Test ID:	1.3.6.1.4.1.25623.1.0.831320
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for krb5 MDVSA-2011:025 (krb5)
Summary:	The remote host is missing an update for the 'krb5'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities were discovered and corrected in krb5: The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on From receiving database updates from the master KDC (CVE-2010-4022). The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks from unauthenticated remote attackers (CVE-2011-0281, CVE-2011-0282). The updated packages have been patched to correct this issue. Affected Software/OS: krb5 on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4022 BugTraq ID: 46269 http://www.securityfocus.com/bid/46269 Bugtraq: 20110208 MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022] (Google Search) http://www.securityfocus.com/archive/1/516286/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2011:025 http://www.redhat.com/support/errata/RHSA-2011-0200.html http://www.securitytracker.com/id?1025035 http://secunia.com/advisories/43260 http://secunia.com/advisories/43275 http://securityreason.com/securityalert/8070 SuSE Security Announcement: SUSE-SR:2011:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://www.vupen.com/english/advisories/2011/0329 http://www.vupen.com/english/advisories/2011/0333 http://www.vupen.com/english/advisories/2011/0347 http://www.vupen.com/english/advisories/2011/0464 Common Vulnerability Exposure (CVE) ID: CVE-2011-0281 BugTraq ID: 46265 http://www.securityfocus.com/bid/46265 Bugtraq: 20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] (Google Search) http://www.securityfocus.com/archive/1/516299/100/0/threaded Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2011:024 http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html http://www.redhat.com/support/errata/RHSA-2011-0199.html http://www.securitytracker.com/id?1025037 http://secunia.com/advisories/43273 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8073 http://www.vupen.com/english/advisories/2011/0330 XForce ISS Database: kerberos-ldap-descriptor-dos(65324) https://exchange.xforce.ibmcloud.com/vulnerabilities/65324 Common Vulnerability Exposure (CVE) ID: CVE-2011-0282 BugTraq ID: 46271 http://www.securityfocus.com/bid/46271 XForce ISS Database: kerberos-ldap-dos(65323) https://exchange.xforce.ibmcloud.com/vulnerabilities/65323
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.