Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0258

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67161

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0258

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0258.

The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware
applications to use Kerberos to verify user identities by obtaining user
credentials at log in time.

A flaw was found in pam_krb5. In some non-default configurations
(specifically, those where pam_krb5 would be the first module to prompt for
a password), the text of the password prompt varied based on whether or not
the username provided was a username known to the system. A remote attacker
could use this flaw to recognize valid usernames, which would aid a
dictionary-based password guess attack. (CVE-2009-1384)

Solution:
Users of pam_krb5 are advised to upgrade to these updated packages, which
resolve these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0258.html
http://www.redhat.com/security/updates/classification/#low

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1384
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/516397/100/0/threaded
35112
http://www.securityfocus.com/bid/35112
35230
http://secunia.com/advisories/35230
43314
http://secunia.com/advisories/43314
54791
http://osvdb.org/54791
ADV-2009-1448
http://www.vupen.com/english/advisories/2009/1448
MDVSA-2010:054
http://www.mandriva.com/security/advisories?name=MDVSA-2010:054
[oss-security] 20090527 CVE assignment notification (pam_krb5 CVE-2009-1384)
http://www.openwall.com/lists/oss-security/2009/05/27/1
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=502602
oval:org.mitre.oval:def:7081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081
oval:org.mitre.oval:def:9652
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67161
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0258
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0258. The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time. A flaw was found in pam_krb5. In some non-default configurations (specifically, those where pam_krb5 would be the first module to prompt for a password), the text of the password prompt varied based on whether or not the username provided was a username known to the system. A remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. (CVE-2009-1384) Solution: Users of pam_krb5 are advised to upgrade to these updated packages, which resolve these issues. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0258.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1384 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 35112 http://www.securityfocus.com/bid/35112 35230 http://secunia.com/advisories/35230 43314 http://secunia.com/advisories/43314 54791 http://osvdb.org/54791 ADV-2009-1448 http://www.vupen.com/english/advisories/2009/1448 MDVSA-2010:054 http://www.mandriva.com/security/advisories?name=MDVSA-2010:054 [oss-security] 20090527 CVE assignment notification (pam_krb5 CVE-2009-1384) http://www.openwall.com/lists/oss-security/2009/05/27/1 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=502602 oval:org.mitre.oval:def:7081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081 oval:org.mitre.oval:def:9652 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com