ID de Prueba:	1.3.6.1.4.1.25623.1.0.58944
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0892
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0892. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. The MIT Kerberos Team discovered a problem with the originally published patch for svc_auth_gss.c (CVE-2007-3999). A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-4743) This issue did not affect the versions of Kerberos distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Users of krb5-server are advised to update to these erratum packages which contain a corrected backported fix for this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0892.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4743 20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation http://www.securityfocus.com/archive/1/478748/100/0/threaded 20070907 FLEA-2007-0050-1 krb5 krb5-workstation http://www.securityfocus.com/archive/1/478794/100/0/threaded 26444 http://www.securityfocus.com/bid/26444 26699 http://secunia.com/advisories/26699 26987 http://secunia.com/advisories/26987 27643 http://secunia.com/advisories/27643 ADV-2007-3868 http://www.vupen.com/english/advisories/2007/3868 APPLE-SA-2007-11-14 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html DSA-1387 http://www.debian.org/security/2007/dsa-1387 RHSA-2007:0892 http://www.redhat.com/support/errata/RHSA-2007-0892.html SUSE-SR:2007:019 http://www.novell.com/linux/security/advisories/2007_19_sr.html TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html USN-511-2 http://www.ubuntu.com/usn/usn-511-2 http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86 http://docs.info.apple.com/article.html?artnum=307041 https://issues.rpath.com/browse/RPL-1696 oval:org.mitre.oval:def:10239 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10239 Common Vulnerability Exposure (CVE) ID: CVE-2007-3999 BugTraq ID: 25534 http://www.securityfocus.com/bid/25534 BugTraq ID: 26444 Bugtraq: 20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) Bugtraq: 20070912 ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/479251/100/0/threaded Cert/CC Advisory: TA07-319A CERT/CC vulnerability note: VU#883632 http://www.kb.cert.org/vuls/id/883632 Debian Security Information: DSA-1367 (Google Search) http://www.debian.org/security/2007/dsa-1367 Debian Security Information: DSA-1368 (Google Search) http://www.debian.org/security/2007/dsa-1368 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00173.html http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://security.gentoo.org/glsa/glsa-200710-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 http://www.mandriva.com/security/advisories?name=MDKSA-2007:181 http://www.zerodayinitiative.com/advisories/ZDI-07-052.html https://bugzilla.redhat.com/show_bug.cgi?id=250973 http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3162 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9379 http://www.redhat.com/support/errata/RHSA-2007-0858.html http://www.redhat.com/support/errata/RHSA-2007-0913.html http://www.redhat.com/support/errata/RHSA-2007-0951.html http://www.securitytracker.com/id?1018647 http://secunia.com/advisories/26676 http://secunia.com/advisories/26680 http://secunia.com/advisories/26684 http://secunia.com/advisories/26691 http://secunia.com/advisories/26697 http://secunia.com/advisories/26700 http://secunia.com/advisories/26705 http://secunia.com/advisories/26713 http://secunia.com/advisories/26728 http://secunia.com/advisories/26783 http://secunia.com/advisories/26792 http://secunia.com/advisories/26822 http://secunia.com/advisories/26896 http://secunia.com/advisories/27043 http://secunia.com/advisories/27081 http://secunia.com/advisories/27146 http://secunia.com/advisories/27756 http://secunia.com/advisories/29247 http://secunia.com/advisories/29270 http://securityreason.com/securityalert/3092 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1 SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) SuSE Security Announcement: SUSE-SR:2007:024 (Google Search) http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.trustix.org/errata/2007/0026/ http://www.ubuntu.com/usn/usn-511-1 http://www.vupen.com/english/advisories/2007/3051 http://www.vupen.com/english/advisories/2007/3052 http://www.vupen.com/english/advisories/2007/3060 http://www.vupen.com/english/advisories/2008/0803/references XForce ISS Database: kerberos-rpcsecgss-bo(36437) https://exchange.xforce.ibmcloud.com/vulnerabilities/36437
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.