English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 75516 Descripciones CVE y
39786 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.67276
Categoría:Ubuntu Local Security Checks
Título:Ubuntu USN-924-1 (krb5)
Resumen:Ubuntu USN-924-1 (krb5)
Descripción:The remote host is missing an update to krb5
announced via advisory USN-924-1.

Details follow:

Sol Jerome discovered that the Kerberos kadmind service did not correctly
free memory. An unauthenticated remote attacker could send specially
crafted traffic to crash the kadmind process, leading to a denial of
service. (CVE-2010-0629)

It was discovered that Kerberos did not correctly free memory in
the GSSAPI library. If a remote attacker were able to manipulate an
application using GSSAPI carefully, the service could crash, leading to
a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901,
CVE-2007-5971)

It was discovered that Kerberos did not correctly free memory in the
GSSAPI and kdb libraries. If a remote attacker were able to manipulate
an application using these libraries carefully, the service could crash,
leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.)
(CVE-2007-5902, CVE-2007-5972)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
krb5-kdc 1.6.dfsg.3~
beta1-2ubuntu1.4
libkrb53 1.6.dfsg.3~
beta1-2ubuntu1.4

Ubuntu 8.10:
krb5-kdc 1.6.dfsg.4~
beta1-3ubuntu0.4

Ubuntu 9.04:
krb5-kdc 1.6.dfsg.4~
beta1-5ubuntu2.3
libkrb53 1.6.dfsg.4~
beta1-5ubuntu2.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-924-1

Risk factor : Critical
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-5901
http://seclists.org/fulldisclosure/2007/Dec/0176.html
http://seclists.org/fulldisclosure/2007/Dec/0321.html
http://bugs.gentoo.org/show_bug.cgi?id=199214
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
http://security.gentoo.org/glsa/glsa-200803-31.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
http://www.redhat.com/support/errata/RHSA-2008-0164.html
http://ubuntu.com/usn/usn-924-1
BugTraq ID: 26750
http://www.securityfocus.com/bid/26750
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11451
http://secunia.com/advisories/39290
http://www.vupen.com/english/advisories/2008/0924/references
http://osvdb.org/43346
http://secunia.com/advisories/29451
http://secunia.com/advisories/29464
http://secunia.com/advisories/29516
Common Vulnerability Exposure (CVE) ID: CVE-2007-5902
Bugtraq: 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search)
http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded
SuSE Security Announcement: SUSE-SR:2008:002 (Google Search)
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
http://www.ubuntu.com/usn/USN-940-1
http://osvdb.org/44748
http://secunia.com/advisories/28636
http://secunia.com/advisories/29457
http://secunia.com/advisories/39784
http://www.vupen.com/english/advisories/2010/1192
Common Vulnerability Exposure (CVE) ID: CVE-2007-5971
http://bugs.gentoo.org/show_bug.cgi?id=199212
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
http://www.redhat.com/support/errata/RHSA-2008-0180.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10296
http://osvdb.org/43345
http://secunia.com/advisories/29420
http://secunia.com/advisories/29450
http://secunia.com/advisories/29462
Common Vulnerability Exposure (CVE) ID: CVE-2007-5972
http://bugs.gentoo.org/show_bug.cgi?id=199211
http://osvdb.org/44747
Common Vulnerability Exposure (CVE) ID: CVE-2010-0629
Bugtraq: 20100406 MITKRB5-SA-2010-003 [CVE-2010-0629] denial of service in kadmind in older krb5 releases (Google Search)
http://www.securityfocus.com/archive/1/archive/1/510566/100/0/threaded
Debian Security Information: DSA-2031 (Google Search)
http://www.debian.org/security/2010/dsa-2031
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:071
http://www.redhat.com/support/errata/RHSA-2010-0343.html
SuSE Security Announcement: SUSE-SR:2010:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
BugTraq ID: 39247
http://www.securityfocus.com/bid/39247
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9489
http://securitytracker.com/id?1023821
http://secunia.com/advisories/39324
http://secunia.com/advisories/39367
http://secunia.com/advisories/39264
http://secunia.com/advisories/39315
http://www.vupen.com/english/advisories/2010/0876
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 39786 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.