FreeBSD Local Security Checks : FreeBSD Ports: krb5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68691

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: krb5

Resumen: The remote host is missing an update to the system;as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: krb5

CVE-2010-4021
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7
does not properly restrict the use of TGT credentials for armoring TGS
requests, which might allow remote authenticated users to impersonate
a client by rewriting an inner request, aka a 'KrbFastReq forgery
issue.'

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
2.1

CVSS Vector:
AV:N/AC:H/Au:S/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4021
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
BugTraq ID: 45122
http://www.securityfocus.com/bid/45122
Bugtraq: 20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] (Google Search)
http://www.securityfocus.com/archive/1/514953/100/0/threaded
Bugtraq: 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://osvdb.org/69607
http://www.securitytracker.com/id?1024803
SuSE Security Announcement: SUSE-SR:2010:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://www.ubuntu.com/usn/USN-1030-1
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3118

Copyright Copyright (C) 2011 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68691
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: krb5
Resumen:	The remote host is missing an update to the system;as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: krb5 CVE-2010-4021 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a 'KrbFastReq forgery issue.' Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 2.1 CVSS Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4021 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 45122 http://www.securityfocus.com/bid/45122 Bugtraq: 20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] (Google Search) http://www.securityfocus.com/archive/1/514953/100/0/threaded Bugtraq: 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/517739/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2010:246 http://lists.vmware.com/pipermail/security-announce/2011/000133.html http://osvdb.org/69607 http://www.securitytracker.com/id?1024803 SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://www.ubuntu.com/usn/USN-1030-1 http://www.vupen.com/english/advisories/2010/3094 http://www.vupen.com/english/advisories/2010/3118
Copyright	Copyright (C) 2011 E-Soft Inc.