Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:070 (krb5)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.60597
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:070 (krb5)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to krb5 announced via advisory MDVSA-2008:070. A memory management flaw was found in the GSSAPI library used by Kerberos that could result in an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code (CVE-2007-5971). A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly %execute arbitrary code using malformed or truncated Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063). This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. Kerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf. A flaw in the RPC library as used in Kerberos' kadmind was discovered by Jeff Altman of Secure Endpoints. An unauthenticated remote attacker could use this vulnerability to crash kadmind or possibly execute arbitrary code in systems with certain resource limits configured this does not affect the default resource limits used by Mandriva Linux (CVE-2008-0947). The updated packages have been patched to correct these issues. Affected: 2007.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:070 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5971 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 26750 http://www.securityfocus.com/bid/26750 Bugtraq: 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/489883/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://security.gentoo.org/glsa/glsa-200803-31.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:069 http://www.mandriva.com/security/advisories?name=MDVSA-2008:070 http://bugs.gentoo.org/show_bug.cgi?id=199212 http://osvdb.org/43345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10296 http://www.redhat.com/support/errata/RHSA-2008-0164.html http://www.redhat.com/support/errata/RHSA-2008-0180.html http://secunia.com/advisories/28636 http://secunia.com/advisories/29420 http://secunia.com/advisories/29450 http://secunia.com/advisories/29451 http://secunia.com/advisories/29457 http://secunia.com/advisories/29462 http://secunia.com/advisories/29464 http://secunia.com/advisories/29516 http://secunia.com/advisories/39290 http://secunia.com/advisories/39784 SuSE Security Announcement: SUSE-SR:2008:002 (Google Search) http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://ubuntu.com/usn/usn-924-1 http://www.ubuntu.com/usn/USN-940-1 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2010/1192 Common Vulnerability Exposure (CVE) ID: CVE-2008-0062 BugTraq ID: 28303 http://www.securityfocus.com/bid/28303 Bugtraq: 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc (Google Search) http://www.securityfocus.com/archive/1/489761 Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search) http://www.securityfocus.com/archive/1/493080/100/0/threaded CERT/CC vulnerability note: VU#895609 http://www.kb.cert.org/vuls/id/895609 Debian Security Information: DSA-1524 (Google Search) http://www.debian.org/security/2008/dsa-1524 http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml HPdes Security Advisory: HPSBOV02682 http://marc.info/?l=bugtraq&m=130497213107107&w=2 HPdes Security Advisory: SSRT100495 http://www.mandriva.com/security/advisories?name=MDVSA-2008:071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496 http://www.redhat.com/support/errata/RHSA-2008-0181.html http://www.redhat.com/support/errata/RHSA-2008-0182.html http://www.securitytracker.com/id?1019626 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secunia.com/advisories/29663 http://secunia.com/advisories/30535 SuSE Security Announcement: SUSE-SA:2008:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://www.ubuntu.com/usn/usn-587-1 http://www.vupen.com/english/advisories/2008/0922/references http://www.vupen.com/english/advisories/2008/1102/references http://www.vupen.com/english/advisories/2008/1744 XForce ISS Database: krb5-kdc-code-execution(41275) https://exchange.xforce.ibmcloud.com/vulnerabilities/41275 Common Vulnerability Exposure (CVE) ID: CVE-2008-0063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8916 http://www.securitytracker.com/id?1019627 XForce ISS Database: krb5-kdc-kerberos4-info-disclosure(41277) https://exchange.xforce.ibmcloud.com/vulnerabilities/41277 Common Vulnerability Exposure (CVE) ID: CVE-2008-0947 BugTraq ID: 28302 http://www.securityfocus.com/bid/28302 http://www.securityfocus.com/archive/1/489762/100/0/threaded Bugtraq: 20080318 MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject) (Google Search) http://www.securityfocus.com/archive/1/489784/100/0/threaded Cert/CC Advisory: TA08-079B http://www.us-cert.gov/cas/techalerts/TA08-079B.html CERT/CC vulnerability note: VU#374121 http://www.kb.cert.org/vuls/id/374121 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10984 http://www.securitytracker.com/id?1019631 http://securityreason.com/securityalert/3752 XForce ISS Database: krb5-rpclibrary-bo(41273) https://exchange.xforce.ibmcloud.com/vulnerabilities/41273
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com