Vulnerabilities > CVE-2016-3119
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
Vulnerable Configurations
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1376.NASL description According to the version of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119067 published 2018-11-21 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119067 title EulerOS Virtualization 2.5.1 : krb5 (EulerOS-SA-2018-1376) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(119067); script_version("1.3"); script_cvs_date("Date: 2019/06/28 11:31:59"); script_cve_id( "CVE-2016-3119" ); script_name(english:"EulerOS Virtualization 2.5.1 : krb5 (EulerOS-SA-2018-1376)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1376 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d553d65"); script_set_attribute(attribute:"solution", value: "Update the affected krb5 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.1"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "2.5.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.1"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["krb5-devel-1.13.2-12.h3", "krb5-libs-1.13.2-12.h3", "krb5-pkinit-1.13.2-12.h3", "krb5-server-1.13.2-12.h3", "krb5-workstation-1.13.2-12.h3"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0994-1.NASL description This update for krb5 fixes the following security issue : - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a NULL pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 90506 published 2016-04-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90506 title SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2016:0994-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:0994-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(90506); script_version("2.9"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2016-3119"); script_name(english:"SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2016:0994-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for krb5 fixes the following security issue : - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a NULL pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=971942" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3119/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20160994-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9501dda5" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP1 : zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-586=1 SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2016-586=1 SUSE Linux Enterprise Server 12-SP1 : zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-586=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2016-586=1 SUSE Linux Enterprise Desktop 12-SP1 : zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-586=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2016-586=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/26"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0/1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-client-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-client-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-debugsource-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-doc-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-plugin-kdb-ldap-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-plugin-kdb-ldap-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-plugin-preauth-otp-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-plugin-preauth-otp-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-plugin-preauth-pkinit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-server-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-server-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-32bit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"krb5-debuginfo-32bit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-client-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-client-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-debugsource-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-doc-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-plugin-kdb-ldap-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-plugin-kdb-ldap-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-plugin-preauth-otp-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-plugin-preauth-otp-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-plugin-preauth-pkinit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-server-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-server-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-32bit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"krb5-debuginfo-32bit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"krb5-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"krb5-32bit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"krb5-client-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"krb5-client-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"krb5-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"krb5-debugsource-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"krb5-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"krb5-32bit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"krb5-client-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"krb5-client-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"krb5-debuginfo-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.12.1-28.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"krb5-debugsource-1.12.1-28.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-424.NASL description This update for krb5 fixes the following security issue : - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a NULL pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) last seen 2020-06-05 modified 2016-04-05 plugin id 90341 published 2016-04-05 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90341 title openSUSE Security Update : krb5 (openSUSE-2016-424) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-424. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(90341); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-3119"); script_name(english:"openSUSE Security Update : krb5 (openSUSE-2016-424)"); script_summary(english:"Check for the openSUSE-2016-424 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for krb5 fixes the following security issue : - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a NULL pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942)" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:krb5-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"krb5-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-client-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-client-debuginfo-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-debuginfo-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-debugsource-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-devel-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-debuginfo-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-debugsource-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-mini-devel-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-kdb-ldap-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-kdb-ldap-debuginfo-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-otp-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-otp-debuginfo-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-pkinit-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-plugin-preauth-pkinit-debuginfo-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-server-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"krb5-server-debuginfo-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"krb5-32bit-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"krb5-debuginfo-32bit-1.12.2-24.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"krb5-devel-32bit-1.12.2-24.1") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-mini / krb5-mini-debuginfo / krb5-mini-debugsource / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2016-ED99CB602E.NASL description CVE-2016-3119, NULL dereference in LDAP module. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-04-07 plugin id 90379 published 2016-04-07 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90379 title Fedora 22 : krb5-1.13.2-14.fc22 (2016-ed99cb602e) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2016-ed99cb602e. # include("compat.inc"); if (description) { script_id(90379); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_xref(name:"FEDORA", value:"2016-ed99cb602e"); script_name(english:"Fedora 22 : krb5-1.13.2-14.fc22 (2016-ed99cb602e)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2016-3119, NULL dereference in LDAP module. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181347.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7312089f" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 package."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"krb5-1.13.2-14.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2016-56840BABC3.NASL description CVE-2016-3119, NULL dereference in LDAP module. ---- Fix an issue with return codes on `gss_inquire_attrs_for_mech`. This resolves an issue with gss-ntlmssp, and anything else that is interposing but not implementing the corresponding mechglue function. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-23 plugin id 90103 published 2016-03-23 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90103 title Fedora 23 : krb5-1.14.1-3.fc23 (2016-56840babc3) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2016-56840babc3. # include("compat.inc"); if (description) { script_id(90103); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_xref(name:"FEDORA", value:"2016-56840babc3"); script_name(english:"Fedora 23 : krb5-1.14.1-3.fc23 (2016-56840babc3)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2016-3119, NULL dereference in LDAP module. ---- Fix an issue with return codes on `gss_inquire_attrs_for_mech`. This resolves an issue with gss-ntlmssp, and anything else that is interposing but not implementing the corresponding mechglue function. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317609" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179220.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?74b46cec" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 package."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"krb5-1.14.1-3.fc23")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1088-1.NASL description This update for krb5 fixes the following security issue : - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a NULL pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 90586 published 2016-04-19 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90586 title SUSE SLES11 Security Update : krb5 (SUSE-SU-2016:1088-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:1088-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(90586); script_version("2.9"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2016-3119"); script_name(english:"SUSE SLES11 Security Update : krb5 (SUSE-SU-2016:1088-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for krb5 fixes the following security issue : - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a NULL pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=971942" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3119/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20161088-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e0240fea" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4 : zypper in -t patch sdksp4-krb5-12512=1 SUSE Linux Enterprise Server 11-SP4 : zypper in -t patch slessp4-krb5-12512=1 SUSE Linux Enterprise Debuginfo 11-SP4 : zypper in -t patch dbgsp4-krb5-12512=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-apps-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-apps-servers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/26"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.109.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"krb5-32bit-1.6.3-133.49.109.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-1.6.3-133.49.109.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-apps-clients-1.6.3-133.49.109.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-apps-servers-1.6.3-133.49.109.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-client-1.6.3-133.49.109.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-server-1.6.3-133.49.109.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2591.NASL description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es) : * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 94554 published 2016-11-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94554 title RHEL 7 : krb5 (RHSA-2016:2591) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:2591. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(94554); script_version("2.15"); script_cvs_date("Date: 2019/10/24 15:35:42"); script_cve_id("CVE-2016-3119", "CVE-2016-3120"); script_xref(name:"RHSA", value:"2016:2591"); script_name(english:"RHEL 7 : krb5 (RHSA-2016:2591)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es) : * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:2591" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-3119" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-3120" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libkadm5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/26"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:2591"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", reference:"krb5-debuginfo-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"krb5-devel-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"krb5-libs-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-pkinit-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-pkinit-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-server-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-server-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-server-ldap-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-server-ldap-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-workstation-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-workstation-1.14.1-26.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libkadm5-1.14.1-26.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc"); } }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2591.NASL description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es) : * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 95337 published 2016-11-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95337 title CentOS 7 : krb5 (CESA-2016:2591) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:2591 and # CentOS Errata and Security Advisory 2016:2591 respectively. # include("compat.inc"); if (description) { script_id(95337); script_version("3.8"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2016-3119", "CVE-2016-3120"); script_xref(name:"RHSA", value:"2016:2591"); script_xref(name:"IAVB", value:"2016-B-0115"); script_name(english:"CentOS 7 : krb5 (CESA-2016:2591)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es) : * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section." ); # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003271.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?11369aec" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3120"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libkadm5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/26"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"krb5-devel-1.14.1-26.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"krb5-libs-1.14.1-26.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"krb5-pkinit-1.14.1-26.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"krb5-server-1.14.1-26.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"krb5-server-ldap-1.14.1-26.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"krb5-workstation-1.14.1-26.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libkadm5-1.14.1-26.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1076.NASL description According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) - A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true.(CVE-2016-3120) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99836 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99836 title EulerOS 2.0 SP1 : krb5 (EulerOS-SA-2016-1076) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(99836); script_version("1.14"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2016-3119", "CVE-2016-3120" ); script_name(english:"EulerOS 2.0 SP1 : krb5 (EulerOS-SA-2016-1076)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) - A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true.(CVE-2016-3120) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1076 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5f5619d3"); script_set_attribute(attribute:"solution", value: "Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["krb5-devel-1.13.2-12.h2", "krb5-libs-1.13.2-12.h2", "krb5-pkinit-1.13.2-12.h2", "krb5-server-1.13.2-12.h2", "krb5-server-ldap-1.13.2-12.h2", "krb5-workstation-1.13.2-12.h2"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2591.NASL description From Red Hat Security Advisory 2016:2591 : An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es) : * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 94712 published 2016-11-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94712 title Oracle Linux 7 : krb5 (ELSA-2016-2591) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:2591 and # Oracle Linux Security Advisory ELSA-2016-2591 respectively. # include("compat.inc"); if (description) { script_id(94712); script_version("2.7"); script_cvs_date("Date: 2019/09/27 13:00:37"); script_cve_id("CVE-2016-3119", "CVE-2016-3120"); script_xref(name:"RHSA", value:"2016:2591"); script_name(english:"Oracle Linux 7 : krb5 (ELSA-2016-2591)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2016:2591 : An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es) : * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2016-November/006479.html" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libkadm5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/26"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"krb5-devel-1.14.1-26.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"krb5-libs-1.14.1-26.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"krb5-pkinit-1.14.1-26.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"krb5-server-1.14.1-26.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"krb5-server-ldap-1.14.1-26.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"krb5-workstation-1.14.1-26.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libkadm5-1.14.1-26.el7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1265.NASL description Kerberos, a system for authenticating users and services on a network, was affected by several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2013-1418 Kerberos allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request when multiple realms are configured. CVE-2014-5351 Kerberos sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5353 When the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. CVE-2014-5355 Kerberos expects that a krb5_read_message data field is represented as a string ending with a last seen 2020-03-17 modified 2018-02-01 plugin id 106536 published 2018-02-01 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106536 title Debian DLA-1265-1 : krb5 security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1265-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(106536); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1418", "CVE-2014-5351", "CVE-2014-5353", "CVE-2014-5355", "CVE-2016-3119", "CVE-2016-3120"); script_bugtraq_id(63555, 70380, 71679, 74042); script_xref(name:"IAVB", value:"2016-B-0115"); script_name(english:"Debian DLA-1265-1 : krb5 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Kerberos, a system for authenticating users and services on a network, was affected by several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2013-1418 Kerberos allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request when multiple realms are configured. CVE-2014-5351 Kerberos sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5353 When the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. CVE-2014-5355 Kerberos expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, CVE-2016-3119 Kerberos allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. CVE-2016-3120 Kerberos allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. For Debian 7 'Wheezy', these problems have been fixed in version 1.10.1+dfsg-5+deb7u9. We recommend that you upgrade your krb5 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/krb5" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5-admin-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5-gss-samples"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5-kdc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5-kdc-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5-locales"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5-multidev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:krb5-user"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libkadm5clnt-mit8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libkadm5srv-mit8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libkdb5-6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libkrb5-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/01"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"krb5-admin-server", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"krb5-doc", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"krb5-gss-samples", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"krb5-kdc", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"krb5-kdc-ldap", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"krb5-locales", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"krb5-multidev", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"krb5-pkinit", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"krb5-user", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libkadm5clnt-mit8", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libkadm5srv-mit8", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libkdb5-6", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libkrb5-dev", reference:"1.10.1+dfsg-5+deb7u9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-793.NASL description A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) last seen 2020-06-01 modified 2020-06-02 plugin id 97023 published 2017-02-07 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/97023 title Amazon Linux AMI : krb5 (ALAS-2017-793) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-793. # include("compat.inc"); if (description) { script_id(97023); script_version("3.4"); script_cvs_date("Date: 2018/04/19 15:44:46"); script_cve_id("CVE-2016-3119", "CVE-2016-3120"); script_xref(name:"ALAS", value:"2017-793"); script_xref(name:"IAVB", value:"2016-B-0115"); script_name(english:"Amazon Linux AMI : krb5 (ALAS-2017-793)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-793.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update krb5' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-pkinit-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libkadm5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/07"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"krb5-debuginfo-1.14.1-27.41.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"krb5-devel-1.14.1-27.41.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"krb5-libs-1.14.1-27.41.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"krb5-pkinit-openssl-1.14.1-27.41.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"krb5-server-1.14.1-27.41.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"krb5-server-ldap-1.14.1-27.41.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"krb5-workstation-1.14.1-27.41.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libkadm5-1.14.1-27.41.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit-openssl / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2016-8DBC4ADE25.NASL description CVE-2016-3119, NULL dereference in LDAP module. ---- Fix an issue with return codes on `gss_inquire_attrs_for_mech`. This resolves an issue with gss-ntlmssp, and anything else that is interposing but not implementing the corresponding mechglue function. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-28 plugin id 90216 published 2016-03-28 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90216 title Fedora 24 : krb5-1.14.1-3.fc24 (2016-8dbc4ade25) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2016-8dbc4ade25. # include("compat.inc"); if (description) { script_id(90216); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_xref(name:"FEDORA", value:"2016-8dbc4ade25"); script_name(english:"Fedora 24 : krb5-1.14.1-3.fc24 (2016-8dbc4ade25)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2016-3119, NULL dereference in LDAP module. ---- Fix an issue with return codes on `gss_inquire_attrs_for_mech`. This resolves an issue with gss-ntlmssp, and anything else that is interposing but not implementing the corresponding mechglue function. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317609" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179447.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?69138637" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179557.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b48cb2c1" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 package."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"krb5-1.14.1-3.fc24")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-474.NASL description This update for krb5 fixes the following security issue : - CVE-2016-3119: An authenticated attacker with permission to modify a principal entry could have caused kadmind to dereference a NULL pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. (bsc#971942) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-04-18 plugin id 90564 published 2016-04-18 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90564 title openSUSE Security Update : krb5 (openSUSE-2016-474) NASL family Scientific Linux Local Security Checks NASL id SL_20161103_KRB5_ON_SL7_X.NASL description The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). Security Fix(es) : - A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) - A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a NULL pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes : last seen 2020-03-18 modified 2016-12-15 plugin id 95842 published 2016-12-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95842 title Scientific Linux Security Update : krb5 on SL7.x x86_64 (20161103)
Redhat
advisories |
| ||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html
- http://rhn.redhat.com/errata/RHSA-2016-2591.html
- http://rhn.redhat.com/errata/RHSA-2016-2591.html
- http://www.securityfocus.com/bid/85392
- http://www.securityfocus.com/bid/85392
- http://www.securitytracker.com/id/1035399
- http://www.securitytracker.com/id/1035399
- https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
- https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
- https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
- https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html