Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:045

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51643

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:045

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:045.

Kerberos is a networked authentication system that uses a trusted third
party (a KDC) to authenticate clients and servers to each other.

A heap based buffer overflow bug was found in the administration library of
Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote
attacker to execute arbitrary commands on a realm's master Kerberos KDC.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-1189 to this issue.

All users of krb5 should upgrade to these updated packages, which contain
backported security patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-045.html
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-004-pwhist.txt

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1189
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
Bugtraq: 20041220 MITKRB5-SA-2004-004: heap overflow in libkadm5srv (Google Search)
http://marc.info/?l=bugtraq&m=110358420909358&w=2
Bugtraq: 20050110 [USN-58-1] MIT Kerberos server vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110548298407590&w=2
Conectiva Linux advisory: CLA-2005:917
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000917
http://www.mandriva.com/security/advisories?name=MDKSA-2004:156
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11911
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.redhat.com/support/errata/RHSA-2005-045.html
http://www.trustix.org/errata/2004/0069
XForce ISS Database: kerberos-libkadm5srv-bo(18621)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18621

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51643
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:045
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:045. Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote attacker to execute arbitrary commands on a realm's master Kerberos KDC. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1189 to this issue. All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-045.html http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-004-pwhist.txt Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1189 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html Bugtraq: 20041220 MITKRB5-SA-2004-004: heap overflow in libkadm5srv (Google Search) http://marc.info/?l=bugtraq&m=110358420909358&w=2 Bugtraq: 20050110 [USN-58-1] MIT Kerberos server vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110548298407590&w=2 Conectiva Linux advisory: CLA-2005:917 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000917 http://www.mandriva.com/security/advisories?name=MDKSA-2004:156 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11911 http://www.redhat.com/support/errata/RHSA-2005-012.html http://www.redhat.com/support/errata/RHSA-2005-045.html http://www.trustix.org/errata/2004/0069 XForce ISS Database: kerberos-libkadm5srv-bo(18621) https://exchange.xforce.ibmcloud.com/vulnerabilities/18621
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com