English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 76783 CVE Beschreibungen
und 40246 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.58416
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2007:0384
Zusammenfassung:Redhat Security Advisory RHSA-2007:0384
Beschreibung:
The remote host is missing updates announced in
advisory RHSA-2007:0384.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC. kadmind is the KADM5 administration
server.

David Coffey discovered an uninitialized pointer free flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash or potentially
execute arbitrary code as root. (CVE-2007-2442)

David Coffey also discovered an overflow flaw in the RPC library used by
kadmind. On Red Hat Enterprise Linux, exploitation of this flaw is limited
to a denial of service. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443)

A stack buffer overflow flaw was found in kadmind. An authenticated
attacker who can access kadmind could trigger this flaw and potentially
execute arbitrary code on the Kerberos server. (CVE-2007-2798)

For Red Hat Enterprise Linux 2.1, several portability bugs which would lead
to unexpected crashes on the ia64 platform have also been fixed.

Users of krb5-server are advised to update to these erratum packages which
contain backported fixes to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0384.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-2442
Bugtraq: 20070626 MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/472288/100/0/threaded
Bugtraq: 20070628 FLEA-2007-0029-1: krb5 krb5-workstation (Google Search)
http://www.securityfocus.com/archive/1/archive/1/472432/100/0/threaded
Bugtraq: 20070629 TSLSA-2007-0021 - kerberos5 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/472507/30/5970/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
Debian Security Information: DSA-1323 (Google Search)
http://www.debian.org/security/2007/dsa-1323
http://security.gentoo.org/glsa/glsa-200707-11.xml
HPdes Security Advisory: HPSBUX02544
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427
HPdes Security Advisory: SSRT100107
http://www.mandriva.com/security/advisories?name=MDKSA-2007:137
http://www.redhat.com/support/errata/RHSA-2007-0384.html
http://www.redhat.com/support/errata/RHSA-2007-0562.html
SGI Security Advisory: 20070602-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1
SuSE Security Announcement: SUSE-SA:2007:038 (Google Search)
http://www.novell.com/linux/security/advisories/2007_38_krb5.html
http://www.trustix.org/errata/2007/0021/
http://www.ubuntu.com/usn/usn-477-1
CERT/CC vulnerability note: VU#356961
http://www.kb.cert.org/vuls/id/356961
Cert/CC Advisory: TA07-177A
http://www.us-cert.gov/cas/techalerts/TA07-177A.html
BugTraq ID: 24655
http://www.securityfocus.com/bid/24655
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
http://osvdb.org/36596
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10631
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7344
http://secunia.com/advisories/40346
http://www.vupen.com/english/advisories/2007/2337
http://www.vupen.com/english/advisories/2007/2354
http://www.vupen.com/english/advisories/2007/2491
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3229
http://www.securitytracker.com/id?1018293
http://secunia.com/advisories/25821
http://secunia.com/advisories/25870
http://secunia.com/advisories/25890
http://secunia.com/advisories/25894
http://secunia.com/advisories/25800
http://secunia.com/advisories/25801
http://secunia.com/advisories/25814
http://secunia.com/advisories/25841
http://secunia.com/advisories/25888
http://secunia.com/advisories/25911
http://secunia.com/advisories/26228
http://secunia.com/advisories/26235
http://secunia.com/advisories/26033
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://www.vupen.com/english/advisories/2010/1574
XForce ISS Database: kerberos-gssrpcsvcauthgssapi-code-execution(35082)
http://xforce.iss.net/xforce/xfdb/35082
Common Vulnerability Exposure (CVE) ID: CVE-2007-2443
CERT/CC vulnerability note: VU#365313
http://www.kb.cert.org/vuls/id/365313
BugTraq ID: 24657
http://www.securityfocus.com/bid/24657
http://osvdb.org/36597
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11277
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7131
XForce ISS Database: kerberos-gssrpcsvcauthunix-bo(35085)
http://xforce.iss.net/xforce/xfdb/35085
Common Vulnerability Exposure (CVE) ID: CVE-2007-2798
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=548
Bugtraq: 20070626 MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/472289/100/0/threaded
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102985-1
CERT/CC vulnerability note: VU#554257
http://www.kb.cert.org/vuls/id/554257
BugTraq ID: 24653
http://www.securityfocus.com/bid/24653
http://osvdb.org/36595
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9996
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7550
http://www.vupen.com/english/advisories/2007/2370
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1726
http://www.securitytracker.com/id?1018295
http://secunia.com/advisories/25875
XForce ISS Database: kerberos-renameprincipal2svc-bo(35080)
http://xforce.iss.net/xforce/xfdb/35080
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 40246 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.