English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.122742
Category:Oracle Linux Local Security Checks
Title:Oracle: Security Advisory (ELSA-2015-2154)
Summary:The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2015-2154 advisory.
Description:Summary:
The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2015-2154 advisory.

Vulnerability Insight:
[1.13.2-9]
- Add patch and test case for 'KDC does not return proper
client principal for client referrals'
- Resolves: #1259846

[1.13.2-9]
- Amend patch for RedHat bug #1252454 ('testsuite complains
'Lifetime has increased by 32436 sec while 0 sec passed!',
while rhel5-libkrb5 passes') to handle the newly introduced
valgrind hits.

[1.13.2-8]
- Add a patch to fix RH Bug #1250154 ('[s390x, ppc64, ppc64le]:
kadmind does not accept ACL if kadm5.acl does not end with EOL')
The code 'accidently' works on x86/AMD64 because declaring a
variable char results in an unsigned char by default while
most other platforms (e.g. { s390x, ppc64, ppc64le, ...})
default to signed char (still have to use lint(1) to clean
up 38 more instances of this kind of bug).

[1.13.2-7]
- Obsolete multilib versions of server packages to fix RH
bug #1251913 ('krb5 should obsolete the multilib versions
of krb5-server and krb5-server-ldap').
The following packages are declared obsolete:
- krb5-server-1.11.3-49.el7.i686
- krb5-server-1.11.3-49.el7.ppc
- krb5-server-1.11.3-49.el7.s390
- krb5-server-ldap-1.11.3-49.el7.i686
- krb5-server-ldap-1.11.3-49.el7.ppc
- krb5-server-ldap-1.11.3-49.el7.s390

[1.13.2-6]
- Add a patch to fix RedHat bug #1252454 ('testsuite complains
'Lifetime has increased by 32436 sec while 0 sec passed!',
while rhel5-libkrb5 passes') so that krb5 resolves GSS creds
if time_rec is requested.

[1.13.2-5]
- Add a patch to fix RedHat bug #1251586 ('KDC sends multiple
requests to ipa-otpd for the same authentication') which causes
the KDC to send multiple retries to ipa-otpd for TCP transports
while it should only be done for UDP.

[1.13.2-4]
- the rebase to krb5 1.13.2 in vers 1.13.2-0 also fixed:
- Redhat Bug #1247761 ('RFE: Minor krb5 spec file cleanup and sync
with recent Fedora 22/23 changes')
- Redhat Bug #1247751 ('krb5-config returns wrong -specs path')
- Redhat Bug #1247608 ('Add support for multi-hop preauth mechs
via KDC_ERR_MORE_PREAUTH_DATA_REQUIRED for RFC 6113 ('A
Generalized Framework for Kerberos Pre-Authentication')')
- Removed 'krb5-1.10-kprop-mktemp.patch' and
'krb5-1.3.4-send-pr-tempfile.patch', both are no longer used since
the rebase to krb5 1.13.1

[1.13.2-3]
- Add patch to fix Redhat Bug #1222903 ('[SELinux] AVC denials may appear
when kadmind starts'). The issue was caused by an unneeded htons()
which triggered SELinux AVC denials due to the 'random' port usage.

[1.13.2-2]
- Add fix for RedHat Bug #1164304 ('Upstream unit tests loads
the installed shared libraries instead the ones from the build')

[1.13.2-1]
- the rebase to krb5 1.13.1 in vers 1.13.1-0 also fixed:
- Bug 1144498 ('Fix the race condition in the libkrb5 replay cache')
- Bug 1163402 ('kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64')
- Bug 1185770 ('Missing ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'krb5' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-5355
BugTraq ID: 74042
http://www.securityfocus.com/bid/74042
http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
RedHat Security Advisories: RHSA-2015:0794
http://rhn.redhat.com/errata/RHSA-2015-0794.html
SuSE Security Announcement: openSUSE-SU-2015:0542 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html
http://www.ubuntu.com/usn/USN-2810-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-2694
BugTraq ID: 74824
http://www.securityfocus.com/bid/74824
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.