would not prompt that user to change the password, instead simply informing the user their password had expired. This update corrects this behavior: kinit now prompts for a new password to be set when a password has expired. All krb5 users are advised to upgrade to these updated packages, which contain backported fixes to address these vulnerabilities and fix these bugs." ); # https://lists.centos.org/pipermail/centos-announce/2008-March/014766.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4b44b161" ); # https://lists.centos.org/pipermail/centos-announce/2008-March/014767.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?055da6b6" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"krb5-devel-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"krb5-libs-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"krb5-server-1.6.1-17.el5_1.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"krb5-workstation-1.6.1-17.el5_1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-server / krb5-workstation"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-002.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 31605 published 2008-03-19 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31605 title Mac OS X Multiple Vulnerabilities (Security Update 2008-002) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(31605); script_version ("1.38"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-3352", "CVE-2005-4077", "CVE-2006-3334", "CVE-2006-3747", "CVE-2006-5793", "CVE-2006-6481", "CVE-2007-0897", "CVE-2007-0898", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-1745", "CVE-2007-1997", "CVE-2007-2445", "CVE-2007-2799", "CVE-2007-3378", "CVE-2007-3725", "CVE-2007-3799", "CVE-2007-3847", "CVE-2007-4510", "CVE-2007-4560", "CVE-2007-4568", "CVE-2007-4752", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4887", "CVE-2007-4990", "CVE-2007-5000", "CVE-2007-5266", "CVE-2007-5267", "CVE-2007-5268", "CVE-2007-5269", "CVE-2007-5795", "CVE-2007-5901", "CVE-2007-5958", "CVE-2007-5971", "CVE-2007-6109", "CVE-2007-6203", "CVE-2007-6335", "CVE-2007-6336", "CVE-2007-6337", "CVE-2007-6388", "CVE-2007-6421", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0005", "CVE-2008-0006", "CVE-2008-0044", "CVE-2008-0045", "CVE-2008-0046", "CVE-2008-0047", "CVE-2008-0048", "CVE-2008-0049", "CVE-2008-0050", "CVE-2008-0051", "CVE-2008-0052", "CVE-2008-0053", "CVE-2008-0054", "CVE-2008-0055", "CVE-2008-0056", "CVE-2008-0057", "CVE-2008-0058", "CVE-2008-0059", "CVE-2008-0060", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0318", "CVE-2008-0596", "CVE-2008-0728", "CVE-2008-0882", "CVE-2008-0987", "CVE-2008-0988", "CVE-2008-0989", "CVE-2008-0990", "CVE-2008-0992", "CVE-2008-0993", "CVE-2008-0994", "CVE-2008-0995", "CVE-2008-0996", "CVE-2008-0997", "CVE-2008-0998", "CVE-2008-0999", "CVE-2008-1000"); script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838, 26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307, 28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357, 28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372, 28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)"); script_summary(english:"Check for the presence of Security Update 2008-002"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs." ); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307562" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" ); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/14242" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-002 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/03/19"); script_set_attribute(attribute:"patch_publication_date", value: "2007/08/24"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-2]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(0); if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.002\.bom", string:packages)) security_hole(0); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-587-1.NASL description It was discovered that krb5 did not correctly handle certain krb4 requests. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted traffic, which could expose sensitive information, cause a crash, or execute arbitrary code. (CVE-2008-0062, CVE-2008-0063) A flaw was discovered in the kadmind service last seen 2020-06-01 modified 2020-06-02 plugin id 31625 published 2008-03-19 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31625 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : krb5 vulnerabilities (USN-587-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200803-31.NASL description The remote host is affected by the vulnerability described in GLSA-200803-31 (MIT Kerberos 5: Multiple vulnerabilities) Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063). Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947). Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971). Impact : The first two vulnerabilities can be exploited by a remote unauthenticated attacker to execute arbitrary code on the host running krb5kdc, compromise the Kerberos key database or cause a Denial of Service. These bugs can only be triggered when Kerberos 4 support is enabled. The RPC related vulnerability can be exploited by a remote unauthenticated attacker to crash kadmind, and theoretically execute arbitrary code with root privileges or cause database corruption. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. The GSSAPI vulnerabilities could be exploited by a remote attacker to cause Denial of Service conditions or possibly execute arbitrary code. Workaround : Kerberos 4 support can be disabled via disabling the last seen 2020-06-01 modified 2020-06-02 plugin id 31671 published 2008-03-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31671 title GLSA-200803-31 : MIT Kerberos 5: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-070.NASL description A memory management flaw was found in the GSSAPI library used by Kerberos that could result in an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code (CVE-2007-5971). A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly %execute arbitrary code using malformed or truncated Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063). This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. Kerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf. A flaw in the RPC library as used in Kerberos last seen 2020-06-01 modified 2020-06-02 plugin id 37527 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37527 title Mandriva Linux Security Advisory : krb5 (MDVSA-2008:070) NASL family Fedora Local Security Checks NASL id FEDORA_2008-2637.NASL description This update incorporates fixes included in MITKRB5-SA-2008-001 (use of uninitialized pointer / double-free in the KDC when v4 compatibility is enabled) and MITKRB5-SA-2008-002 (incorrect handling of high-numbered descriptors in the RPC library). This update also incorporates less-critical fixes for a double- free (CVE-2007-5971) and an incorrect attempt to free non-heap memory (CVE-2007-5901) in the GSSAPI library. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31668 published 2008-03-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31668 title Fedora 7 : krb5-1.6.1-9.fc7 (2008-2637) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0009.NASL description a. VMware Tools Local Privilege Escalation on Windows-based guest OS The VMware Tools Package provides support required for shared folders (HGFS) and other features. An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. It doesn last seen 2020-06-01 modified 2020-06-02 plugin id 40378 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40378 title VMSA-2008-0009 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues NASL family Fedora Local Security Checks NASL id FEDORA_2008-2647.NASL description This update incorporates fixes included in MITKRB5-SA-2008-001 (use of uninitialized pointer / double-free in the KDC when v4 compatibility is enabled) and MITKRB5-SA-2008-002 (incorrect handling of high-numbered descriptors in the RPC library). This update also incorporates less-critical fixes for a double- free (CVE-2007-5971) and an incorrect attempt to free non-heap memory (CVE-2007-5901) in the GSSAPI library. This update also fixes an incorrect calculation of the length of the absolute path name of a file when the relative path is known and the library needs to look up which SELinux label to apply to the file. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31670 published 2008-03-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31670 title Fedora 8 : krb5-1.6.2-14.fc8 (2008-2647) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0180.NASL description Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 31617 published 2008-03-19 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31617 title RHEL 4 : krb5 (RHSA-2008:0180) NASL family Scientific Linux Local Security Checks NASL id SL_20080318_KRB5_ON_SL3_X.NASL description A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Scientific Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 60373 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60373 title Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0180.NASL description From Red Hat Security Advisory 2008:0180 : Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 67668 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67668 title Oracle Linux 4 : krb5 (ELSA-2008-0180) NASL family SuSE Local Security Checks NASL id SUSE_KRB5-5082.NASL description This update fixes the following security bugs in krb5/krb5-server : - null/dangling pointer (needs enabled krb4 support). (CVE-2008-0062) - possible operations on uninitialized buffer content/information leak (needs enabled krb4 support). (CVE-2008-0063) - out-of-bound array access in kadmind last seen 2020-06-01 modified 2020-06-02 plugin id 31624 published 2008-03-19 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31624 title SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 5082) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-069.NASL description Multiple memory management flaws were found in the GSSAPI library used by Kerberos that could result in the use of already freed memory or an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code (CVE-2007-5901, CVE-2007-5971). A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly %execute arbitrary code using malformed or truncated Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063). This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. Kerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf. A flaw in the RPC library as used in Kerberos last seen 2020-06-01 modified 2020-06-02 plugin id 38056 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38056 title Mandriva Linux Security Advisory : krb5 (MDVSA-2008:069) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0181.NASL description From Red Hat Security Advisory 2008:0181 : Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding last seen 2020-06-01 modified 2020-06-02 plugin id 67669 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67669 title Oracle Linux 3 : krb5 (ELSA-2008-0181)
Oval
accepted | 2013-04-29T04:19:47.436-04:00 | ||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||
description | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | ||||||||||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:9496 | ||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
title | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | ||||||||||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 28303 CVE(CAN) ID: CVE-2008-0062,CVE-2008-0063 Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。 Kerberos 5的实现上存在两个漏洞,远程攻击者可能利用此漏洞导致拒绝服务或获取敏感信息。 如果Kerberos 5 KDC中启用了Kerberos 4支持的话,发送畸形消息可能会触发两个漏洞: CVE-2008-0062:如果KDC接收到了畸形的Kerberos 4消息的话,且之前没有Kerberos 4通讯,就会触发空指针引用,导致KDC崩溃。如果已有有效的Kerberos 4通讯,就会使用空指针锁定发送给客户端的消息;指针可能重新发送之前生成的响应,发送进程内存的一些任意块(其中可能包含有密钥数据),或由于试图访问无效地址导致进程崩溃。如果进程没有崩溃的话,就会向free()传送随机地址,这可能会破坏释放池,导致崩溃、数据破坏或跳转到进程内存的任意地址。 CVE-2008-0063:如果将Kerberos 4消息截短的话,就会使用栈上之前的内容取代消息缺失的部分,而主名称中有些部分是从消息中的字符串读取的。这些字符串仅限于40字节或缓冲区中所找到的下一个ASCII NUL。如果KDC返回的错误消息显示数据库中没有找到主名称的话,就会在错误消息中包含主名称,其中可能包含有之前的栈内容。 MIT Kerberos 5 1.6.3 KDC 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1524-1)以及相应补丁: DSA-1524-1:New krb5 packages fix multiple vulnerabilities 链接:<a href=http://www.debian.org/security/2008/dsa-1524 target=_blank>http://www.debian.org/security/2008/dsa-1524</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz</a> Size/MD5 checksum: 6526510 7974d0fc413802712998d5fc5eec2919 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.diff.gz target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.diff.gz</a> Size/MD5 checksum: 673705 93382126a3c73ac44ed7daa7d85f166d <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.dsc target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.dsc</a> Size/MD5 checksum: 782 0391aaf485ef1636ef18c6ba183c3fbe Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge6_all.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge6_all.deb</a> Size/MD5 checksum: 718916 ca2fb37b53a19207f1e1f1de90c4c1f3 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 137834 d43e9d3f3ef65fe8c8cbbb7b5dcbd144 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 177730 947fb82dd795f9272935ea4cb027e543 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 124864 4f1d0aa9d18013023f4a9f2b9a10db65 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 104886 15037693de0d9dc27460d713b547872a <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 63606 c4cfe2b01bfe0b579b216210817c4fa3 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 369420 c8d1eaf98400880ff82f727fe20f90cd <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 82806 30230dfe2605b88fdeac8811d408acdb <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 57048 741292984684fddae11e130dcd388161 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 652378 d8f3493f4354e0b3717ffc72d6592b88 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_amd64.deb</a> Size/MD5 checksum: 216990 0df13c59411cf57b86bd94e250cf458e arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 115684 ef39b71c5ecf4187e24d27c1111c9a54 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 633330 08566aa29ab8d56e26070137a16731a4 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 158874 4f60129aa092ea3d750deb168299abe7 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 54134 e23173f4ad3a59af03fbab0369a714a9 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 58252 255394fcc06d13b6dabc2e87c91dac02 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 198848 aaba0529c817ff11728515f5a116f71b <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 126814 85d31333aa01c4ab1f7b14ffaaa4c08b <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 74940 706b7cbfb01d66cbdb371a9019b3f725 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 329190 a661364db9bd2d5c5340a0c6a5c939f4 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_arm.deb</a> Size/MD5 checksum: 93938 04dc96993c79d0113a0626a4439c8cbf hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 125154 afd4a9608fff5b1b3e793881bb2c9c2c <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 64286 b85cf8b5680c12c093ff34150623a3a0 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 59368 3df43bbb40e060d0522495ff3e78412d <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 669644 50027bd1d314e911c4a91647989fad1e <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 104948 a013d1818ed8d6dd7d75a8ac11e795f9 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 187304 401a8e21722c104f3d3aae86cf3640e9 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 383876 d50afad26c9a0416fe47dfdf5ff649f4 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 81992 b6c84f121f66616f578b13a3f0c654ca <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 139202 4972377b638f980ad757128f14132874 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_hppa.deb</a> Size/MD5 checksum: 224154 8a8436e210dd8892487ea482a1de6522 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 116324 445bced4eb764a78e51b68e4d7558363 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 574784 40fa136876b3219e55de089340c0c85e <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 52890 a6ae74be5b338ab7f215d0846353833e <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 165726 4b2485d3b8a50cd61ffcd2e0748d70fe <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 349416 2f33d4592484a2adf276fd29cfe9d728 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 127878 7232e14b8bc1d78fa4346b4ed393a3b9 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 95656 00f7666dac13adf2a7bfc81c9d801f2f <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 191526 d8613e5a3d87838ee7155f54c1c12f3d <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 57762 2baa509aad5f6b837753e5a3e65e63f1 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_i386.deb</a> Size/MD5 checksum: 75890 5e52830c36794bb8ed2cdd14611ec690 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 134332 473be671406f747295c4a94d3f2ca3c5 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 289396 c95c79f18a2a8cb78131a35073c09ebe <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 890018 a9ca82650f5f96ac66d2b4436b0d1345 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 167350 f448dced91316668c1d33d6a0776eb2c <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 240384 5dc95c9ea35a7b052041e177114c5acf <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 79982 8980a39a06eeca5ef5adb623786742a2 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 73692 039a88dc8793fa4de6e461408cde62bd <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 105008 273a9dbaf7a4882f39ebd9de527f76fb <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 502382 97f1d32991c1778752bad887f4029990 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_ia64.deb</a> Size/MD5 checksum: 165288 7d2e3c354cc50db22fc34a396902690f m68k architecture (Motorola Mc680x0) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 71116 2f35c57d9f24856b013e27b0eef24a25 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 516020 203205bb2e6f66161c2aa98746687190 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 49768 39d4529ec4e27e2fdc75de762c5643fa <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 107660 0659ab018fbf062504348fc63ef97cc6 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 147864 b86ebef3ec1541aeabc20be31e503049 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 305872 1fc4f6385b5196c1c892731eac06f5b3 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 122106 c60b71edc9196adda91d40c4b84a908e <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 174180 6d750c072a8d641bd661ea5c688199f3 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 53478 74055ea66e27e24d79c824691da8fe0f <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_m68k.deb</a> Size/MD5 checksum: 88692 074a5c747c652e7ce8d911077ca5586c mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 145108 f432457761497dcfd8e1ba6fe7ac43fa <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 164386 512e3b183ffc5f121f82981f32235377 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 57750 d827cf9980ed4eba196dedf93e7d9b5d <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 680860 b4718176172f14d54d2a4662ae28e534 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 128738 a9592a522e7cc0f6db4c121ac04db438 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 65060 9b5613121aff8f341cb2dc3786b28d78 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 103404 eb3ca8cddb900bd4dfdb10b67ca9622c <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 225708 d09d386a5705b48584ffd51b0127883d <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 355178 359ca6a220b6a9e7af7b949e7a64fb5d <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mips.deb</a> Size/MD5 checksum: 80956 407fec89580608afebb4ff89d95bdf72 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 146678 76f8820a81a1c068ab60348f1302d087 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 103808 db8b0c06f58646093ca80554061cc0d1 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 65266 c27b18832cafb60109ba97e529706a53 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 226540 0ddfa3be4f63eeb0066682928c193996 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 82060 2479f67cadc3533fb499507fc1977b5d <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 355120 d1644230bb4cc0788a04f5f0c8eb961c <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 58164 5dcd7db602701983272b2fbb0db88864 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 130098 472042e34a7ac48352205df510767ddd <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 165632 3074194d27a16bd4e737a9462d6a217a <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mipsel.deb</a> Size/MD5 checksum: 682776 b0046283d8860fc6c8fe968b335ff463 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 61758 9496fefe85772ad549b84ae523c56e77 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 217812 c5aa73b8513a3698002cc3cedfeff012 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 105320 3677c003bd4c271bbe3daef5cf8f52df <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 143838 61244dbf640bd19ee1cc738ee7b44b34 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 57018 9afa2ba534be545b9d76d1f69c8e5468 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 165746 74c29add119101782727226dc9200db0 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 634906 93dd67378ead6cb763cc304516cbf632 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 353104 c5b16a1f26d01435b2bcb540b5b97730 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 82702 f728717a6a25b233526ad69934e376f4 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_powerpc.deb</a> Size/MD5 checksum: 126246 da0e3adca803929ae44fad884949cbe2 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 214176 9c4b2684ce790d6544d078efde32f5d3 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 132996 1ed627f09d5b25bb3eaaaa4148207d7f <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 63428 332d6f0c94eabdca1df666a3ec0c6184 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 57214 f518a8dd4336c3916bb8c533bd8b6301 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 624898 27ed5f1406b97c3a429ed6cc41a5421a <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 99652 0e49258823390960faaf06522ab8f1cc <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 376188 ec0fdc218fbe9c53fa5aaec87667b5a7 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 82370 3a26a1e22c24add8b16498a641444a77 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 180336 34967e4eb80a75b18a23a9f3bf05bb5f <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_s390.deb</a> Size/MD5 checksum: 121318 883136f99bce1a8f9f413dc3d68f5762 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 576786 3c142ce93bd9b408ea9a6d6046e3d067 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 58950 91be8dfc1160f334f0ed514eaeddb3c4 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 53520 89ceeef920ad596b129365a1f6876818 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 73596 cca4a24557097c3be9dc611d686d0688 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 93348 0a954f5b7f637eeaea3b656699314b99 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 114068 e7a1986874465f458987516f27a705d1 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 157712 2c8a0b75fc4982ee9265d2dd8cab2cc4 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 126780 d6faa238b06d1ff65c6b20b54c7b4fac <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 194584 39322280b333988d5cce973c7c00cdad <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_sparc.deb</a> Size/MD5 checksum: 330436 27d8b24e5a2bbb57d8078c7b1d391d53 Debian 4.0 (stable) - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.dsc target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.dsc</a> Size/MD5 checksum: 876 e8f30ac6b710091985a2b669632ca174 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz</a> Size/MD5 checksum: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.diff.gz target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.diff.gz</a> Size/MD5 checksum: 1590551 c7d7bfb6aa34876ec8b5d0767ed65c2d Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch5_all.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch5_all.deb</a> Size/MD5 checksum: 1806352 0e3b03d93b1a62a41f9d004d3f6a69eb alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 76136 61c8f8b99cd2c5e08fe20121d5a33119 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 461032 12fe64d352941f674f01b875532ec91f <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 91648 ee8cf04beb8687f4afc0684fbed232e9 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 1087614 dc627be2679028513f541ab0db184758 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 245650 57d128cab47e74d75ad56da8b81866fe <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 154868 4cac528d66a64df26a385bb15552061c <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 136110 a0d904994baba8064c640014e238020c <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 216328 7e96a8117e5397282f9027dc99fee308 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 89690 a14489d539fc5274175e92b8c1f99cc4 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 65866 c153e17e3514e566d1b719bd4941c3f2 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_alpha.deb</a> Size/MD5 checksum: 1017046 543b2403aee468ad0a1692708de9a587 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 83852 4e7e51683f130dfdbaaaa2b6bbdfd70b <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 61474 5ed45d3180ad5cda0839f53d8d9fc716 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 768634 4f227f866f481d0a11a90b1a41d14bbb <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 141926 5944b339ff70c630a2d04026dc8a436c <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 68170 d5b5cc9a99c26889dcf685f88cc92a9a <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 129822 8f01b6b85827382fcb2ac54b561a1ec0 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 222262 b16ea5bddeb302c73844a465d5b27020 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 1072208 5458abcef1aa9174a703a51d9910bf42 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 190378 b663d232374d5d8ea6a1aeb6596e1e66 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 426424 39665f5600ac062e43d78823f79016a6 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_amd64.deb</a> Size/MD5 checksum: 86108 786e35f5915b137445eb034ef1f53eee arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 1013602 3087dae461053141fd9099ba1bf1f520 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 63418 6d76005bc5336972fff07aa9961bcbca <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 682712 20f548e7e7fe59ffc450c46c58b73fd1 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 136110 b1774fea7cea371790dc1d7b9a293395 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 173154 785af0fd07d78658edb4a4c25082ca22 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 59834 e369f2b68c8090e91191718d207da76d <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 206238 c69f58637e68a2d455750e32b5b770c0 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 390054 b972d264ad97b69120ee4e4d898f3055 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 81426 82979ab1f34edf407dc1a32f4be2a911 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 123540 f9534a82bfa054018029c9a3934fc121 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_arm.deb</a> Size/MD5 checksum: 78826 62163e751d27902012a16758fbbf67e0 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 1050680 8ea8f26032837464c794e615623ac59e <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 87564 ec92090e89dc2c03500c52cbd188e4c3 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 441724 6cc26ce6c3e4fa233222786b15bc08ac <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 64206 fa4e68946117f10d2dbbcea75fabe5d0 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 132802 23e6e453b5943c8df76fd87a18fe2182 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 85370 9011819683422a091d363e0d0064e82e <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 815220 652f24a16193c3d8bf9f128000888850 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 145028 88cb8fd42c037cca495bb200a8d5bacd <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 69692 0ce8e82456cc62420ba31f7ce0aa3a39 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 201216 b7aa6c970117a632b2e60d14829ba7b7 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_hppa.deb</a> Size/MD5 checksum: 232082 7a823371e31f4b3e937a4e9d7a83d09b i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 80306 8c8461beb8bd866080134bf1a25ef557 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 62446 22a83f7567df841b9f34ffc133534a64 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 133360 5e72e490c20ac03f49b7fd6921047048 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 680166 991c24aa3b8e2d82f07e49865d70119b <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 408376 f375a2157e2b1de2eadecbb2f03c8637 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 174112 f9efe4ee2c52dba6806f548d778e0f53 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 58050 b99734e1b92043a8cc816c588b04fce5 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 196558 0b03b5d3920efa1c5efbf8cbe3901f15 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 124206 21cc6d63e1eeaeb9deb70e227d61d84b <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 1037936 a1a2470171c5403563ed285be9caaa9a <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_i386.deb</a> Size/MD5 checksum: 78598 80b9f57c39a90e17b67480271ec8cc2a ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 305920 940370e13598d9c00b123f97aa3f09ad <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 164602 6dd81cf1a5487ad63e2ab3cf1ce342f1 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 112994 4ccb79847d301064e5e6496f2577b5e5 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 80324 88cc01f93ed8fe3b9c9861176050f004 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 105592 8745ddb42d7cb7afb95ef4f946a26c60 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 1088562 0d2cdc97965b7827a78bca972aed38fd <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 91338 40c9d44d05f3262c1a5d6950c4255e16 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 269600 4acf36a3831bd4d2bb0af4d9130d0f27 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 1043576 6e487c186d462bc98b8ccdfbb5891324 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 190500 4cc37a9cd6bb13da4ca73f87b60738d3 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_ia64.deb</a> Size/MD5 checksum: 592208 ac3bd63fc244d99757d33c8b8fa8f745 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 71184 99f78076e71ddc74b7809de695945048 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 128534 d08156f659ccfaa953e612ab0f1be1e0 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 86416 a0ccc69288f43974099646a0b4df2702 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 807408 caa736a161edf63d4b7b0200642293cc <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 81794 820abd7cda885cfbcd651eeb819b6ea2 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 176908 eb82211002e6f5fa451b8c6fc72cd8c5 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 230468 6498dab212c73d4c618a77b105d40302 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 389766 cb2be7e8aa8890f3011c7721474048cb <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 145004 1d8436cb03bf8df56127ab37a1787096 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 62920 610d234fcd0e209b0d2e6c0f3be39f6b <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mips.deb</a> Size/MD5 checksum: 1112710 5b98f43fa267c04b32bc96927ad868a2 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 87478 dce62567d27548de56ad38615fd5a8fe <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 71596 8cfffdf23386228753133a6d675a75dc <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 131106 22011c6b9dfeaf6318baffbb40b4b005 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 63834 9a2e78369d8fa1d0d8688eb48e443518 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 810348 c36eb2099ac9fd31e57d5693ec8eb92b <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 82652 3699856d5fe3d28c74e0e66469d05859 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 1087382 a5cac22f1da48cbb4c80f7f736b70b2f <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 179494 4a1d3e8cc558c330b9f4a6bded87913b <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 145716 1f45bb37dd7e13ea4c6b21f52c43c657 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 232788 88bc4c67b09b541769a7a00abc5d2688 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mipsel.deb</a> Size/MD5 checksum: 391848 05272bb8eb78e5e3fa374c9cb6597403 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 222776 d87408739c95de5b207a88550278a0d0 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 1083104 a5a89067cd381199a75e9751be977884 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 143844 488e4411a9d507c14961e8c1a867a18b <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 84364 fd1d52f855615c98fc8d207dcea36d2f <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 137308 16ac4ae9b3a4eec6e584d4b9902771ed <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 399370 2c4951062f1fa124af1a36a8b0c1e761 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 86864 33e72918f1ae2f968537d4e3328237b8 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 67384 3547b618672d7e775018128fa421551d <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 753506 cdc2c41be06d280160c3f7ee8b7f3417 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 61930 dad1ac368a357004137a4beaf0a4f8ba <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_powerpc.deb</a> Size/MD5 checksum: 179574 499b4b287b5726f7a8afea620d5606c5 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 63392 7e446e33886543cc1432026dbde49ea8 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 87886 02735411cb4acaa71b8aa72bf7d9683d <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 438990 5aacff7c6ec54f708cb98fa0718bfcc0 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 129266 31c153db1328ee93b97e64bdb01a3cc3 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 195506 d3175c75393ac80363919b170e1446e0 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 1073530 ac4c767b43f20d304e9683ebfddf3a68 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 224438 5a59744997773137c0409af842e7fdf0 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 68782 57ed0962a4cf4f2f7c7d60edf52449ed <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 140470 8fd23a0ec4c4b5c81c48d7b0228a5fa8 <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 82118 7a84a0ceeb5110380a231be90d6f36ce <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_s390.deb</a> Size/MD5 checksum: 733368 6a3ea5e404cebc11888aaad6fdc2cedd sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_sparc.deb</a> Size/MD5 checksum: 131724 561314d157da780fc7de7c06524e8a3c <a href=http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_sparc.deb</a> Size/MD5 checksum: 77124 6de298978f0404514a0b16d863efa276 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_sparc.deb</a> Size/MD5 checksum: 961534 754258b22c1eaf83c3167775c3138a58 <a href=http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates |
id | SSV:3062 |
last seen | 2017-11-19 |
modified | 2008-03-20 |
published | 2008-03-20 |
reporter | Root |
title | MIT Kerberos 5 KDC多个内存破坏信息泄露漏洞 |
References
- http://docs.info.apple.com/article.html?artnum=307562
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
- http://marc.info/?l=bugtraq&m=130497213107107&w=2
- http://marc.info/?l=bugtraq&m=130497213107107&w=2
- http://marc.info/?l=bugtraq&m=130497213107107&w=2
- http://marc.info/?l=bugtraq&m=130497213107107&w=2
- http://secunia.com/advisories/29420
- http://secunia.com/advisories/29420
- http://secunia.com/advisories/29423
- http://secunia.com/advisories/29423
- http://secunia.com/advisories/29424
- http://secunia.com/advisories/29424
- http://secunia.com/advisories/29428
- http://secunia.com/advisories/29428
- http://secunia.com/advisories/29435
- http://secunia.com/advisories/29435
- http://secunia.com/advisories/29438
- http://secunia.com/advisories/29438
- http://secunia.com/advisories/29450
- http://secunia.com/advisories/29450
- http://secunia.com/advisories/29451
- http://secunia.com/advisories/29451
- http://secunia.com/advisories/29457
- http://secunia.com/advisories/29457
- http://secunia.com/advisories/29462
- http://secunia.com/advisories/29462
- http://secunia.com/advisories/29464
- http://secunia.com/advisories/29464
- http://secunia.com/advisories/29516
- http://secunia.com/advisories/29516
- http://secunia.com/advisories/29663
- http://secunia.com/advisories/29663
- http://secunia.com/advisories/30535
- http://secunia.com/advisories/30535
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
- http://wiki.rpath.com/Advisories:rPSA-2008-0112
- http://wiki.rpath.com/Advisories:rPSA-2008-0112
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
- http://www.debian.org/security/2008/dsa-1524
- http://www.debian.org/security/2008/dsa-1524
- http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
- http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
- http://www.kb.cert.org/vuls/id/895609
- http://www.kb.cert.org/vuls/id/895609
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
- http://www.redhat.com/support/errata/RHSA-2008-0164.html
- http://www.redhat.com/support/errata/RHSA-2008-0164.html
- http://www.redhat.com/support/errata/RHSA-2008-0180.html
- http://www.redhat.com/support/errata/RHSA-2008-0180.html
- http://www.redhat.com/support/errata/RHSA-2008-0181.html
- http://www.redhat.com/support/errata/RHSA-2008-0181.html
- http://www.redhat.com/support/errata/RHSA-2008-0182.html
- http://www.redhat.com/support/errata/RHSA-2008-0182.html
- http://www.securityfocus.com/archive/1/489761
- http://www.securityfocus.com/archive/1/489761
- http://www.securityfocus.com/archive/1/489883/100/0/threaded
- http://www.securityfocus.com/archive/1/489883/100/0/threaded
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
- http://www.securityfocus.com/bid/28303
- http://www.securityfocus.com/bid/28303
- http://www.securitytracker.com/id?1019626
- http://www.securitytracker.com/id?1019626
- http://www.ubuntu.com/usn/usn-587-1
- http://www.ubuntu.com/usn/usn-587-1
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- http://www.vupen.com/english/advisories/2008/0922/references
- http://www.vupen.com/english/advisories/2008/0922/references
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/1102/references
- http://www.vupen.com/english/advisories/2008/1102/references
- http://www.vupen.com/english/advisories/2008/1744
- http://www.vupen.com/english/advisories/2008/1744
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41275
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41275
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html