Vulnerabilities > CVE-2013-1418 - Null Pointer Dereference vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1389.NASL
    descriptionUpdated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application
    last seen2020-06-01
    modified2020-06-02
    plugin id78406
    published2014-10-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78406
    titleRHEL 6 : krb5 (RHSA-2014:1389)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1389. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78406);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2013-1418", "CVE-2013-6800", "CVE-2014-4341", "CVE-2014-4342", "CVE-2014-4343", "CVE-2014-4344", "CVE-2014-4345");
      script_bugtraq_id(63555, 63770, 68908, 68909, 69159, 69160, 69168);
      script_xref(name:"RHSA", value:"2014:1389");
    
      script_name(english:"RHEL 6 : krb5 (RHSA-2014:1389)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated krb5 packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Kerberos is a networked authentication system which allows clients and
    servers to authenticate to each other with the help of a trusted third
    party, the Kerberos KDC.
    
    It was found that if a KDC served multiple realms, certain requests
    could cause the setup_server_realm() function to dereference a NULL
    pointer. A remote, unauthenticated attacker could use this flaw to
    crash the KDC using a specially crafted request. (CVE-2013-1418,
    CVE-2013-6800)
    
    A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO
    acceptor for continuation tokens. A remote, unauthenticated attacker
    could use this flaw to crash a GSSAPI-enabled server application.
    (CVE-2014-4344)
    
    A buffer overflow was found in the KADM5 administration server
    (kadmind) when it was used with an LDAP back end for the KDC database.
    A remote, authenticated attacker could potentially use this flaw to
    execute arbitrary code on the system running kadmind. (CVE-2014-4345)
    
    Two buffer over-read flaws were found in the way MIT Kerberos handled
    certain requests. A remote, unauthenticated attacker who is able to
    inject packets into a client or server application's GSSAPI session
    could use either of these flaws to crash the application.
    (CVE-2014-4341, CVE-2014-4342)
    
    A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An
    attacker able to spoof packets to appear as though they are from an
    GSSAPI acceptor could use this flaw to crash a client application that
    uses MIT Kerberos. (CVE-2014-4343)
    
    These updated krb5 packages also include several bug fixes. Space
    precludes documenting all of these changes in this advisory. Users are
    directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked
    to in the References section, for information on the most significant
    of these changes.
    
    All krb5 users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b5caa05f"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-1418"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4341"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6800"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4345"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4342"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1389";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"krb5-debuginfo-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"krb5-devel-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"krb5-libs-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"krb5-pkinit-openssl-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"krb5-pkinit-openssl-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"krb5-pkinit-openssl-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"krb5-server-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"krb5-server-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"krb5-server-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"krb5-server-ldap-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"krb5-workstation-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"krb5-workstation-1.10.3-33.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"krb5-workstation-1.10.3-33.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit-openssl / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-880.NASL
    descriptionThis update fixes the following security issue with krb5 : - bnc#849240, CVE-2013-1418: fix Multi-realm KDC null deref
    last seen2020-06-05
    modified2014-06-13
    plugin id75208
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75208
    titleopenSUSE Security Update : krb5 (openSUSE-SU-2013:1738-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-880.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75208);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1418");
      script_bugtraq_id(63555);
    
      script_name(english:"openSUSE Security Update : krb5 (openSUSE-SU-2013:1738-1)");
      script_summary(english:"Check for the openSUSE-2013-880 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security issue with krb5 :
    
      - bnc#849240, CVE-2013-1418: fix Multi-realm KDC null
        deref"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-client-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-client-debuginfo-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-debuginfo-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-debugsource-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-devel-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-mini-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-mini-debuginfo-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-mini-debugsource-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-mini-devel-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-plugin-kdb-ldap-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-plugin-kdb-ldap-debuginfo-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-plugin-preauth-pkinit-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-server-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"krb5-server-debuginfo-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"krb5-32bit-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"krb5-devel-32bit-1.10.2-3.25.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-client-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-client-debuginfo-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-debuginfo-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-debugsource-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-devel-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-mini-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-mini-debuginfo-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-mini-debugsource-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-mini-devel-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-plugin-kdb-ldap-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-plugin-kdb-ldap-debuginfo-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-plugin-preauth-pkinit-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-server-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"krb5-server-debuginfo-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"krb5-32bit-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.10.2-10.22.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"krb5-devel-32bit-1.10.2-10.22.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1389.NASL
    descriptionFrom Red Hat Security Advisory 2014:1389 : Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application
    last seen2020-06-01
    modified2020-06-02
    plugin id78523
    published2014-10-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78523
    titleOracle Linux 6 : krb5 (ELSA-2014-1389)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2014:1389 and 
    # Oracle Linux Security Advisory ELSA-2014-1389 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78523);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2013-1418", "CVE-2013-6800", "CVE-2014-4341", "CVE-2014-4342", "CVE-2014-4343", "CVE-2014-4344", "CVE-2014-4345");
      script_bugtraq_id(63555, 63770, 68908, 68909, 69159, 69160, 69168);
      script_xref(name:"RHSA", value:"2014:1389");
    
      script_name(english:"Oracle Linux 6 : krb5 (ELSA-2014-1389)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2014:1389 :
    
    Updated krb5 packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Kerberos is a networked authentication system which allows clients and
    servers to authenticate to each other with the help of a trusted third
    party, the Kerberos KDC.
    
    It was found that if a KDC served multiple realms, certain requests
    could cause the setup_server_realm() function to dereference a NULL
    pointer. A remote, unauthenticated attacker could use this flaw to
    crash the KDC using a specially crafted request. (CVE-2013-1418,
    CVE-2013-6800)
    
    A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO
    acceptor for continuation tokens. A remote, unauthenticated attacker
    could use this flaw to crash a GSSAPI-enabled server application.
    (CVE-2014-4344)
    
    A buffer overflow was found in the KADM5 administration server
    (kadmind) when it was used with an LDAP back end for the KDC database.
    A remote, authenticated attacker could potentially use this flaw to
    execute arbitrary code on the system running kadmind. (CVE-2014-4345)
    
    Two buffer over-read flaws were found in the way MIT Kerberos handled
    certain requests. A remote, unauthenticated attacker who is able to
    inject packets into a client or server application's GSSAPI session
    could use either of these flaws to crash the application.
    (CVE-2014-4341, CVE-2014-4342)
    
    A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An
    attacker able to spoof packets to appear as though they are from an
    GSSAPI acceptor could use this flaw to crash a client application that
    uses MIT Kerberos. (CVE-2014-4343)
    
    These updated krb5 packages also include several bug fixes. Space
    precludes documenting all of these changes in this advisory. Users are
    directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked
    to in the References section, for information on the most significant
    of these changes.
    
    All krb5 users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004528.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-pkinit-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-workstation");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"krb5-devel-1.10.3-33.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-libs-1.10.3-33.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-pkinit-openssl-1.10.3-33.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-server-1.10.3-33.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-server-ldap-1.10.3-33.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"krb5-workstation-1.10.3-33.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-pkinit-openssl / krb5-server / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-275.NASL
    descriptionUpdated krb5 package fixes security vulnerabily : If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a NULL pointer, crashing the KDC. This can be triggered by an unauthenticated user (CVE-2013-1418).
    last seen2020-06-01
    modified2020-06-02
    plugin id71029
    published2013-11-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71029
    titleMandriva Linux Security Advisory : krb5 (MDVSA-2013:275)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141014_KRB5_ON_SL6_X.NASL
    descriptionIt was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application
    last seen2020-03-18
    modified2014-11-04
    plugin id78846
    published2014-11-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78846
    titleScientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20141014)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-21786.NASL
    descriptionThis update incorporates a fix for a bug which could cause clients which attempted to contact servers using TCP to become wedge. This update incorporates fixes for a possible remotely-triggered crash in KDCs which are configured to serve multiple realms at once (CVE-2013-1418), and another which could occur while the KDC processed certain requests using referrals (CVE-2013-1417). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-04
    plugin id71181
    published2013-12-04
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71181
    titleFedora 19 : krb5-1.11.3-13.fc19 (2013-21786)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0034.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - actually apply that last patch - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) - ksu: when evaluating .k5users, don
    last seen2020-06-01
    modified2020-06-02
    plugin id79549
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79549
    titleOracleVM 3.3 : krb5 (OVMSA-2014-0034)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2310-1.NASL
    descriptionIt was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1016) It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415) It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ requests. A remote authenticated attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1416) It was discovered that Kerberos incorrectly handled certain crafted requests when multiple realms were configured. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1418, CVE-2013-6800) It was discovered that Kerberos incorrectly handled certain invalid tokens. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4341, CVE-2014-4342) It was discovered that Kerberos incorrectly handled certain mechanisms when used with SPNEGO. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to cause clients to crash, resulting in a denial of service. (CVE-2014-4343) It was discovered that Kerberos incorrectly handled certain continuation tokens during SPNEGO negotiations. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4344) Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4345). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id77147
    published2014-08-12
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77147
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : krb5 vulnerabilities (USN-2310-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140916_KRB5_ON_SL5_X.NASL
    descriptionIt was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application
    last seen2020-03-18
    modified2014-10-14
    plugin id78418
    published2014-10-14
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78418
    titleScientific Linux Security Update : krb5 on SL5.x i386/x86_64 (20140916)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1245.NASL
    descriptionUpdated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application
    last seen2020-06-01
    modified2020-06-02
    plugin id77698
    published2014-09-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77698
    titleRHEL 5 : krb5 (RHSA-2014:1245)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KRB5-131108.NASL
    descriptionThis update for krb5 fixes the following security issue : - If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a NULL pointer, crashing the KDC. (CVE-2013-1418)
    last seen2020-06-05
    modified2013-12-14
    plugin id71425
    published2013-12-14
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71425
    titleSuSE 11.2 / 11.3 Security Update : krb5 (SAT Patch Numbers 8533 / 8534)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-20687.NASL
    descriptionThis update incorporates a backported fix to make libgssapi_krb5
    last seen2020-03-17
    modified2013-11-12
    plugin id70839
    published2013-11-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70839
    titleFedora 20 : krb5-1.11.3-29.fc20 (2013-20687)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1389.NASL
    descriptionUpdated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application
    last seen2020-06-01
    modified2020-06-02
    plugin id79178
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79178
    titleCentOS 6 : krb5 (CESA-2014:1389)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1265.NASL
    descriptionKerberos, a system for authenticating users and services on a network, was affected by several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2013-1418 Kerberos allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request when multiple realms are configured. CVE-2014-5351 Kerberos sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5353 When the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. CVE-2014-5355 Kerberos expects that a krb5_read_message data field is represented as a string ending with a
    last seen2020-03-17
    modified2018-02-01
    plugin id106536
    published2018-02-01
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106536
    titleDebian DLA-1265-1 : krb5 security update
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_KERBEROS_20140219.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal. (CVE-2013-1417) - The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. (CVE-2013-1418)
    last seen2020-06-01
    modified2020-06-02
    plugin id80654
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80654
    titleOracle Solaris Third-Party Patch Update : kerberos (multiple_vulnerabilities_in_kerberos1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1245.NASL
    descriptionFrom Red Hat Security Advisory 2014:1245 : Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application
    last seen2020-06-01
    modified2020-06-02
    plugin id77738
    published2014-09-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77738
    titleOracle Linux 5 : krb5 (ELSA-2014-1245)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-941.NASL
    descriptionthe following security issues were fixed in krb5 : - Fix a KDC NULL pointer dereference [CVE-2013-1417] that could affect realms with an uncommon configuration. (bnc#850660) bug-850660-CVE-2013-1417-KDC-null-deref-due-to-referrals .dif - Fix a KDC NULL pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms. (bnc#849240) bug-849240-CVE-2013-1418-fix-multi-realm-kdc-null-deref. dif
    last seen2020-06-05
    modified2014-06-13
    plugin id75222
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75222
    titleopenSUSE Security Update : krb5 (openSUSE-SU-2013:1833-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201312-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201312-12 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Additionally, a remote attacker could impersonate a kadmind server and send a specially crafted packet to the password change port, which can result in a ping-pong condition and a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id71487
    published2013-12-17
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71487
    titleGLSA-201312-12 : MIT Kerberos 5: Multiple vulnerabilities
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-443.NASL
    descriptionIt was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418 , CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application
    last seen2020-06-01
    modified2020-06-02
    plugin id79292
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79292
    titleAmazon Linux AMI : krb5 (ALAS-2014-443)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1245.NASL
    descriptionUpdated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application
    last seen2020-06-01
    modified2020-06-02
    plugin id77992
    published2014-10-01
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77992
    titleCentOS 5 : krb5 (CESA-2014:1245)
  • NASL familyGeneral
    NASL idMIT_KERBEROS_CVE-2013-1418.NASL
    descriptionThe Kerberos service running on the remote host is affected by a remote denial of service (DoS) vulnerability. Attackers can exploit this issue to crash the affected KDC service, resulting in DoS conditions.
    last seen2020-06-01
    modified2020-06-02
    plugin id70941
    published2013-11-18
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70941
    titleMIT Kerberos 5 setup_server_realm() Remote DoS

Redhat

rpms
  • krb5-debuginfo-0:1.6.1-78.el5
  • krb5-devel-0:1.6.1-78.el5
  • krb5-libs-0:1.6.1-78.el5
  • krb5-server-0:1.6.1-78.el5
  • krb5-server-ldap-0:1.6.1-78.el5
  • krb5-workstation-0:1.6.1-78.el5
  • krb5-debuginfo-0:1.10.3-33.el6
  • krb5-devel-0:1.10.3-33.el6
  • krb5-libs-0:1.10.3-33.el6
  • krb5-pkinit-openssl-0:1.10.3-33.el6
  • krb5-server-0:1.10.3-33.el6
  • krb5-server-ldap-0:1.10.3-33.el6
  • krb5-workstation-0:1.10.3-33.el6