CentOS Local Security Checks : CentOS Update for krb5-devel CESA-2016:0493 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882438

Categoría: CentOS Local Security Checks

Título: CentOS Update for krb5-devel CESA-2016:0493 centos6

Resumen: Check the version of krb5-devel

Descripción: Summary:
Check the version of krb5-devel

Vulnerability Insight:
Kerberos is a networked authentication
system which allows clients and servers to authenticate to each other with the
help of a trusted third party, the Kerberos KDC.

A memory leak flaw was found in the krb5_unparse_name() function of the MIT
Kerberos kadmind service. An authenticated attacker could repeatedly send
specially crafted requests to the server, which could cause the server to
consume large amounts of memory resources, ultimately leading to a denial
of service due to memory exhaustion. (CVE-2015-8631)

An out-of-bounds read flaw was found in the kadmind service of MIT
Kerberos. An authenticated attacker could send a maliciously crafted
message to force kadmind to read beyond the end of allocated memory, and
write the memory contents to the KDC database if the attacker has write
permission, leading to information disclosure. (CVE-2015-8629)

The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.

All krb5 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, running Kerberos services (krb5kdc, kadmin, and kprop)
will be restarted automatically.

Affected Software/OS:
krb5-devel on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-8629
BugTraq ID: 82801
http://www.securityfocus.com/bid/82801
Debian Security Information: DSA-3466 (Google Search)
http://www.debian.org/security/2016/dsa-3466
RedHat Security Advisories: RHSA-2016:0493
http://rhn.redhat.com/errata/RHSA-2016-0493.html
RedHat Security Advisories: RHSA-2016:0532
http://rhn.redhat.com/errata/RHSA-2016-0532.html
http://www.securitytracker.com/id/1034914
SuSE Security Announcement: openSUSE-SU-2016:0406 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html
SuSE Security Announcement: openSUSE-SU-2016:0501 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8631
http://www.securitytracker.com/id/1034916

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882438
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for krb5-devel CESA-2016:0493 centos6
Resumen:	Check the version of krb5-devel
Descripción:	Summary: Check the version of krb5-devel Vulnerability Insight: Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. Affected Software/OS: krb5-devel on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8629 BugTraq ID: 82801 http://www.securityfocus.com/bid/82801 Debian Security Information: DSA-3466 (Google Search) http://www.debian.org/security/2016/dsa-3466 RedHat Security Advisories: RHSA-2016:0493 http://rhn.redhat.com/errata/RHSA-2016-0493.html RedHat Security Advisories: RHSA-2016:0532 http://rhn.redhat.com/errata/RHSA-2016-0532.html http://www.securitytracker.com/id/1034914 SuSE Security Announcement: openSUSE-SU-2016:0406 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html SuSE Security Announcement: openSUSE-SU-2016:0501 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8631 http://www.securitytracker.com/id/1034916
Copyright	Copyright (C) 2016 Greenbone AG