English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.50992
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2003:052
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2003:052.

Kerberos is a network authentication system. The MIT Kerberos team
released an advisory describing a number of vulnerabilities that affect the
kerberos packages shipped by Red Hat.

An integer signedness error in the ASN.1 decoder before version 1.2.5
allows remote attackers to cause a denial of service via a large unsigned
data element length, which is later used as a negative value. The Common
Vulnerabilities and Exposures project has assigned the name CVE-2002-0036
to this issue.

The Key Distribution Center (KDC) before version 1.2.5 allows remote,
authenticated, attackers to cause a denial of service (crash) on KDCs
within the same realm via a certain protocol request that:

- causes a null pointer dereference (CVE-2003-0058).

- causes the KDC to corrupt its heap (CVE-2003-0082).

A vulnerability in Kerberos before version 1.2.3 allows users from
one realm to impersonate users in other realms that have the same
inter-realm keys (CVE-2003-0059).

The MIT advisory for these issues also mentions format string
vulnerabilities in the logging routines (CVE-2003-0060). Previous versions
of the kerberos packages from Red Hat already contain fixes for this issue.

Vulnerabilities have been found in the implementation of support for
triple-DES keys in the implementation of the Kerberos IV authentication
protocol included in MIT Kerberos (CVE-2003-0139).

Vulnerabilities have been found in the Kerberos IV authentication protocol
which allow an attacker with knowledge of a cross-realm key that is shared
with another realm to impersonate any principal in that realm to any
service in that realm. This vulnerability can only be closed by disabling
cross-realm authentication in Kerberos IV (CVE-2003-0138).

Vulnerabilities have been found in the RPC library used by the kadmin
service in Kerberos 5. A faulty length check in the RPC library exposes
kadmind to an integer overflow which can be used to crash kadmind
(CVE-2003-0028).

All users of Kerberos are advised to upgrade to these errata packages,
which disable cross-realm authentication by default for Kerberos IV and
which contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-052.html
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0028
Bugtraq: 20030319 EEYE: XDR Integer Overflow (Google Search)
http://marc.info/?l=bugtraq&m=104810574423662&w=2
Bugtraq: 20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes (Google Search)
http://marc.info/?l=bugtraq&m=104811415301340&w=2
Bugtraq: 20030319 RE: EEYE: XDR Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/315638/30/25430/threaded
Bugtraq: 20030325 GLSA: glibc (200303-22) (Google Search)
http://marc.info/?l=bugtraq&m=104860855114117&w=2
Bugtraq: 20030331 GLSA: dietlibc (200303-29) (Google Search)
http://www.securityfocus.com/archive/1/316931/30/25250/threaded
Bugtraq: 20030331 GLSA: krb5 & mit-krb5 (200303-28) (Google Search)
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
Bugtraq: 20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03) (Google Search)
http://marc.info/?l=bugtraq&m=105362148313082&w=2
Caldera Security Advisory: CSSA-2003-013.0
http://www.cert.org/advisories/CA-2003-10.html
CERT/CC vulnerability note: VU#516825
http://www.kb.cert.org/vuls/id/516825
Debian Security Information: DSA-266 (Google Search)
http://www.debian.org/security/2003/dsa-266
Debian Security Information: DSA-272 (Google Search)
http://www.debian.org/security/2003/dsa-272
Debian Security Information: DSA-282 (Google Search)
http://www.debian.org/security/2003/dsa-282
eEye Security Advisory: AD20030318
http://www.eeye.com/html/Research/Advisories/AD20030318.html
En Garde Linux Advisory: ESA-20030321-010
http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
FreeBSD Security Advisory: FreeBSD-SA-03:05
http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
NETBSD Security Advisory: NetBSD-SA2003-008
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230
http://www.redhat.com/support/errata/RHSA-2003-051.html
http://www.redhat.com/support/errata/RHSA-2003-052.html
http://www.redhat.com/support/errata/RHSA-2003-089.html
http://www.redhat.com/support/errata/RHSA-2003-091.html
SuSE Security Announcement: SuSE-SA:2003:027 (Google Search)
http://www.novell.com/linux/security/advisories/2003_027_glibc.html
http://marc.info/?l=bugtraq&m=104878237121402&w=2
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
Common Vulnerability Exposure (CVE) ID: CVE-2002-0036
BugTraq ID: 6713
http://www.securityfocus.com/bid/6713
CERT/CC vulnerability note: VU#587579
http://www.kb.cert.org/vuls/id/587579
Conectiva Linux advisory: CLA-2003:639
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
http://www.osvdb.org/4896
http://www.redhat.com/support/errata/RHSA-2003-168.html
XForce ISS Database: kerberos-kdc-neglength-bo(11190)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11190
Common Vulnerability Exposure (CVE) ID: CVE-2003-0058
BugTraq ID: 6683
http://www.securityfocus.com/bid/6683
CERT/CC vulnerability note: VU#661243
http://www.kb.cert.org/vuls/id/661243
Conectiva Linux advisory: CLSA-2003:639
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1110
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50142
XForce ISS Database: kerberos-kdc-null-pointer-dos(10099)
https://exchange.xforce.ibmcloud.com/vulnerabilities/10099
Common Vulnerability Exposure (CVE) ID: CVE-2003-0059
BugTraq ID: 6714
http://www.securityfocus.com/bid/6714
CERT/CC vulnerability note: VU#684563
http://www.kb.cert.org/vuls/id/684563
XForce ISS Database: kerberos-kdc-user-spoofing(11188)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11188
Common Vulnerability Exposure (CVE) ID: CVE-2003-0072
BugTraq ID: 7184
http://www.securityfocus.com/bid/7184
http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
Common Vulnerability Exposure (CVE) ID: CVE-2003-0082
BugTraq ID: 7185
http://www.securityfocus.com/bid/7185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430
Common Vulnerability Exposure (CVE) ID: CVE-2003-0138
BugTraq ID: 7113
http://www.securityfocus.com/bid/7113
Bugtraq: 20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol (Google Search)
http://marc.info/?l=bugtraq&m=104791775804776&w=2
CERT/CC vulnerability note: VU#623217
http://www.kb.cert.org/vuls/id/623217
Debian Security Information: DSA-269 (Google Search)
http://www.debian.org/security/2003/dsa-269
Debian Security Information: DSA-273 (Google Search)
http://www.debian.org/security/2003/dsa-273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248
Common Vulnerability Exposure (CVE) ID: CVE-2003-0139
Bugtraq: 20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 (Google Search)
Bugtraq: 20030330 GLSA: openafs (200303-26) (Google Search)
http://www.securityfocus.com/archive/1/317130/30/25250/threaded
CERT/CC vulnerability note: VU#442569
http://www.kb.cert.org/vuls/id/442569
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.