Test Kennung:	1.3.6.1.4.1.25623.1.0.51418
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2003:639
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2003:639. The krb5 packages are MIT's[1] implementation of the Kerberos 5 authentication protocol. This update fixes the vulnerabilities outlined below: 1. Principal name handling vulnerabilities[2] (CVE-2003-0082[3] and CVE-2003-0072[4]) 2. Cryptographic weaknesses in Kerberos v4 protocol[5] (CVE-2003-0138[6] and CVE-2003-0139[7]) 3. Faulty length checks in xdrmem_getbytes[8] (CVE-2003-0028[9]) The xdrmem_*() script_family( of functions (such as xdrmem_getbytes()) from the XDR library used by MIT Kerberos contains integer overflows that may be exploited by remote (but authenticated) attackers to cause a denial of service condition or even expose sensitive information. 4. Multiple vulnerabilities in old releases of MIT Kerberos[10] This announcement upgrades the Kerberos packages in Conectiva Linux 8 to the 1.2.8 version. Please note that Conectiva Linux 9 includes a patched 1.2.7 version and is not vulnerable to these issues. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://web.mit.edu/Kerberos/www/index.html http://web.mit.edu/Kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt http://web.mit.edu/Kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt http://web.mit.edu/Kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt http://web.mit.edu/Kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:639 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0082 BugTraq ID: 7185 http://www.securityfocus.com/bid/7185 Bugtraq: 20030331 GLSA: krb5 & mit-krb5 (200303-28) (Google Search) http://www.securityfocus.com/archive/1/316960/30/25250/threaded Debian Security Information: DSA-266 (Google Search) http://www.debian.org/security/2003/dsa-266 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430 http://www.redhat.com/support/errata/RHSA-2003-051.html http://www.redhat.com/support/errata/RHSA-2003-052.html http://www.redhat.com/support/errata/RHSA-2003-091.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1 Common Vulnerability Exposure (CVE) ID: CVE-2003-0072 BugTraq ID: 7184 http://www.securityfocus.com/bid/7184 Common Vulnerability Exposure (CVE) ID: CVE-2003-0138 BugTraq ID: 7113 http://www.securityfocus.com/bid/7113 Bugtraq: 20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol (Google Search) http://marc.info/?l=bugtraq&m=104791775804776&w=2 CERT/CC vulnerability note: VU#623217 http://www.kb.cert.org/vuls/id/623217 Debian Security Information: DSA-269 (Google Search) http://www.debian.org/security/2003/dsa-269 Debian Security Information: DSA-273 (Google Search) http://www.debian.org/security/2003/dsa-273 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248 Common Vulnerability Exposure (CVE) ID: CVE-2003-0139 Bugtraq: 20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 (Google Search) Bugtraq: 20030330 GLSA: openafs (200303-26) (Google Search) http://www.securityfocus.com/archive/1/317130/30/25250/threaded CERT/CC vulnerability note: VU#442569 http://www.kb.cert.org/vuls/id/442569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250 Common Vulnerability Exposure (CVE) ID: CVE-2003-0028 Bugtraq: 20030319 EEYE: XDR Integer Overflow (Google Search) http://marc.info/?l=bugtraq&m=104810574423662&w=2 Bugtraq: 20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes (Google Search) http://marc.info/?l=bugtraq&m=104811415301340&w=2 Bugtraq: 20030319 RE: EEYE: XDR Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/315638/30/25430/threaded Bugtraq: 20030325 GLSA: glibc (200303-22) (Google Search) http://marc.info/?l=bugtraq&m=104860855114117&w=2 Bugtraq: 20030331 GLSA: dietlibc (200303-29) (Google Search) http://www.securityfocus.com/archive/1/316931/30/25250/threaded Bugtraq: 20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03) (Google Search) http://marc.info/?l=bugtraq&m=105362148313082&w=2 Caldera Security Advisory: CSSA-2003-013.0 http://www.cert.org/advisories/CA-2003-10.html CERT/CC vulnerability note: VU#516825 http://www.kb.cert.org/vuls/id/516825 Debian Security Information: DSA-272 (Google Search) http://www.debian.org/security/2003/dsa-272 Debian Security Information: DSA-282 (Google Search) http://www.debian.org/security/2003/dsa-282 eEye Security Advisory: AD20030318 http://www.eeye.com/html/Research/Advisories/AD20030318.html En Garde Linux Advisory: ESA-20030321-010 http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html FreeBSD Security Advisory: FreeBSD-SA-03:05 http://www.mandriva.com/security/advisories?name=MDKSA-2003:037 NETBSD Security Advisory: NetBSD-SA2003-008 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230 http://www.redhat.com/support/errata/RHSA-2003-089.html SuSE Security Announcement: SuSE-SA:2003:027 (Google Search) http://www.novell.com/linux/security/advisories/2003_027_glibc.html http://marc.info/?l=bugtraq&m=104878237121402&w=2 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html Common Vulnerability Exposure (CVE) ID: CVE-2002-0036 BugTraq ID: 6713 http://www.securityfocus.com/bid/6713 CERT/CC vulnerability note: VU#587579 http://www.kb.cert.org/vuls/id/587579 Conectiva Linux advisory: CLA-2003:639 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043 http://www.osvdb.org/4896 http://www.redhat.com/support/errata/RHSA-2003-168.html XForce ISS Database: kerberos-kdc-neglength-bo(11190) https://exchange.xforce.ibmcloud.com/vulnerabilities/11190 Common Vulnerability Exposure (CVE) ID: CVE-2003-0058 BugTraq ID: 6683 http://www.securityfocus.com/bid/6683 CERT/CC vulnerability note: VU#661243 http://www.kb.cert.org/vuls/id/661243 Conectiva Linux advisory: CLSA-2003:639 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1110 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50142 XForce ISS Database: kerberos-kdc-null-pointer-dos(10099) https://exchange.xforce.ibmcloud.com/vulnerabilities/10099 Common Vulnerability Exposure (CVE) ID: CVE-2003-0059 BugTraq ID: 6714 http://www.securityfocus.com/bid/6714 CERT/CC vulnerability note: VU#684563 http://www.kb.cert.org/vuls/id/684563 XForce ISS Database: kerberos-kdc-user-spoofing(11188) https://exchange.xforce.ibmcloud.com/vulnerabilities/11188
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.