 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50398 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 2 FEDORA-2004-277 (krb5) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to krb5 announced via advisory FEDORA-2004-277. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. Update Information: Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0642 and CVE-2004-0643 to these issues. A double-free bug was also found in the krb524 server (CVE-2004-0772), however this issue does not affect Fedora Core. An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0644 to this issue. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 2b26718a3e533f32a1e98b401a2e21d4 SRPMS/krb5-1.3.4-6.src.rpm beebe2125e840d9cb4546465b9833d66 x86_64/krb5-devel-1.3.4-6.x86_64.rpm e00056df9058bed4b00684d2a64ffbe6 x86_64/krb5-libs-1.3.4-6.x86_64.rpm abe8cf2e80236fb5a6adfa62c6e13240 x86_64/krb5-server-1.3.4-6.x86_64.rpm 11fdd50862bc0379fbfb3d804e59143b x86_64/krb5-workstation-1.3.4-6.x86_64.rpm a6abcfdeb10910b7b814391c720d2ae7 x86_64/debug/krb5-debuginfo-1.3.4-6.x86_64.rpm 1d720b00203ce00d4c75e3926ee618e4 x86_64/krb5-libs-1.3.4-6.i386.rpm 16d556d502f9d34729bcb166ec209ea8 i386/krb5-devel-1.3.4-6.i386.rpm 1d720b00203ce00d4c75e3926ee618e4 i386/krb5-libs-1.3.4-6.i386.rpm 4534128db2230d8e8f0b76a591e7f7a6 i386/krb5-server-1.3.4-6.i386.rpm c8f55dbadff7333fdb49b8f39173135b i386/krb5-workstation-1.3.4-6.i386.rpm 0092eed09687bf677aa0ed0c3980ec98 i386/debug/krb5-debuginfo-1.3.4-6.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-277.shtml Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0642 BugTraq ID: 11078 http://www.securityfocus.com/bid/11078 Bugtraq: 20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos) (Google Search) http://marc.info/?l=bugtraq&m=109508872524753&w=2 Cert/CC Advisory: TA04-247A http://www.us-cert.gov/cas/techalerts/TA04-247A.html CERT/CC vulnerability note: VU#795632 http://www.kb.cert.org/vuls/id/795632 Conectiva Linux advisory: CLA-2004:860 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860 Debian Security Information: DSA-543 (Google Search) http://www.debian.org/security/2004/dsa-543 http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10709 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4936 RedHat Security Advisories: RHSA-2004:350 http://rhn.redhat.com/errata/RHSA-2004-350.html http://www.trustix.net/errata/2004/0045/ XForce ISS Database: kerberos-kdc-double-free(17157) https://exchange.xforce.ibmcloud.com/vulnerabilities/17157 Common Vulnerability Exposure (CVE) ID: CVE-2004-0643 CERT/CC vulnerability note: VU#866472 http://www.kb.cert.org/vuls/id/866472 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10267 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3322 XForce ISS Database: kerberos-krb5rdcred-double-free(17159) https://exchange.xforce.ibmcloud.com/vulnerabilities/17159 Common Vulnerability Exposure (CVE) ID: CVE-2004-0772 CERT/CC vulnerability note: VU#350792 http://www.kb.cert.org/vuls/id/350792 http://www.mandriva.com/security/advisories?name=MDKSA-2004:088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661 XForce ISS Database: kerberos-krb524d-double-free(17158) https://exchange.xforce.ibmcloud.com/vulnerabilities/17158 Common Vulnerability Exposure (CVE) ID: CVE-2004-0644 BugTraq ID: 11079 http://www.securityfocus.com/bid/11079 CERT/CC vulnerability note: VU#550464 http://www.kb.cert.org/vuls/id/550464 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2139 XForce ISS Database: kerberos-asn1-library-dos(17160) https://exchange.xforce.ibmcloud.com/vulnerabilities/17160 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |