Red Hat Local Security Checks : RedHat Security Advisory RHSA-2006:0746

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57661

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2006:0746

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2006:0746.

mod_auth_kerb is module for the Apache HTTP Server designed to
provide Kerberos authentication over HTTP.

An off by one flaw was found in the way mod_auth_kerb handles certain
Kerberos authentication messages. A remote client could send a specially
crafted authentication request which could crash an httpd child process
(CVE-2006-5989).

A bug in the handling of multiple realms configured using the
KrbAuthRealms directive has also been fixed.

All users of mod_auth_kerb should upgrade to these updated packages, which
contain backported patches that resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0746.html
http://www.redhat.com/security/updates/classification/#low

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-5989
1017348
http://securitytracker.com/id?1017348
21214
http://www.securityfocus.com/bid/21214
23023
http://secunia.com/advisories/23023
23251
http://secunia.com/advisories/23251
23681
http://secunia.com/advisories/23681
23820
http://secunia.com/advisories/23820
ADV-2006-4633
http://www.vupen.com/english/advisories/2006/4633
DSA-1247
http://www.debian.org/security/2007/dsa-1247
GLSA-200701-14
http://security.gentoo.org/glsa/glsa-200701-14.xml
MDKSA-2006:218
http://www.mandriva.com/security/advisories?name=MDKSA-2006:218
RHSA-2006:0746
http://www.redhat.com/support/errata/RHSA-2006-0746.html
apache-modauthkerb-offbyone-bo(30456)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30456
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736
oval:org.mitre.oval:def:10051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10051

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57661
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0746
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0746. mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989). A bug in the handling of multiple realms configured using the KrbAuthRealms directive has also been fixed. All users of mod_auth_kerb should upgrade to these updated packages, which contain backported patches that resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0746.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5989 1017348 http://securitytracker.com/id?1017348 21214 http://www.securityfocus.com/bid/21214 23023 http://secunia.com/advisories/23023 23251 http://secunia.com/advisories/23251 23681 http://secunia.com/advisories/23681 23820 http://secunia.com/advisories/23820 ADV-2006-4633 http://www.vupen.com/english/advisories/2006/4633 DSA-1247 http://www.debian.org/security/2007/dsa-1247 GLSA-200701-14 http://security.gentoo.org/glsa/glsa-200701-14.xml MDKSA-2006:218 http://www.mandriva.com/security/advisories?name=MDKSA-2006:218 RHSA-2006:0746 http://www.redhat.com/support/errata/RHSA-2006-0746.html apache-modauthkerb-offbyone-bo(30456) https://exchange.xforce.ibmcloud.com/vulnerabilities/30456 https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736 oval:org.mitre.oval:def:10051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10051
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com