Test ID:	1.3.6.1.4.1.25623.1.0.58568
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:174-1 (krb5)
Summary:	Mandrake Security Advisory MDKSA-2007:174-1 (krb5)
Description:	The remote host is missing an update to krb5 announced via advisory MDKSA-2007:174-1. A stack buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security. A remote unauthenticated user who could access kadmind would be able to trigger the flaw and cause it to crash (CVE-2007-3999). This issue is only applicable to Kerberos 1.4 and higher. Garrett Wollman found an uninitialized pointer vulnerability in kadmind which a remote unauthenticated attacker able to access kadmind could exploit to cause kadmind to crash (CVE-2007-4000). This issue is only applicable to Kerberos 1.5 and higher. Update: The MIT Kerberos Team found a problem with the originally published patch for CVE-2007-3999. A remote unauthenticated attacker able to access kadmind could trigger this flaw and cause kadmind to crash. Updated packages have been patched to prevent these issues. Affected: 2007.0, 2007.1, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:174-1 Risk factor : Critical
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3999 Bugtraq: 20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/archive/1/478748/100/0/threaded Bugtraq: 20070912 ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/479251/100/0/threaded http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html https://bugzilla.redhat.com/show_bug.cgi?id=250973 http://www.zerodayinitiative.com/advisories/ZDI-07-052.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html Debian Security Information: DSA-1367 (Google Search) http://www.debian.org/security/2007/dsa-1367 Debian Security Information: DSA-1368 (Google Search) http://www.debian.org/security/2007/dsa-1368 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00173.html http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://security.gentoo.org/glsa/glsa-200710-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 http://www.mandriva.com/security/advisories?name=MDKSA-2007:181 http://www.redhat.com/support/errata/RHSA-2007-0858.html http://www.redhat.com/support/errata/RHSA-2007-0913.html http://www.redhat.com/support/errata/RHSA-2007-0951.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1 SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) http://www.novell.com/linux/security/advisories/2007_19_sr.html SuSE Security Announcement: SUSE-SR:2007:024 (Google Search) http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.trustix.org/errata/2007/0026/ http://www.ubuntu.com/usn/usn-511-1 Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html CERT/CC vulnerability note: VU#883632 http://www.kb.cert.org/vuls/id/883632 BugTraq ID: 25534 http://www.securityfocus.com/bid/25534 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9379 http://www.vupen.com/english/advisories/2007/3051 http://www.vupen.com/english/advisories/2007/3052 http://www.vupen.com/english/advisories/2007/3060 http://www.vupen.com/english/advisories/2007/3868 http://www.vupen.com/english/advisories/2008/0803/references http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3162 http://www.securitytracker.com/id?1018647 http://secunia.com/advisories/26680 http://secunia.com/advisories/26699 http://secunia.com/advisories/26728 http://secunia.com/advisories/26676 http://secunia.com/advisories/26684 http://secunia.com/advisories/26691 http://secunia.com/advisories/26700 http://secunia.com/advisories/26705 http://secunia.com/advisories/26792 http://secunia.com/advisories/26783 http://secunia.com/advisories/26822 http://secunia.com/advisories/26896 http://secunia.com/advisories/26697 http://secunia.com/advisories/27043 http://secunia.com/advisories/27081 http://secunia.com/advisories/26987 http://secunia.com/advisories/26713 http://secunia.com/advisories/27146 http://secunia.com/advisories/27643 http://secunia.com/advisories/27756 http://secunia.com/advisories/29247 http://secunia.com/advisories/29270 http://securityreason.com/securityalert/3092 XForce ISS Database: kerberos-rpcsecgss-bo(36437) http://xforce.iss.net/xforce/xfdb/36437 Common Vulnerability Exposure (CVE) ID: CVE-2007-4000 Bugtraq: 20070907 FLEA-2007-0050-1 krb5 krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/archive/1/478794/100/0/threaded https://bugzilla.redhat.com/show_bug.cgi?id=250976 CERT/CC vulnerability note: VU#377544 http://www.kb.cert.org/vuls/id/377544 BugTraq ID: 25533 http://www.securityfocus.com/bid/25533 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9278 XForce ISS Database: kerberos-modifypolicy-code-execution(36438) http://xforce.iss.net/xforce/xfdb/36438 Common Vulnerability Exposure (CVE) ID: CVE-2007-4743 Debian Security Information: DSA-1387 (Google Search) http://www.debian.org/security/2007/dsa-1387 http://www.redhat.com/support/errata/RHSA-2007-0892.html http://www.ubuntu.com/usn/usn-511-2 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10239
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: