ID de Prueba:	1.3.6.1.4.1.25623.1.0.70585
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: krb5-appl
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: krb5-appl CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, and Heimdal 1.5.1 and earlier allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4862 Bugtraq: 20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html Debian Security Information: DSA-2372 (Google Search) http://www.debian.org/security/2011/dsa-2372 Debian Security Information: DSA-2373 (Google Search) http://www.debian.org/security/2011/dsa-2373 Debian Security Information: DSA-2375 (Google Search) http://www.debian.org/security/2011/dsa-2375 http://www.exploit-db.com/exploits/18280/ http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html FreeBSD Security Advisory: FreeBSD-SA-11:08 http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc http://www.mandriva.com/security/advisories?name=MDVSA-2011:195 http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html http://osvdb.org/78020 http://www.redhat.com/support/errata/RHSA-2011-1851.html http://www.redhat.com/support/errata/RHSA-2011-1852.html http://www.redhat.com/support/errata/RHSA-2011-1853.html http://www.redhat.com/support/errata/RHSA-2011-1854.html http://www.securitytracker.com/id?1026460 http://www.securitytracker.com/id?1026463 http://secunia.com/advisories/46239 http://secunia.com/advisories/47341 http://secunia.com/advisories/47348 http://secunia.com/advisories/47357 http://secunia.com/advisories/47359 http://secunia.com/advisories/47373 http://secunia.com/advisories/47374 http://secunia.com/advisories/47397 http://secunia.com/advisories/47399 http://secunia.com/advisories/47441 SuSE Security Announcement: SUSE-SU-2012:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html SuSE Security Announcement: SUSE-SU-2012:0018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html SuSE Security Announcement: SUSE-SU-2012:0024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html SuSE Security Announcement: SUSE-SU-2012:0042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html SuSE Security Announcement: SUSE-SU-2012:0050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html SuSE Security Announcement: SUSE-SU-2012:0056 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html SuSE Security Announcement: openSUSE-SU-2012:0019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html SuSE Security Announcement: openSUSE-SU-2012:0051 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html XForce ISS Database: multiple-telnetd-bo(71970) https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
Copyright	Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.