English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50569
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2004:088 (krb5)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to krb5
announced via advisory MDKSA-2004:088.

A double-free vulnerability exists in the MIT Kerberos 5's KDC program
that could potentially allow a remote attacker to execute arbitrary
code on the KDC host. As well, multiple double-free vulnerabilities
exist in the krb5 library code, which makes client programs and
application servers vulnerable. The MIT Kerberos 5 development team
believes that exploitation of these bugs would be difficult and no
known vulnerabilities are believed to exist. The vulnerability in
krb524d was discovered by Marc Horowitz
the other double-free
vulnerabilities were discovered by Will Fiveash and Nico Williams at
Sun.

Will Fiveash and Nico Williams also found another vulnerability in the
ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of
Service) attack causing an infinite loop in the decoder. The KDC is
vulnerable to this attack.

The MIT Kerberos 5 team has provided patches which have been applied
to the updated software to fix these issues. Mandrakesoft encourages
all users to upgrade immediately.

Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0772
http://www.kb.cert.org/vuls/id/550464
http://www.kb.cert.org/vuls/id/795632
http://www.kb.cert.org/vuls/id/866472
http://www.kb.cert.org/vuls/id/350792
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0642
BugTraq ID: 11078
http://www.securityfocus.com/bid/11078
Bugtraq: 20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos) (Google Search)
http://marc.info/?l=bugtraq&m=109508872524753&w=2
Cert/CC Advisory: TA04-247A
http://www.us-cert.gov/cas/techalerts/TA04-247A.html
CERT/CC vulnerability note: VU#795632
http://www.kb.cert.org/vuls/id/795632
Conectiva Linux advisory: CLA-2004:860
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860
Debian Security Information: DSA-543 (Google Search)
http://www.debian.org/security/2004/dsa-543
http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10709
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4936
RedHat Security Advisories: RHSA-2004:350
http://rhn.redhat.com/errata/RHSA-2004-350.html
http://www.trustix.net/errata/2004/0045/
XForce ISS Database: kerberos-kdc-double-free(17157)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17157
Common Vulnerability Exposure (CVE) ID: CVE-2004-0643
CERT/CC vulnerability note: VU#866472
http://www.kb.cert.org/vuls/id/866472
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10267
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3322
XForce ISS Database: kerberos-krb5rdcred-double-free(17159)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17159
Common Vulnerability Exposure (CVE) ID: CVE-2004-0644
BugTraq ID: 11079
http://www.securityfocus.com/bid/11079
CERT/CC vulnerability note: VU#550464
http://www.kb.cert.org/vuls/id/550464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2139
XForce ISS Database: kerberos-asn1-library-dos(17160)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17160
Common Vulnerability Exposure (CVE) ID: CVE-2004-0772
CERT/CC vulnerability note: VU#350792
http://www.kb.cert.org/vuls/id/350792
http://www.mandriva.com/security/advisories?name=MDKSA-2004:088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661
XForce ISS Database: kerberos-krb524d-double-free(17158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17158
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.