ID de Prueba:	1.3.6.1.4.1.25623.1.0.54325
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:562
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:562. Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. A double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Although no exploit is currently known to exist, this issue could potentially be exploited to allow arbitrary code execution on a Key Distribution Center (KDC). The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1689 to this issue. Daniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs. Sucessful exploitation of this flaw would lead to a denial of service (crash). To trigger this flaw an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CVE-2005-1175). Gaël Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CVE-2005-0488). The rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CVE-2004-0175). All users of krb5 should update to these erratum packages which contain backported patches to correct these issues. Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-562.html http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0175 BugTraq ID: 9986 http://www.securityfocus.com/bid/9986 Computer Incident Advisory Center Bulletin: O-212 http://www.ciac.org/ciac/bulletins/o-212.shtml Conectiva Linux advisory: CLSA-2004:831 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831 http://www.mandriva.com/security/advisories?name=MDKSA-2005:100 http://www.mandriva.com/security/advisories?name=MDVSA-2008:191 http://www.osvdb.org/9550 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184 http://www.redhat.com/support/errata/RHSA-2005-074.html http://www.redhat.com/support/errata/RHSA-2005-106.html http://www.redhat.com/support/errata/RHSA-2005-165.html http://www.redhat.com/support/errata/RHSA-2005-481.html http://www.redhat.com/support/errata/RHSA-2005-495.html http://www.redhat.com/support/errata/RHSA-2005-562.html http://www.redhat.com/support/errata/RHSA-2005-567.html SCO Security Bulletin: SCOSA-2006.11 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt http://secunia.com/advisories/17135 http://secunia.com/advisories/19243 SuSE Security Announcement: SuSE-SA:2004:009 (Google Search) http://www.novell.com/linux/security/advisories/2004_09_kernel.html XForce ISS Database: openssh-scp-file-overwrite(16323) https://exchange.xforce.ibmcloud.com/vulnerabilities/16323 Common Vulnerability Exposure (CVE) ID: CVE-2005-0488 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html BugTraq ID: 13940 http://www.securityfocus.com/bid/13940 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html CERT/CC vulnerability note: VU#800829 http://www.kb.cert.org/vuls/id/800829 http://idefense.com/application/poi/display?id=260&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11373 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1139 http://www.redhat.com/support/errata/RHSA-2005-504.html http://securitytracker.com/id?1014203 http://secunia.com/advisories/21253 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1 SuSE Security Announcement: SUSE-SR:2005:016 (Google Search) http://www.novell.com/linux/security/advisories/2005_16_sr.html http://www.vupen.com/english/advisories/2006/3101 Common Vulnerability Exposure (CVE) ID: CVE-2005-1175 AIX APAR: IY85474 http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html BugTraq ID: 14236 http://www.securityfocus.com/bid/14236 Bugtraq: 20050712 MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC (Google Search) http://marc.info/?l=bugtraq&m=112122123211974&w=2 CERT/CC vulnerability note: VU#885830 http://www.kb.cert.org/vuls/id/885830 Debian Security Information: DSA-757 (Google Search) http://www.debian.org/security/2005/dsa-757 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A736 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9902 http://securitytracker.com/id?1014460 http://secunia.com/advisories/16041 http://secunia.com/advisories/17899 http://secunia.com/advisories/20364 SGI Security Advisory: 20050703-01-U ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1 SuSE Security Announcement: SUSE-SR:2005:017 (Google Search) http://www.novell.com/linux/security/advisories/2005_17_sr.html http://www.trustix.org/errata/2005/0036 TurboLinux Advisory: TLSA-2005-78 http://www.turbolinux.com/security/2005/TLSA-2005-78.txt https://usn.ubuntu.com/224-1/ http://www.vupen.com/english/advisories/2005/1066 http://www.vupen.com/english/advisories/2006/2074 XForce ISS Database: kerberos-kdc-krb5-udp-tcp-bo(21328) https://exchange.xforce.ibmcloud.com/vulnerabilities/21328 Common Vulnerability Exposure (CVE) ID: CVE-2005-1689 BugTraq ID: 14239 http://www.securityfocus.com/bid/14239 Bugtraq: 20050712 MITKRB5-SA-2005-003: double-free in krb5_recvauth (Google Search) http://marc.info/?l=bugtraq&m=112119974704542&w=2 CERT/CC vulnerability note: VU#623332 http://www.kb.cert.org/vuls/id/623332 Conectiva Linux advisory: CLA-2005:993 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000993 http://www.gentoo.org/security/en/glsa/glsa-200507-11.xml HPdes Security Advisory: HPSBUX02152 http://www.securityfocus.com/archive/1/446940/100/0/threaded HPdes Security Advisory: SSRT5973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9819 http://securitytracker.com/id?1014461 http://secunia.com/advisories/22090 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1 http://www.vupen.com/english/advisories/2006/3776 XForce ISS Database: kerberos-kdc-krb5recvauth-execute-code(21055) https://exchange.xforce.ibmcloud.com/vulnerabilities/21055
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.