Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0345
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0345)
Summary:	The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2014-0345 advisory.
Description:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the MGASA-2014-0345 advisory. Vulnerability Insight: MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session (CVE-2014-4341, CVE-2014-4342). MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL pointer dereference, while processing invalid SPNEGO tokens (CVE-2014-4343, CVE-2014-4344). In MIT Kerberos 5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow) (CVE-2014-4345). Affected Software/OS: 'krb5' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4341 BugTraq ID: 68909 http://www.securityfocus.com/bid/68909 Debian Security Information: DSA-3000 (Google Search) http://www.debian.org/security/2014/dsa-3000 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html http://security.gentoo.org/glsa/glsa-201412-53.xml http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 RedHat Security Advisories: RHSA-2015:0439 http://rhn.redhat.com/errata/RHSA-2015-0439.html http://www.securitytracker.com/id/1030706 http://secunia.com/advisories/59102 http://secunia.com/advisories/60082 http://secunia.com/advisories/60448 XForce ISS Database: mit-kerberos-cve20144341-dos(94904) https://exchange.xforce.ibmcloud.com/vulnerabilities/94904 Common Vulnerability Exposure (CVE) ID: CVE-2014-4342 BugTraq ID: 68908 http://www.securityfocus.com/bid/68908 XForce ISS Database: mit-kerberos-cve20144342-dos(94903) https://exchange.xforce.ibmcloud.com/vulnerabilities/94903 Common Vulnerability Exposure (CVE) ID: CVE-2014-4343 BugTraq ID: 69159 http://www.securityfocus.com/bid/69159 http://www.osvdb.org/109390 http://secunia.com/advisories/61052 XForce ISS Database: kerberos-cve20144343-dos(95211) https://exchange.xforce.ibmcloud.com/vulnerabilities/95211 Common Vulnerability Exposure (CVE) ID: CVE-2014-4344 BugTraq ID: 69160 http://www.securityfocus.com/bid/69160 http://www.osvdb.org/109389 http://secunia.com/advisories/61051 XForce ISS Database: kerberos-cve20144344-dos(95210) https://exchange.xforce.ibmcloud.com/vulnerabilities/95210 Common Vulnerability Exposure (CVE) ID: CVE-2014-4345 BugTraq ID: 69168 http://www.securityfocus.com/bid/69168 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html http://www.osvdb.org/109908 RedHat Security Advisories: RHSA-2014:1255 http://rhn.redhat.com/errata/RHSA-2014-1255.html http://www.securitytracker.com/id/1030705 http://secunia.com/advisories/59415 http://secunia.com/advisories/59993 http://secunia.com/advisories/60535 http://secunia.com/advisories/60776 http://secunia.com/advisories/61314 http://secunia.com/advisories/61353 SuSE Security Announcement: SUSE-SU-2014:1028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html SuSE Security Announcement: openSUSE-SU-2014:1043 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html XForce ISS Database: kerberos-cve20144345-bo(95212) https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.