Test ID:	1.3.6.1.4.1.25623.1.0.131107
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2015-0436)
Summary:	The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2015-0436 advisory.
Description:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2015-0436 advisory. Vulnerability Insight: Updated krb5 packages fix security vulnerabilities: In MIT krb5 1.5 and later, applications which call gss_inquire_context() on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. This bug may go unnoticed, because the most common SPNEGO authentication scenario establishes the context after just one call to gss_accept_sec_context(). Java server applications using the native JGSS provider are vulnerable to this bug. A carefully crafted SPNEGO packet might allow the gss_inquire_context() call to succeed with attacker-determined results, but applications should not make access control decisions based on gss_inquire_context() results prior to context establishment (CVE-2015-2695). In MIT krb5 1.9 and later, applications which call gss_inquire_context() on a partially-established IAKERB context can cause the GSS-API library to read from a pointer using the wrong type, generally causing a process crash. Java server applications using the native JGSS provider are vulnerable to this bug. A carefully crafted IAKERB packet might allow the gss_inquire_context() call to succeed with attacker-determined results, but applications should not make access control decisions based on gss_inquire_context() results prior to context establishment (CVE-2015-2696). In MIT krb5 1.7 and later, an authenticated attacker may be able to cause a KDC to crash using a TGS request with a large realm field beginning with a null byte. If the KDC attempts to find a referral to answer the request, it constructs a principal name for lookup using krb5_build_principal() with the requested realm. Due to a bug in this function, the null byte causes only one byte be allocated for the realm field of the constructed principal, far less than its length. Subsequent operations on the lookup principal may cause a read beyond the end of the mapped memory region, causing the KDC process to crash (CVE-2015-2697). Affected Software/OS: 'krb5' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2695 BugTraq ID: 90687 http://www.securityfocus.com/bid/90687 Debian Security Information: DSA-3395 (Google Search) http://www.debian.org/security/2015/dsa-3395 https://security.gentoo.org/glsa/201611-14 http://www.securitytracker.com/id/1034084 SuSE Security Announcement: SUSE-SU-2015:1897 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html SuSE Security Announcement: SUSE-SU-2015:1898 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html SuSE Security Announcement: openSUSE-SU-2015:1928 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:1997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://www.ubuntu.com/usn/USN-2810-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2696 BugTraq ID: 90675 http://www.securityfocus.com/bid/90675 Common Vulnerability Exposure (CVE) ID: CVE-2015-2697 BugTraq ID: 77581 http://www.securityfocus.com/bid/77581
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.