Windows : Microsoft Bulletins : Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902288

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)

Resumen: This host is missing a critical security update according to Microsoft; Bulletin MS11-013.

Descripción: Summary:
This host is missing a critical security update according to Microsoft
Bulletin MS11-013.

Vulnerability Insight:
The flaws are due to:

- An error in Kerberos implementation supporting weak hashing mechanisms
such as CRC32.

- An error in Kerberos that does not correctly enforce stronger default
encryption standards.

Vulnerability Impact:
Successful exploitation could allow authenticated attackers to obtain a token
with elevated privileges on the affected system and allows a man-in-the-middle
attacker to force a downgrade in Kerberos communication between a client and
server.

Affected Software/OS:
- Microsoft Windows 7 Service Pack 1 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0043
BugTraq ID: 46130
http://www.securityfocus.com/bid/46130
Microsoft Security Bulletin: MS11-013
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-013
http://osvdb.org/70834
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12432
http://www.securitytracker.com/id?1025048
http://secunia.com/advisories/43251
http://www.vupen.com/english/advisories/2011/0326
XForce ISS Database: ms-kerberos-checksum-privilege-escalation(64900)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64900
Common Vulnerability Exposure (CVE) ID: CVE-2011-0091
BugTraq ID: 46140
http://www.securityfocus.com/bid/46140
http://osvdb.org/70835
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12498
http://secunia.com/advisories/43257
XForce ISS Database: ms-kerberos-spoofing(64901)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64901

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902288
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)
Resumen:	This host is missing a critical security update according to Microsoft; Bulletin MS11-013.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-013. Vulnerability Insight: The flaws are due to: - An error in Kerberos implementation supporting weak hashing mechanisms such as CRC32. - An error in Kerberos that does not correctly enforce stronger default encryption standards. Vulnerability Impact: Successful exploitation could allow authenticated attackers to obtain a token with elevated privileges on the affected system and allows a man-in-the-middle attacker to force a downgrade in Kerberos communication between a client and server. Affected Software/OS: - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0043 BugTraq ID: 46130 http://www.securityfocus.com/bid/46130 Microsoft Security Bulletin: MS11-013 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-013 http://osvdb.org/70834 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12432 http://www.securitytracker.com/id?1025048 http://secunia.com/advisories/43251 http://www.vupen.com/english/advisories/2011/0326 XForce ISS Database: ms-kerberos-checksum-privilege-escalation(64900) https://exchange.xforce.ibmcloud.com/vulnerabilities/64900 Common Vulnerability Exposure (CVE) ID: CVE-2011-0091 BugTraq ID: 46140 http://www.securityfocus.com/bid/46140 http://osvdb.org/70835 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12498 http://secunia.com/advisories/43257 XForce ISS Database: ms-kerberos-spoofing(64901) https://exchange.xforce.ibmcloud.com/vulnerabilities/64901
Copyright	Copyright (C) 2011 Greenbone AG