FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-04:09.kadmind.asc)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.52651

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Security Advisory (FreeBSD-SA-04:09.kadmind.asc)

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-04:09.kadmind.asc

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-04:09.kadmind.asc

Vulnerability Insight:
Heimdal implements the Kerberos 5 network authentication protocols.
The k5admind(8) daemon provides the administrative interface to the
Kerberos Key Distribution Center (KDC). In some configurations,
k5admind also includes Kerberos 4 compatibility.

NOTE: FreeBSD versions prior to 5.1-RELEASE contain optional Kerberos
4 support. FreeBSD versions 5.1-RELEASE and later do not include
Kerberos 4 support of any kind.

An input validation error was discovered in the k5admind code that
handles the framing of Kerberos 4 compatibility administration
requests. The code assumed that the length given in the framing was
always two or more bytes. Smaller lengths will cause k5admind to read
an arbitrary amount of data into a minimally-sized buffer on the heap.

Note that this code is not present unless k5admind has been compiled
with Kerberos 4 support. This will occur if a FreeBSD system is
compiled with both of the WITH_KERBEROS4 and WITH_KERBEROS5 build flags.
These flags are never simultaneously set during the FreeBSD binary
release process. Consequently, binary installs of FreeBSD (even with
Kerberos support installed) are not affected.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0434
Bugtraq: 20040505 Advisory: Heimdal kadmind version4 remote heap overflow (Google Search)
http://marc.info/?l=bugtraq&m=108386148126457&w=2
Debian Security Information: DSA-504 (Google Search)
http://www.debian.org/security/2004/dsa-504
FreeBSD Security Advisory: FreeBSD-SA-04:09
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html
http://security.gentoo.org/glsa/glsa-200405-23.xml
XForce ISS Database: heimdal-kadmind-bo(16071)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16071

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.52651
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Security Advisory (FreeBSD-SA-04:09.kadmind.asc)
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-04:09.kadmind.asc
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-04:09.kadmind.asc Vulnerability Insight: Heimdal implements the Kerberos 5 network authentication protocols. The k5admind(8) daemon provides the administrative interface to the Kerberos Key Distribution Center (KDC). In some configurations, k5admind also includes Kerberos 4 compatibility. NOTE: FreeBSD versions prior to 5.1-RELEASE contain optional Kerberos 4 support. FreeBSD versions 5.1-RELEASE and later do not include Kerberos 4 support of any kind. An input validation error was discovered in the k5admind code that handles the framing of Kerberos 4 compatibility administration requests. The code assumed that the length given in the framing was always two or more bytes. Smaller lengths will cause k5admind to read an arbitrary amount of data into a minimally-sized buffer on the heap. Note that this code is not present unless k5admind has been compiled with Kerberos 4 support. This will occur if a FreeBSD system is compiled with both of the WITH_KERBEROS4 and WITH_KERBEROS5 build flags. These flags are never simultaneously set during the FreeBSD binary release process. Consequently, binary installs of FreeBSD (even with Kerberos support installed) are not affected. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0434 Bugtraq: 20040505 Advisory: Heimdal kadmind version4 remote heap overflow (Google Search) http://marc.info/?l=bugtraq&m=108386148126457&w=2 Debian Security Information: DSA-504 (Google Search) http://www.debian.org/security/2004/dsa-504 FreeBSD Security Advisory: FreeBSD-SA-04:09 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html http://security.gentoo.org/glsa/glsa-200405-23.xml XForce ISS Database: heimdal-kadmind-bo(16071) https://exchange.xforce.ibmcloud.com/vulnerabilities/16071
Copyright	Copyright (C) 2008 E-Soft Inc.