Vulnerabilities > CVE-2013-4134 - Cryptographic Issues vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
openafs
debian
CWE-310
nessus
NVD
Published: 2013-11-05
Updated: 2016-08-24

Summary

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

Vulnerable Configurations

Part Description Count
Application
Openafs
110
OS
Debian
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201404-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201404-05 (OpenAFS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenAFS. Please review the CVE identifiers referenced below for details. Impact : An attacker could potentially execute arbitrary code with the permissions of the user running the AFS server, cause a Denial of Service condition, or gain access to sensitive information. Additionally, an attacker could compromise a cell’s private key, allowing them to impersonate any user in the cell. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id73394
    published2014-04-08
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73394
    titleGLSA-201404-05 : OpenAFS: Multiple vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201404-05.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(73394);
  script_version("1.6");
  script_cvs_date("Date: 2018/07/12 19:01:15");

  script_cve_id("CVE-2009-1250", "CVE-2009-1251", "CVE-2011-0430", "CVE-2011-0431", "CVE-2013-1794", "CVE-2013-1795", "CVE-2013-4134", "CVE-2013-4135");
  script_bugtraq_id(34404, 34407, 46428, 58299, 58300, 61438, 61439);
  script_xref(name:"GLSA", value:"201404-05");

  script_name(english:"GLSA-201404-05 : OpenAFS: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201404-05
(OpenAFS: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenAFS. Please review
      the CVE identifiers referenced below for details.
  
Impact :

    An attacker could potentially execute arbitrary code with the
      permissions of the user running the AFS server, cause a Denial of Service
      condition, or gain access to sensitive information. Additionally, an
      attacker could compromise a cell’s private key, allowing them to
      impersonate any user in the cell.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201404-05"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All OpenAFS users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=net-fs/openafs-1.6.5'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openafs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-fs/openafs", unaffected:make_list("ge 1.6.5"), vulnerable:make_list("lt 1.6.5"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenAFS");
}
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C4D412C8F4D111E2B86C000C295229D5.NASL
    descriptionOpenAFS Project reports : The small size of the DES key space permits an attacker to brute force a cell
    last seen2020-06-01
    modified2020-06-02
    plugin id69066
    published2013-07-26
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69066
    titleFreeBSD : openafs -- single-DES cell-wide key brute-force vulnerability (c4d412c8-f4d1-11e2-b86c-000c295229d5)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-244.NASL
    descriptionMultiple vulnerabilities has been found and corrected in openafs : Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry (CVE-2013-1794). Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow (CVE-2013-1795). OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key (CVE-2013-4134). The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network (CVE-2013-4135). Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument (CVE-2014-0159). A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior (CVE-2014-3660). The updated packages have been upgraded to the 1.4.15 version and patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79989
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79989
    titleMandriva Linux Security Advisory : openafs (MDVSA-2014:244)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130724_OPENAFS_ON_SL5_X.NASL
    descriptionOpenAFS uses Kerberos tickets to secure network traffic. For historical reasons, it has only supported the DES encryption algorithm to encrypt these tickets. The weakness of DES
    last seen2020-03-18
    modified2013-07-26
    plugin id69068
    published2013-07-26
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69068
    titleScientific Linux Security Update : openafs on SL5.x, SL6.x i386/x86_64 (20130724)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2729.NASL
    descriptionOpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003 In addition the
    last seen2020-03-17
    modified2013-07-30
    plugin id69107
    published2013-07-30
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69107
    titleDebian DSA-2729-1 : openafs - several vulnerabilities

References