Test ID:	1.3.6.1.4.1.25623.1.0.123967
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2012-0306)
Summary:	The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2012-0306 advisory.
Description:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the ELSA-2012-0306 advisory. Vulnerability Insight: [1.6.1-70.el5] - add upstream patch for telnetd buffer overflow (CVE-2011-4862, #770351) [1.6.1-69.el5] - ftp: fix a static analysis should-never-happen NULL dereference (#750823) [1.6.1-68.el5] - backport fixes to teach libkrb5 to use descriptors higher than FD_SETSIZE to talk to a KDC by using poll() if it's detected at compile-time, revised (#701444, RT#6905) [1.6.1-67.el5] - add backported patch by way of jbarbuc to free subkeys created by the KDC while processing TGS requests (#708516) [1.6.1-66.el5] - add backported patch by way of several people to better avoid false detection of replay attacks when talking to systems with coarse time resolution (#713500) [1.6.1-65.el5] - ftpd: add backported patch to check for errors when calling setegid (MITKRB5-SA-2011-005, CVE-2011-1526, #719098) [1.6.1-64.el5] - klist: don't trip over referral entries when invoked with -s (#729067, RT#6915) Affected Software/OS: 'krb5' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1526 BugTraq ID: 48571 http://www.securityfocus.com/bid/48571 Bugtraq: 20110705 MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526] (Google Search) http://www.securityfocus.com/archive/1/518733/100/0/threaded Debian Security Information: DSA-2283 (Google Search) http://www.debian.org/security/2011/dsa-2283 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:117 http://www.osvdb.org/73617 http://www.redhat.com/support/errata/RHSA-2011-0920.html http://secunia.com/advisories/45145 http://secunia.com/advisories/45157 http://secunia.com/advisories/48101 http://securityreason.com/securityalert/8301 SuSE Security Announcement: SUSE-SU-2012:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html SuSE Security Announcement: SUSE-SU-2012:0018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html SuSE Security Announcement: SUSE-SU-2012:0042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html SuSE Security Announcement: SUSE-SU-2012:0050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html SuSE Security Announcement: openSUSE-SU-2011:1169 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html SuSE Security Announcement: openSUSE-SU-2012:0019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html SuSE Security Announcement: openSUSE-SU-2012:0051 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html XForce ISS Database: kerberos-krb5appl-priv-esc(68398) https://exchange.xforce.ibmcloud.com/vulnerabilities/68398
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.