Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0052)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.131208

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0052)

Resumen: The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2016-0052 advisory.

Descripción: Summary:
The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2016-0052 advisory.

Vulnerability Insight:
In all versions of MIT krb5, an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database (CVE-2015-8629).

In MIT krb5 1.12 and later, an authenticated attacker with permission to
modify a principal entry can cause kadmind to dereference a null pointer
by supplying a null policy value but including KADM5_POLICY in the mask
(CVE-2015-8630).

In all versions of MIT krb5, an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which uses
one. Repeating these requests will eventually cause kadmind to exhaust
all available memory (CVE-2015-8631).

Affected Software/OS:
'krb5' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-8629
BugTraq ID: 82801
http://www.securityfocus.com/bid/82801
Debian Security Information: DSA-3466 (Google Search)
http://www.debian.org/security/2016/dsa-3466
RedHat Security Advisories: RHSA-2016:0493
http://rhn.redhat.com/errata/RHSA-2016-0493.html
RedHat Security Advisories: RHSA-2016:0532
http://rhn.redhat.com/errata/RHSA-2016-0532.html
http://www.securitytracker.com/id/1034914
SuSE Security Announcement: openSUSE-SU-2016:0406 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html
SuSE Security Announcement: openSUSE-SU-2016:0501 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8630
http://www.securitytracker.com/id/1034915
Common Vulnerability Exposure (CVE) ID: CVE-2015-8631
http://www.securitytracker.com/id/1034916

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131208
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0052)
Resumen:	The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2016-0052 advisory.
Descripción:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2016-0052 advisory. Vulnerability Insight: In all versions of MIT krb5, an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database (CVE-2015-8629). In MIT krb5 1.12 and later, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask (CVE-2015-8630). In all versions of MIT krb5, an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory (CVE-2015-8631). Affected Software/OS: 'krb5' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8629 BugTraq ID: 82801 http://www.securityfocus.com/bid/82801 Debian Security Information: DSA-3466 (Google Search) http://www.debian.org/security/2016/dsa-3466 RedHat Security Advisories: RHSA-2016:0493 http://rhn.redhat.com/errata/RHSA-2016-0493.html RedHat Security Advisories: RHSA-2016:0532 http://rhn.redhat.com/errata/RHSA-2016-0532.html http://www.securitytracker.com/id/1034914 SuSE Security Announcement: openSUSE-SU-2016:0406 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html SuSE Security Announcement: openSUSE-SU-2016:0501 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8630 http://www.securitytracker.com/id/1034915 Common Vulnerability Exposure (CVE) ID: CVE-2015-8631 http://www.securitytracker.com/id/1034916
Copyright	Copyright (C) 2016 Greenbone AG