English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60581
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2008:016 (krb5)
Summary:SuSE Security Advisory SUSE-SA:2008:016 (krb5)
Description:
The remote host is missing updates announced in
advisory SUSE-SA:2008:016.

The krb5 package is the implementation of the Kerberos protocol suite
from MIT.
This update fixes three vulnerabilities, two of them are only possible if
krb4 support is enabled:
- CVE-2008-0062: null/dangling pointer (krb4)
- CVE-2008-0063: operations on uninitialized buffer content,
possible information leak (krb4)
- CVE-2008-0947/8: out-of-bound array
access in kadmind's RPC lib

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2008:016

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0062
Bugtraq: 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc (Google Search)
http://www.securityfocus.com/archive/1/489761
Bugtraq: 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search)
http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded
Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Debian Security Information: DSA-1524 (Google Search)
http://www.debian.org/security/2008/dsa-1524
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
HPdes Security Advisory: HPSBOV02682
http://marc.info/?l=bugtraq&m=130497213107107&w=2
HPdes Security Advisory: SSRT100495
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
http://www.redhat.com/support/errata/RHSA-2008-0164.html
http://www.redhat.com/support/errata/RHSA-2008-0180.html
http://www.redhat.com/support/errata/RHSA-2008-0181.html
http://www.redhat.com/support/errata/RHSA-2008-0182.html
SuSE Security Announcement: SUSE-SA:2008:016 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
http://www.ubuntu.com/usn/usn-587-1
CERT/CC vulnerability note: VU#895609
http://www.kb.cert.org/vuls/id/895609
BugTraq ID: 28303
http://www.securityfocus.com/bid/28303
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9496
http://www.vupen.com/english/advisories/2008/0922/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1102/references
http://www.vupen.com/english/advisories/2008/1744
http://www.securitytracker.com/id?1019626
http://secunia.com/advisories/29428
http://secunia.com/advisories/29438
http://secunia.com/advisories/29420
http://secunia.com/advisories/29435
http://secunia.com/advisories/29450
http://secunia.com/advisories/29451
http://secunia.com/advisories/29457
http://secunia.com/advisories/29464
http://secunia.com/advisories/29423
http://secunia.com/advisories/29462
http://secunia.com/advisories/29516
http://secunia.com/advisories/29663
http://secunia.com/advisories/29424
http://secunia.com/advisories/30535
XForce ISS Database: krb5-kdc-code-execution(41275)
http://xforce.iss.net/xforce/xfdb/41275
Common Vulnerability Exposure (CVE) ID: CVE-2008-0063
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8916
http://www.securitytracker.com/id?1019627
XForce ISS Database: krb5-kdc-kerberos4-info-disclosure(41277)
http://xforce.iss.net/xforce/xfdb/41277
Common Vulnerability Exposure (CVE) ID: CVE-2008-0947
http://www.securityfocus.com/archive/1/archive/1/489762/100/0/threaded
Bugtraq: 20080318 MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/489784/100/0/threaded
http://security.gentoo.org/glsa/glsa-200803-31.xml
Cert/CC Advisory: TA08-079B
http://www.us-cert.gov/cas/techalerts/TA08-079B.html
CERT/CC vulnerability note: VU#374121
http://www.kb.cert.org/vuls/id/374121
BugTraq ID: 28302
http://www.securityfocus.com/bid/28302
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10984
http://www.securitytracker.com/id?1019631
http://securityreason.com/securityalert/3752
XForce ISS Database: krb5-rpclibrary-bo(41273)
http://xforce.iss.net/xforce/xfdb/41273
Common Vulnerability Exposure (CVE) ID: CVE-2008-0948
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9209
XForce ISS Database: krb5-rpclibrary-fdsetsize-bo(41274)
http://xforce.iss.net/xforce/xfdb/41274
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.