Buffer overflow : MIT Kerberos5 Multiple Integer Underflow Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800433

Categoría: Buffer overflow

Título: MIT Kerberos5 Multiple Integer Underflow Vulnerabilities

Resumen: MIT Kerberos5 is prone to multiple integer underflow vulnerabilities.

Descripción: Summary:
MIT Kerberos5 is prone to multiple integer underflow vulnerabilities.

Vulnerability Insight:
Multiple Integer Underflow due to errors within the 'AES' and 'RC4'
decryption functionality in the crypto library in MIT Kerberos when processing ciphertext with a
length that is too short to be valid.

Vulnerability Impact:
Successful exploitation will allow an attacker to cause a Denial of
Service (DoS) or possibly execute arbitrary code.

Affected Software/OS:
MIT Kerberos5 versions 1.3 through 1.6.3, and version 1.7.

Solution:
Apply the patch mentioned in the references.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4212
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
BugTraq ID: 37749
http://www.securityfocus.com/bid/37749
Debian Security Information: DSA-1969 (Google Search)
http://www.debian.org/security/2010/dsa-1969
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html
HPdes Security Advisory: HPSBOV02682
http://marc.info/?l=bugtraq&m=130497213107107&w=2
HPdes Security Advisory: SSRT100495
http://www.mandriva.com/security/advisories?name=MDVSA-2010:006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192
RedHat Security Advisories: RHSA-2010:0029
https://rhn.redhat.com/errata/RHSA-2010-0029.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://www.securitytracker.com/id?1023440
http://secunia.com/advisories/38080
http://secunia.com/advisories/38108
http://secunia.com/advisories/38126
http://secunia.com/advisories/38140
http://secunia.com/advisories/38184
http://secunia.com/advisories/38203
http://secunia.com/advisories/38696
http://secunia.com/advisories/40220
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1
http://ubuntu.com/usn/usn-881-1
http://www.vupen.com/english/advisories/2010/0096
http://www.vupen.com/english/advisories/2010/0129
http://www.vupen.com/english/advisories/2010/1481

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800433
Categoría:	Buffer overflow
Título:	MIT Kerberos5 Multiple Integer Underflow Vulnerabilities
Resumen:	MIT Kerberos5 is prone to multiple integer underflow vulnerabilities.
Descripción:	Summary: MIT Kerberos5 is prone to multiple integer underflow vulnerabilities. Vulnerability Insight: Multiple Integer Underflow due to errors within the 'AES' and 'RC4' decryption functionality in the crypto library in MIT Kerberos when processing ciphertext with a length that is too short to be valid. Vulnerability Impact: Successful exploitation will allow an attacker to cause a Denial of Service (DoS) or possibly execute arbitrary code. Affected Software/OS: MIT Kerberos5 versions 1.3 through 1.6.3, and version 1.7. Solution: Apply the patch mentioned in the references. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4212 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 37749 http://www.securityfocus.com/bid/37749 Debian Security Information: DSA-1969 (Google Search) http://www.debian.org/security/2010/dsa-1969 http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033915.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033919.html HPdes Security Advisory: HPSBOV02682 http://marc.info/?l=bugtraq&m=130497213107107&w=2 HPdes Security Advisory: SSRT100495 http://www.mandriva.com/security/advisories?name=MDVSA-2010:006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11272 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7357 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8192 RedHat Security Advisories: RHSA-2010:0029 https://rhn.redhat.com/errata/RHSA-2010-0029.html RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://www.securitytracker.com/id?1023440 http://secunia.com/advisories/38080 http://secunia.com/advisories/38108 http://secunia.com/advisories/38126 http://secunia.com/advisories/38140 http://secunia.com/advisories/38184 http://secunia.com/advisories/38203 http://secunia.com/advisories/38696 http://secunia.com/advisories/40220 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021779.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1 http://ubuntu.com/usn/usn-881-1 http://www.vupen.com/english/advisories/2010/0096 http://www.vupen.com/english/advisories/2010/0129 http://www.vupen.com/english/advisories/2010/1481
Copyright	Copyright (C) 2010 Greenbone AG