Vulnerabilities > CVE-2010-1321 - Null Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_41167.NASL description s700_800 11.23 KRB5-Client Version 1.0 Cumulative patch : Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 47148 published 2010-06-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47148 title HP-UX PHSS_41167 : HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02544 SSRT100107 rev.1) NASL family SuSE Local Security Checks NASL id SUSE_KRB5-7046.NASL description This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C)) last seen 2020-06-01 modified 2020-06-02 plugin id 49876 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49876 title SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 7046) NASL family SuSE Local Security Checks NASL id SUSE_11_2_JAVA-1_6_0-SUN-101019.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560 last seen 2020-06-01 modified 2020-06-02 plugin id 50299 published 2010-10-22 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50299 title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_6_UPDATE3.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 3. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets or applications to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2020-03-18 modified 2010-10-20 plugin id 50073 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50073 title Mac OS X : Java for Mac OS X 10.6 Update 3 NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2011-0013.NASL description a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third-party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third-party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third-party component sfcb This release resolves an integer overflow issue present in the third-party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 56665 published 2011-10-28 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56665 title VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_41166.NASL description s700_800 11.11 KRB5-Client Version 1.0 cumulative patch : Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 47147 published 2010-06-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47147 title HP-UX PHSS_41166 : HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02544 SSRT100107 rev.1) NASL family SuSE Local Security Checks NASL id SUSE9_12669.NASL description IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator last seen 2020-06-01 modified 2020-06-02 plugin id 51660 published 2011-01-24 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51660 title SuSE9 Security Update : IBM Java (YOU Patch Number 12669) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-IBM-7312.NASL description IBM Java 6 SR9 was released, fixing a lot of security issues. IBM JDK Alerts can also be found on this page: http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-01 modified 2020-06-02 plugin id 51750 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51750 title SuSE 10 Security Update : IBM Java 6 SR9 (ZYPP Patch Number 7312) NASL family SuSE Local Security Checks NASL id SUSE9_12659.NASL description This update brings IBM Java 5 to Service Release 12 Fixpack 2. It fixes quite a large number of security problems and other bugs. The security issues are tracked by the following CVE ids : - CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574. (CVE-2009-3555) last seen 2020-06-01 modified 2020-06-02 plugin id 50854 published 2010-12-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50854 title SuSE9 Security Update : IBM Java 5 JRE and SDK (YOU Patch Number 12659) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0873.NASL description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 50641 published 2010-11-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50641 title RHEL 6 : java-1.5.0-ibm (RHSA-2010:0873) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_5_UPDATE8.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 8. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets or applications to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2020-03-18 modified 2010-10-20 plugin id 50072 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50072 title Mac OS X : Java for Mac OS X 10.5 Update 8 NASL family Scientific Linux Local Security Checks NASL id SL_20100518_KRB5_ON_SL3_X.NASL description A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Program Interface (GSS-API) library. A remote, authenticated attacker could use this flaw to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field. (CVE-2010-1321) All running services using the MIT Kerberos libraries must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60793 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60793 title Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0016.NASL description a. Service Console OS update for COS kernel This patch updates the service console kernel to fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0415, CVE-2010-0307, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1437, and CVE-2010-1088 to these issues. b. Likewise package updates Updates to the likewisekrb5, likewiseopenldap, likewiseopen, and pamkrb5 packages address several security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-4212, and CVE-2010-1321 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50611 published 2010-11-16 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50611 title VMSA-2010-0016 : VMware ESXi and ESX third-party updates for Service Console and Likewise components NASL family Misc. NASL id VMWARE_VMSA-2011-0013_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment (JRE) - libuser - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) - OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 89681 published 2016-03-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89681 title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2011-0003.NASL description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0. last seen 2020-06-01 modified 2020-06-02 plugin id 51971 published 2011-02-14 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51971 title VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-IBM-7205.NASL description This update brings IBM Java 5 to Service Release 12 Fixpack 2. It fixes quite a large number of security problems and other bugs. The security issues are tracked by the following CVE ids: CVE-2009-3555 / CVE-2010-1321 / CVE-2010-3541 / CVE-2010-3548 / CVE-2010-3549 / CVE-2010-3550 / CVE-2010-3551 / CVE-2010-3556 / CVE-2010-3559 / CVE-2010-3562 / CVE-2010-3565 / CVE-2010-3566 / CVE-2010-3568 / CVE-2010-3569 / CVE-2010-3572 / CVE-2010-3573 / CVE-2010-3574 last seen 2020-06-01 modified 2020-06-02 plugin id 50968 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50968 title SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 7205) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2052.NASL description Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a NULL pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field. last seen 2020-06-01 modified 2020-06-02 plugin id 46724 published 2010-05-26 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46724 title Debian DSA-2052-1 : krb5 - NULL pointer dereference NASL family Fedora Local Security Checks NASL id FEDORA_2010-8749.NASL description Shawn Emery discovered a remotely-triggerable NULL pointer dereference in the Kerberos GSS-API library which could be used to cause GSS-API-authenticated services to crash. This update incorporates fixes to instead correctly detect the error and return an error code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47510 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47510 title Fedora 13 : krb5-1.7.1-10.fc13 (2010-8749) NASL family Windows NASL id ORACLE_JAVA_CPU_OCT_2010.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 49996 published 2010-10-15 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49996 title Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-IBM-7348.NASL description IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator last seen 2020-06-01 modified 2020-06-02 plugin id 52632 published 2011-03-11 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52632 title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7348) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-IBM-7440.NASL description IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator last seen 2020-06-01 modified 2020-06-02 plugin id 57203 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57203 title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7440) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_41168.NASL description s700_800 11.31 KRB5-Client Version 1.3.5.03 Cumulative patch : Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 47149 published 2010-06-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47149 title HP-UX PHSS_41168 : HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02544 SSRT100107 rev.1) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0013.NASL description a. Service Console update for cpio The service console package cpio is updated to version 2.5-6.RHEL3 for ESX 3.x versions and updated to version 2.6-23.el5_4.1 for ESX 4.x versions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues addressed in the update for ESX 3.x and the names CVE-2007-4476 and CVE-2010-0624 to the issues addressed in the update for ESX 4.x. b. Service Console update for tar The service console package tar is updated to version 1.13.25-16.RHEL3 for ESX 3.x versions and updated to version 1.15.1-23.0.1.el5_4.2 for ESX 4.x versions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0624 to the issue addressed in the update for ESX 3.x and the names CVE-2007-4476 and CVE-2010-0624 to the issues addressed in the update for ESX 4.x. c. Service Console update for samba The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2063 to the issue addressed in this update. Note : The issue mentioned above is present in the Samba server (smbd) and is not present in the Samba client or Samba common packages. To determine if your system has Samba server installed do a last seen 2020-06-01 modified 2020-06-02 plugin id 49085 published 2010-09-02 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49085 title VMSA-2010-0013 : VMware ESX third-party updates for Service Console NASL family SuSE Local Security Checks NASL id SUSE9_12682.NASL description IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator last seen 2020-06-01 modified 2020-06-02 plugin id 52629 published 2011-03-11 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52629 title SuSE9 Security Update : IBMJava JRE and SDK (YOU Patch Number 12682) NASL family Databases NASL id ORACLE_RDBMS_CPU_OCT_2010.NASL description The remote Oracle database server is missing the October 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Enterprise Manager Console - Java Virtual Machine - Change Data Capture - OLAP - Job Queue - XDK - Core RDBMS - Perl last seen 2020-06-02 modified 2010-11-18 plugin id 50652 published 2010-11-18 reporter This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50652 title Oracle Database Multiple Vulnerabilities (October 2010 CPU) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0880.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 63983 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63983 title RHEL 5 : IBM Java Runtime (RHSA-2011:0880) NASL family SuSE Local Security Checks NASL id SUSE_11_2_KRB5-100521.NASL description This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C)) last seen 2020-06-01 modified 2020-06-02 plugin id 46730 published 2010-05-26 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46730 title openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-SUN-101019.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html last seen 2020-06-01 modified 2020-06-02 plugin id 50919 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50919 title SuSE 11 / 11.1 Security Update : Java 1.6.0 (SAT Patch Numbers 3347 / 3349) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_4_2-IBM-110223.NASL description IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and security issues. The following security issues were fixed : - The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator last seen 2020-06-01 modified 2020-06-02 plugin id 52631 published 2011-03-11 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52631 title SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4024) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-SUN-7204.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked for this update: CVE-2010-3556 / CVE-2010-3562 / CVE-2010-3565 / CVE-2010-3566 / CVE-2010-3567 / CVE-2010-3571 / CVE-2010-3554 / CVE-2010-3563 / CVE-2010-3568 / CVE-2010-3569 / CVE-2010-3558 / CVE-2010-3552 / CVE-2010-3559 / CVE-2010-3572 / CVE-2010-3553 / CVE-2010-3555 / CVE-2010-3550 / CVE-2010-3570 / CVE-2010-3561 / CVE-2009-3555 / CVE-2010-1321 / CVE-2010-3549 / CVE-2010-3557 / CVE-2010-3541 / CVE-2010-3573 / CVE-2010-3574 / CVE-2010-3548 / CVE-2010-3551 / CVE-2010-3560 last seen 2020-06-01 modified 2020-06-02 plugin id 51751 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51751 title SuSE 10 Security Update : Sun Java 1.6.0 (ZYPP Patch Number 7204) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0987.NASL description Updated java-1.6.0-ibm packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 51197 published 2010-12-16 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51197 title RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2010:0987) NASL family Fedora Local Security Checks NASL id FEDORA_2010-8805.NASL description Shawn Emery discovered a remotely-triggerable NULL pointer dereference in the Kerberos GSS-API library which could be used to cause GSS-API-authenticated services to crash. This update incorporates fixes to instead correctly detect the error and return an error code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47513 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47513 title Fedora 12 : krb5-1.7.1-9.fc12 (2010-8805) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0423.NASL description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Program Interface (GSS-API) library. A remote, authenticated attacker could use this flaw to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field. (CVE-2010-1321) Red Hat would like to thank the MIT Kerberos Team for responsibly reporting this issue. Upstream acknowledges Shawn Emery of Oracle as the original reporter. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running services using the MIT Kerberos libraries must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 46694 published 2010-05-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46694 title CentOS 3 / 4 / 5 : krb5 (CESA-2010:0423) NASL family Misc. NASL id VMWARE_VMSA-2011-0003_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5 last seen 2020-06-01 modified 2020-06-02 plugin id 89674 published 2016-03-04 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89674 title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0935.NASL description Updated java-1.4.2-ibm packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.4.2 SR13-FP7 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes two vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 50870 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50870 title RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2010:0935) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0423.NASL description From Red Hat Security Advisory 2010:0423 : Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Program Interface (GSS-API) library. A remote, authenticated attacker could use this flaw to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field. (CVE-2010-1321) Red Hat would like to thank the MIT Kerberos Team for responsibly reporting this issue. Upstream acknowledges Shawn Emery of Oracle as the original reporter. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running services using the MIT Kerberos libraries must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68041 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68041 title Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2010-0423) NASL family Scientific Linux Local Security Checks NASL id SL_20101014_JAVA__JDK_1_6_0__ON_SL4_X.NASL description This update fixes several vulnerabilities in the Java 6 Software Development Kit. Further information about these flaws can be found on the last seen 2020-06-01 modified 2020-06-02 plugin id 60869 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60869 title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_1_KRB5-100521.NASL description This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C)) last seen 2020-06-01 modified 2020-06-02 plugin id 46728 published 2010-05-26 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46728 title openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-SUN-101019.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560 last seen 2020-06-01 modified 2020-06-02 plugin id 50298 published 2010-10-22 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50298 title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1) NASL family Misc. NASL id ORACLE_JAVA_CPU_OCT_2010_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 64843 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64843 title Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-940-1.NASL description It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. (CVE-2010-1320, CVE-2010-1321). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 46688 published 2010-05-20 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46688 title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 : krb5 vulnerabilities (USN-940-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0423.NASL description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Program Interface (GSS-API) library. A remote, authenticated attacker could use this flaw to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field. (CVE-2010-1321) Red Hat would like to thank the MIT Kerberos Team for responsibly reporting this issue. Upstream acknowledges Shawn Emery of Oracle as the original reporter. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running services using the MIT Kerberos libraries must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 46665 published 2010-05-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46665 title RHEL 3 / 4 / 5 : krb5 (RHSA-2010:0423) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0807.NASL description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 50360 published 2010-10-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50360 title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0807) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-100.NASL description A vulnerability has been found and corrected in krb5 : Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a NULL pointer dereference in the GSS-API library (CVE-2010-1321). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 46678 published 2010-05-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46678 title Mandriva Linux Security Advisory : krb5 (MDVSA-2010:100) NASL family SuSE Local Security Checks NASL id SUSE_11_KRB5-100520.NASL description This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C)) last seen 2020-06-01 modified 2020-06-02 plugin id 50927 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50927 title SuSE 11 Security Update : krb5 (SAT Patch Number 2437) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0013_REMOTE.NASL description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - GNU cpio - GNU cpio on 64-bit - GNU tar - Kerberos 5 - Perl - PostgreSQL - Safe Module for Perl Automagic Methods - Samba smbd last seen 2020-06-01 modified 2020-06-02 plugin id 89741 published 2016-03-08 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89741 title VMware ESX Multiple Vulnerabilities (VMSA-2010-0013) (remote check) NASL family Fedora Local Security Checks NASL id FEDORA_2010-8796.NASL description Shawn Emery discovered a remotely-triggerable NULL pointer dereference in the Kerberos GSS-API library which could be used to cause GSS-API-authenticated services to crash. This update incorporates fixes to instead correctly detect the error and return an error code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47512 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47512 title Fedora 11 : krb5-1.6.3-31.fc11 (2010-8796) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-101220.NASL description IBM Java 6 SR9 was released which fixes a lot of security issues. IBM JDK Alerts can also be found on this page: http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-01 modified 2020-06-02 plugin id 51667 published 2011-01-25 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51667 title SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 3724) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0770.NASL description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the last seen 2020-06-01 modified 2020-06-02 plugin id 49990 published 2010-10-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49990 title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0770) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2011-0015.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix for (CVE-2011-4862) - incorporate a fix to teach the file labeling bits about when replay caches are expunged (#712453) - rebuild - ftp: handle larger command inputs (#665833) - don last seen 2020-06-01 modified 2020-06-02 plugin id 79475 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79475 title OracleVM 2.2 : krb5 (OVMSA-2011-0015) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-940-2.NASL description USN-940-1 fixed vulnerabilities in Kerberos. This update provides the corresponding updates for Ubuntu 10.04. Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. (CVE-2010-1320, CVE-2010-1321). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47799 published 2010-07-22 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47799 title Ubuntu 10.04 LTS : krb5 vulnerability (USN-940-2) NASL family SuSE Local Security Checks NASL id SUSE_11_0_KRB5-100521.NASL description This update fixes a denial-of-service vulnerability in kadmind. A remote attack can send a malformed GSS-API token that triggers a NULL pointer dereference. (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C)) last seen 2020-06-01 modified 2020-06-02 plugin id 46727 published 2010-05-26 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46727 title openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-13.NASL description The remote host is affected by the vulnerability described in GLSA-201201-13 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the administration daemon or the Key Distribution Center (KDC) daemon, cause a Denial of Service condition, or possibly obtain sensitive information. Furthermore, a remote attacker may be able to spoof Kerberos authorization, modify KDC responses, forge user data messages, forge tokens, forge signatures, impersonate a client, modify user-visible prompt text, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57655 published 2012-01-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57655 title GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0152.NASL description Updated java-1.4.2-ibm packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes two vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 51561 published 2011-01-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51561 title RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2011:0152) NASL family SuSE Local Security Checks NASL id SUSE_11_3_JAVA-1_6_0-SUN-101019.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560 last seen 2020-06-01 modified 2020-06-02 plugin id 75540 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75540 title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)
Oval
accepted 2013-04-29T04:14:56.151-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. family unix id oval:org.mitre.oval:def:11604 status accepted submitted 2010-07-09T03:56:16-04:00 title The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. version 27 accepted 2014-01-20T04:01:32.932-05:00 class vulnerability contributors name Varun organization Hewlett-Packard name Chris Coffin organization The MITRE Corporation
definition_extensions comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887 comment VMware ESX Server 4.0 is installed oval oval:org.mitre.oval:def:6293
description The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. family unix id oval:org.mitre.oval:def:7198 status accepted submitted 2010-10-01T16:37:39.000-05:00 title VMware ESX,Service Console update for krb5. version 7 accepted 2015-04-20T04:02:34.728-04:00 class vulnerability contributors name Chandan M C organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. family unix id oval:org.mitre.oval:def:7450 status accepted submitted 2010-10-25T11:35:23.000-05:00 title HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code version 48
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description BUGTRAQ ID: 40235 CVE ID: CVE-2010-1321 Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。 MIT Kerberos的GSS-API库中存在空指针引用错误,通过认证的远程攻击者可以通过发送缺少校验和字段的特制GSS-API令牌来利用这个漏洞,导致使用GSS-API认证机制的服务器应用崩溃。 MIT Kerberos 5 1.8 MIT Kerberos 5 1.7 MIT Kerberos 5 1.6 厂商补丁: MIT --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://web.mit.edu/kerberos/advisories/2010-005-patch.txt http://web.mit.edu/kerberos/advisories/2010-005-patch.txt.asc http://web.mit.edu/kerberos/advisories/2010-005-patch_r16.txt http://web.mit.edu/kerberos/advisories/2010-005-patch_r16.txt.asc RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2010:0423-01)以及相应补丁: RHSA-2010:0423-01:Important: krb5 security update 链接:https://www.redhat.com/support/errata/RHSA-2010-0423.html id SSV:19661 last seen 2017-11-19 modified 2010-05-20 published 2010-05-20 reporter Root title MIT Kerberos GSS-API校验和空指针引用拒绝服务漏洞 bulletinFamily exploit description CVE ID: CVE-2005-4268,CVE-2010-0624,CVE-2007-4476,CVE-2010-2063,CVE-2010-1321,CVE-2010-1168,CVE-2010-1447,CVE-2008-5302,CVE-2008-5303 VMware ESX Server是为适用于任何系统环境的企业级虚拟计算机软件。 ESX Console OS (COS)在cpio、tar、perl、krb5、samba等应用的实现上存在多个漏洞,其中最严重的漏洞可造成服务器拒绝服务或执行任意代码。 0 VMWare ESX Server 厂商补丁: VMWare ------ VMWare已经为此发布了一个安全公告(VMSA-2010-0013)以及相应补丁: VMSA-2010-0013:VMware ESX third party updates for Service Console 链接:http://www.vmware.com/security/advisories/VMSA-2010-0013.html id SSV:30015 last seen 2017-11-19 modified 2012-01-13 published 2012-01-13 reporter Root title VMware ESX Service Console多个安全漏洞
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
- http://marc.info/?l=bugtraq&m=134254866602253&w=2
- http://osvdb.org/64744
- http://secunia.com/advisories/39762
- http://secunia.com/advisories/39784
- http://secunia.com/advisories/39799
- http://secunia.com/advisories/39818
- http://secunia.com/advisories/39849
- http://secunia.com/advisories/40346
- http://secunia.com/advisories/40685
- http://secunia.com/advisories/41967
- http://secunia.com/advisories/42432
- http://secunia.com/advisories/42974
- http://secunia.com/advisories/43335
- http://secunia.com/advisories/44954
- http://support.avaya.com/css/P8/documents/100114315
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
- http://www.debian.org/security/2010/dsa-2052
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:100
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
- http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
- http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
- http://www.redhat.com/support/errata/RHSA-2010-0423.html
- http://www.redhat.com/support/errata/RHSA-2010-0770.html
- http://www.redhat.com/support/errata/RHSA-2010-0807.html
- http://www.redhat.com/support/errata/RHSA-2010-0873.html
- http://www.redhat.com/support/errata/RHSA-2010-0935.html
- http://www.redhat.com/support/errata/RHSA-2010-0987.html
- http://www.redhat.com/support/errata/RHSA-2011-0152.html
- http://www.redhat.com/support/errata/RHSA-2011-0880.html
- http://www.securityfocus.com/archive/1/511331/100/0/threaded
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- http://www.securityfocus.com/bid/40235
- http://www.ubuntu.com/usn/USN-940-1
- http://www.ubuntu.com/usn/USN-940-2
- http://www.us-cert.gov/cas/techalerts/TA10-287A.html
- http://www.us-cert.gov/cas/techalerts/TA11-201A.html
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://www.vupen.com/english/advisories/2010/1177
- http://www.vupen.com/english/advisories/2010/1192
- http://www.vupen.com/english/advisories/2010/1193
- http://www.vupen.com/english/advisories/2010/1196
- http://www.vupen.com/english/advisories/2010/1222
- http://www.vupen.com/english/advisories/2010/1574
- http://www.vupen.com/english/advisories/2010/1882
- http://www.vupen.com/english/advisories/2010/3112
- http://www.vupen.com/english/advisories/2011/0134
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450