Test Kennung:	1.3.6.1.4.1.25623.1.0.66708
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2010:005 (krb5)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to krb5 announced via advisory MDVSA-2010:005. Multiple vulnerabilities has been found and corrected in krb5: The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer (CVE-2009-0846). The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic (CVE-2009-0847). The updated packages have been patched to correct these issues. Affected: Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:005 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0846 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 34409 http://www.securityfocus.com/bid/34409 Bugtraq: 20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846] (Google Search) http://www.securityfocus.com/archive/1/502527/100/0/threaded Bugtraq: 20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/502546/100/0/threaded Bugtraq: 20090701 VMSA-2009-0008 ESX Service Console update for krb5 (Google Search) http://www.securityfocus.com/archive/1/504683/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html CERT/CC vulnerability note: VU#662091 http://www.kb.cert.org/vuls/id/662091 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html http://security.gentoo.org/glsa/glsa-200904-09.xml HPdes Security Advisory: HPSBOV02682 http://marc.info/?l=bugtraq&m=130497213107107&w=2 HPdes Security Advisory: HPSBUX02421 http://marc.info/?l=bugtraq&m=124896429301168&w=2 HPdes Security Advisory: SSRT090047 HPdes Security Advisory: SSRT100495 http://www.mandriva.com/security/advisories?name=MDVSA-2009:098 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058 http://lists.vmware.com/pipermail/security-announce/2009/000059.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301 http://www.redhat.com/support/errata/RHSA-2009-0408.html RedHat Security Advisories: RHSA-2009:0409 http://rhn.redhat.com/errata/RHSA-2009-0409.html RedHat Security Advisories: RHSA-2009:0410 http://rhn.redhat.com/errata/RHSA-2009-0410.html http://www.securitytracker.com/id?1021994 http://secunia.com/advisories/34594 http://secunia.com/advisories/34598 http://secunia.com/advisories/34617 http://secunia.com/advisories/34622 http://secunia.com/advisories/34628 http://secunia.com/advisories/34630 http://secunia.com/advisories/34637 http://secunia.com/advisories/34640 http://secunia.com/advisories/34734 http://secunia.com/advisories/35074 http://secunia.com/advisories/35667 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1 http://www.ubuntu.com/usn/usn-755-1 http://www.vupen.com/english/advisories/2009/0960 http://www.vupen.com/english/advisories/2009/0976 http://www.vupen.com/english/advisories/2009/1057 http://www.vupen.com/english/advisories/2009/1106 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/2084 http://www.vupen.com/english/advisories/2009/2248 Common Vulnerability Exposure (CVE) ID: CVE-2009-0847 BugTraq ID: 34408 http://www.securityfocus.com/bid/34408 Bugtraq: 20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847] (Google Search) http://www.securityfocus.com/archive/1/502526/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387 http://www.securitytracker.com/id?1021993
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.