Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0420)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0420

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0420)

Resumen: The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2017-0420 advisory.

Descripción: Summary:
The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2017-0420 advisory.

Vulnerability Insight:
An authentication bypass flaw was found in the way krb5's certauth
interface handled the validation of client certificates. A remote
attacker able to communicate with the KDC could potentially use this
flaw to impersonate arbitrary principals under rare and erroneous
circumstances (CVE-2017-7562).
Note that this issue only affects Mageia 6.

RFC 2744 permits a GSS-API implementation to delete an existing security
context on a second or subsequent call to gss_init_sec_context() or
gss_accept_sec_context() if the call results in an error. This API
behavior has been found to be dangerous, leading to the possibility of
memory errors in some callers. For safety, GSS-API implementations
should instead preserve existing security contexts on error until the
caller deletes them (CVE-2017-11462).

A buffer overflow vulnerability was found in get_matching_data()
function when both the CA cert and the user cert have a long subject
affecting krb5 that includes certauth plugin. Attack requires a
validated certificate with a long subject and issuer, and a
'pkinit_cert_match' string attribute on some principal in the database.
A remote code execution exploit might also require that the attacker
gets to choose the contents of the issuer in the validated cert
(CVE-2017-15088).

Affected Software/OS:
'krb5' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-11462
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/
Common Vulnerability Exposure (CVE) ID: CVE-2017-15088
BugTraq ID: 101594
http://www.securityfocus.com/bid/101594
Common Vulnerability Exposure (CVE) ID: CVE-2017-7562
100511
http://www.securityfocus.com/bid/100511
RHSA-2018:0666
https://access.redhat.com/errata/RHSA-2018:0666
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562
https://github.com/krb5/krb5/pull/694
https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196
https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2
https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0420
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0420)
Resumen:	The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2017-0420 advisory.
Descripción:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2017-0420 advisory. Vulnerability Insight: An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances (CVE-2017-7562). Note that this issue only affects Mageia 6. RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context() if the call results in an error. This API behavior has been found to be dangerous, leading to the possibility of memory errors in some callers. For safety, GSS-API implementations should instead preserve existing security contexts on error until the caller deletes them (CVE-2017-11462). A buffer overflow vulnerability was found in get_matching_data() function when both the CA cert and the user cert have a long subject affecting krb5 that includes certauth plugin. Attack requires a validated certificate with a long subject and issuer, and a 'pkinit_cert_match' string attribute on some principal in the database. A remote code execution exploit might also require that the attacker gets to choose the contents of the issuer in the validated cert (CVE-2017-15088). Affected Software/OS: 'krb5' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11462 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/ Common Vulnerability Exposure (CVE) ID: CVE-2017-15088 BugTraq ID: 101594 http://www.securityfocus.com/bid/101594 Common Vulnerability Exposure (CVE) ID: CVE-2017-7562 100511 http://www.securityfocus.com/bid/100511 RHSA-2018:0666 https://access.redhat.com/errata/RHSA-2018:0666 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562 https://github.com/krb5/krb5/pull/694 https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196 https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2 https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d
Copyright	Copyright (C) 2022 Greenbone AG