Vulnerabilities > CVE-2013-1418 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1389.NASL description Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application last seen 2020-06-01 modified 2020-06-02 plugin id 78406 published 2014-10-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78406 title RHEL 6 : krb5 (RHSA-2014:1389) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1389. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(78406); script_version("1.18"); script_cvs_date("Date: 2019/10/24 15:35:39"); script_cve_id("CVE-2013-1418", "CVE-2013-6800", "CVE-2014-4341", "CVE-2014-4342", "CVE-2014-4343", "CVE-2014-4344", "CVE-2014-4345"); script_bugtraq_id(63555, 63770, 68908, 68909, 69159, 69160, 69168); script_xref(name:"RHSA", value:"2014:1389"); script_name(english:"RHEL 6 : krb5 (RHSA-2014:1389)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b5caa05f" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1389" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-1418" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-4341" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-4344" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6800" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-4345" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-4343" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-4342" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:1389"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"krb5-debuginfo-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"krb5-devel-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"krb5-libs-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"krb5-pkinit-openssl-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"krb5-pkinit-openssl-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"krb5-pkinit-openssl-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"krb5-server-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"krb5-server-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"krb5-server-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"krb5-server-ldap-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"krb5-workstation-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"krb5-workstation-1.10.3-33.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"krb5-workstation-1.10.3-33.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit-openssl / etc"); } }NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-880.NASL description This update fixes the following security issue with krb5 : - bnc#849240, CVE-2013-1418: fix Multi-realm KDC null deref last seen 2020-06-05 modified 2014-06-13 plugin id 75208 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75208 title openSUSE Security Update : krb5 (openSUSE-SU-2013:1738-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-880. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75208); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-1418"); script_bugtraq_id(63555); script_name(english:"openSUSE Security Update : krb5 (openSUSE-SU-2013:1738-1)"); script_summary(english:"Check for the openSUSE-2013-880 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes the following security issue with krb5 : - bnc#849240, CVE-2013-1418: fix Multi-realm KDC null deref" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849240" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"krb5-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-client-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-client-debuginfo-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-debuginfo-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-debugsource-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-devel-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-mini-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-mini-debuginfo-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-mini-debugsource-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-mini-devel-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-plugin-kdb-ldap-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-plugin-kdb-ldap-debuginfo-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-plugin-preauth-pkinit-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-server-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"krb5-server-debuginfo-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"krb5-32bit-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"krb5-devel-32bit-1.10.2-3.25.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-client-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-client-debuginfo-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-debuginfo-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-debugsource-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-devel-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-mini-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-mini-debuginfo-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-mini-debugsource-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-mini-devel-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-plugin-kdb-ldap-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-plugin-kdb-ldap-debuginfo-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-plugin-preauth-pkinit-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-server-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"krb5-server-debuginfo-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"krb5-32bit-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.10.2-10.22.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"krb5-devel-32bit-1.10.2-10.22.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1389.NASL description From Red Hat Security Advisory 2014:1389 : Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application last seen 2020-06-01 modified 2020-06-02 plugin id 78523 published 2014-10-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78523 title Oracle Linux 6 : krb5 (ELSA-2014-1389) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1389 and # Oracle Linux Security Advisory ELSA-2014-1389 respectively. # include("compat.inc"); if (description) { script_id(78523); script_version("1.9"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2013-1418", "CVE-2013-6800", "CVE-2014-4341", "CVE-2014-4342", "CVE-2014-4343", "CVE-2014-4344", "CVE-2014-4345"); script_bugtraq_id(63555, 63770, 68908, 68909, 69159, 69160, 69168); script_xref(name:"RHSA", value:"2014:1389"); script_name(english:"Oracle Linux 6 : krb5 (ELSA-2014-1389)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:1389 : Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004528.html" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-pkinit-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"krb5-devel-1.10.3-33.el6")) flag++; if (rpm_check(release:"EL6", reference:"krb5-libs-1.10.3-33.el6")) flag++; if (rpm_check(release:"EL6", reference:"krb5-pkinit-openssl-1.10.3-33.el6")) flag++; if (rpm_check(release:"EL6", reference:"krb5-server-1.10.3-33.el6")) flag++; if (rpm_check(release:"EL6", reference:"krb5-server-ldap-1.10.3-33.el6")) flag++; if (rpm_check(release:"EL6", reference:"krb5-workstation-1.10.3-33.el6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-275.NASL description Updated krb5 package fixes security vulnerabily : If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a NULL pointer, crashing the KDC. This can be triggered by an unauthenticated user (CVE-2013-1418). last seen 2020-06-01 modified 2020-06-02 plugin id 71029 published 2013-11-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71029 title Mandriva Linux Security Advisory : krb5 (MDVSA-2013:275) NASL family Scientific Linux Local Security Checks NASL id SL_20141014_KRB5_ON_SL6_X.NASL description It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application last seen 2020-03-18 modified 2014-11-04 plugin id 78846 published 2014-11-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78846 title Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20141014) NASL family Fedora Local Security Checks NASL id FEDORA_2013-21786.NASL description This update incorporates a fix for a bug which could cause clients which attempted to contact servers using TCP to become wedge. This update incorporates fixes for a possible remotely-triggered crash in KDCs which are configured to serve multiple realms at once (CVE-2013-1418), and another which could occur while the KDC processed certain requests using referrals (CVE-2013-1417). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-04 plugin id 71181 published 2013-12-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71181 title Fedora 19 : krb5-1.11.3-13.fc19 (2013-21786) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0034.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - actually apply that last patch - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) - ksu: when evaluating .k5users, don last seen 2020-06-01 modified 2020-06-02 plugin id 79549 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79549 title OracleVM 3.3 : krb5 (OVMSA-2014-0034) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2310-1.NASL description It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1016) It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415) It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ requests. A remote authenticated attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1416) It was discovered that Kerberos incorrectly handled certain crafted requests when multiple realms were configured. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1418, CVE-2013-6800) It was discovered that Kerberos incorrectly handled certain invalid tokens. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4341, CVE-2014-4342) It was discovered that Kerberos incorrectly handled certain mechanisms when used with SPNEGO. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to cause clients to crash, resulting in a denial of service. (CVE-2014-4343) It was discovered that Kerberos incorrectly handled certain continuation tokens during SPNEGO negotiations. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4344) Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4345). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77147 published 2014-08-12 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77147 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : krb5 vulnerabilities (USN-2310-1) NASL family Scientific Linux Local Security Checks NASL id SL_20140916_KRB5_ON_SL5_X.NASL description It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application last seen 2020-03-18 modified 2014-10-14 plugin id 78418 published 2014-10-14 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78418 title Scientific Linux Security Update : krb5 on SL5.x i386/x86_64 (20140916) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1245.NASL description Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application last seen 2020-06-01 modified 2020-06-02 plugin id 77698 published 2014-09-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77698 title RHEL 5 : krb5 (RHSA-2014:1245) NASL family SuSE Local Security Checks NASL id SUSE_11_KRB5-131108.NASL description This update for krb5 fixes the following security issue : - If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a NULL pointer, crashing the KDC. (CVE-2013-1418) last seen 2020-06-05 modified 2013-12-14 plugin id 71425 published 2013-12-14 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71425 title SuSE 11.2 / 11.3 Security Update : krb5 (SAT Patch Numbers 8533 / 8534) NASL family Fedora Local Security Checks NASL id FEDORA_2013-20687.NASL description This update incorporates a backported fix to make libgssapi_krb5 last seen 2020-03-17 modified 2013-11-12 plugin id 70839 published 2013-11-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70839 title Fedora 20 : krb5-1.11.3-29.fc20 (2013-20687) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1389.NASL description Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application last seen 2020-06-01 modified 2020-06-02 plugin id 79178 published 2014-11-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79178 title CentOS 6 : krb5 (CESA-2014:1389) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1265.NASL description Kerberos, a system for authenticating users and services on a network, was affected by several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2013-1418 Kerberos allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request when multiple realms are configured. CVE-2014-5351 Kerberos sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5353 When the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. CVE-2014-5355 Kerberos expects that a krb5_read_message data field is represented as a string ending with a last seen 2020-03-17 modified 2018-02-01 plugin id 106536 published 2018-02-01 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106536 title Debian DLA-1265-1 : krb5 security update NASL family Solaris Local Security Checks NASL id SOLARIS11_KERBEROS_20140219.NASL description The remote Solaris system is missing necessary patches to address security updates : - do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal. (CVE-2013-1417) - The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. (CVE-2013-1418) last seen 2020-06-01 modified 2020-06-02 plugin id 80654 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80654 title Oracle Solaris Third-Party Patch Update : kerberos (multiple_vulnerabilities_in_kerberos1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1245.NASL description From Red Hat Security Advisory 2014:1245 : Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application last seen 2020-06-01 modified 2020-06-02 plugin id 77738 published 2014-09-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77738 title Oracle Linux 5 : krb5 (ELSA-2014-1245) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-941.NASL description the following security issues were fixed in krb5 : - Fix a KDC NULL pointer dereference [CVE-2013-1417] that could affect realms with an uncommon configuration. (bnc#850660) bug-850660-CVE-2013-1417-KDC-null-deref-due-to-referrals .dif - Fix a KDC NULL pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms. (bnc#849240) bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref. dif last seen 2020-06-05 modified 2014-06-13 plugin id 75222 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75222 title openSUSE Security Update : krb5 (openSUSE-SU-2013:1833-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201312-12.NASL description The remote host is affected by the vulnerability described in GLSA-201312-12 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Additionally, a remote attacker could impersonate a kadmind server and send a specially crafted packet to the password change port, which can result in a ping-pong condition and a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71487 published 2013-12-17 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71487 title GLSA-201312-12 : MIT Kerberos 5: Multiple vulnerabilities NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-443.NASL description It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418 , CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application last seen 2020-06-01 modified 2020-06-02 plugin id 79292 published 2014-11-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79292 title Amazon Linux AMI : krb5 (ALAS-2014-443) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1245.NASL description Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application last seen 2020-06-01 modified 2020-06-02 plugin id 77992 published 2014-10-01 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77992 title CentOS 5 : krb5 (CESA-2014:1245) NASL family General NASL id MIT_KERBEROS_CVE-2013-1418.NASL description The Kerberos service running on the remote host is affected by a remote denial of service (DoS) vulnerability. Attackers can exploit this issue to crash the affected KDC service, resulting in DoS conditions. last seen 2020-06-01 modified 2020-06-02 plugin id 70941 published 2013-11-18 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70941 title MIT Kerberos 5 setup_server_realm() Remote DoS
Redhat
| rpms |
|
References
- http://web.mit.edu/kerberos/krb5-1.10/README-1.10.7.txt
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757
- https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d
- http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1026942
- http://advisories.mageia.org/MGASA-2013-0335.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html
- http://www.securityfocus.com/bid/63555
- https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html