Test ID:	1.3.6.1.4.1.25623.1.0.55411
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2005-0036 (Multiple packages)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2005-0036. kerberos5: - Double-free in krb5_recvauth (CVE-2005-1689). Buffer overflow, Heap corruption in KDC (CVE-2005-1174) and (CVE-2005-1175) Fixed Bug# 1073 and 1075 kernel: - Fixed Race condition within system calls (CVE-2005-1768). Fix Bug #1065. Critical and major fixes has been done. php4: - New Upstream - Security Bug Fix release to 4.3.11, Fix Bug #1064 Vendor update for XML_RPC to fix remote code execution vulnerability. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0036 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1689 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html BugTraq ID: 14239 http://www.securityfocus.com/bid/14239 Bugtraq: 20050712 MITKRB5-SA-2005-003: double-free in krb5_recvauth (Google Search) http://marc.info/?l=bugtraq&m=112119974704542&w=2 CERT/CC vulnerability note: VU#623332 http://www.kb.cert.org/vuls/id/623332 Conectiva Linux advisory: CLA-2005:993 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000993 Debian Security Information: DSA-757 (Google Search) http://www.debian.org/security/2005/dsa-757 http://www.gentoo.org/security/en/glsa/glsa-200507-11.xml HPdes Security Advisory: HPSBUX02152 http://www.securityfocus.com/archive/1/446940/100/0/threaded HPdes Security Advisory: SSRT5973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9819 http://www.redhat.com/support/errata/RHSA-2005-562.html http://www.redhat.com/support/errata/RHSA-2005-567.html http://securitytracker.com/id?1014461 http://secunia.com/advisories/16041 http://secunia.com/advisories/17135 http://secunia.com/advisories/17899 http://secunia.com/advisories/22090 SGI Security Advisory: 20050703-01-U ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1 SuSE Security Announcement: SUSE-SR:2005:017 (Google Search) http://www.novell.com/linux/security/advisories/2005_17_sr.html http://www.trustix.org/errata/2005/0036 TurboLinux Advisory: TLSA-2005-78 http://www.turbolinux.com/security/2005/TLSA-2005-78.txt https://usn.ubuntu.com/224-1/ http://www.vupen.com/english/advisories/2005/1066 http://www.vupen.com/english/advisories/2006/3776 XForce ISS Database: kerberos-kdc-krb5recvauth-execute-code(21055) https://exchange.xforce.ibmcloud.com/vulnerabilities/21055 Common Vulnerability Exposure (CVE) ID: CVE-2005-1174 AIX APAR: IY85474 http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474 BugTraq ID: 14240 http://www.securityfocus.com/bid/14240 Bugtraq: 20050712 MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC (Google Search) http://marc.info/?l=bugtraq&m=112122123211974&w=2 CERT/CC vulnerability note: VU#259798 http://www.kb.cert.org/vuls/id/259798 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10229 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A397 http://securitytracker.com/id?1014460 http://secunia.com/advisories/20364 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1 http://www.vupen.com/english/advisories/2006/2074 XForce ISS Database: kerberos-kdc-krb5-tcp-connection-dos(21327) https://exchange.xforce.ibmcloud.com/vulnerabilities/21327 Common Vulnerability Exposure (CVE) ID: CVE-2005-1175 BugTraq ID: 14236 http://www.securityfocus.com/bid/14236 CERT/CC vulnerability note: VU#885830 http://www.kb.cert.org/vuls/id/885830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A736 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9902 XForce ISS Database: kerberos-kdc-krb5-udp-tcp-bo(21328) https://exchange.xforce.ibmcloud.com/vulnerabilities/21328 Common Vulnerability Exposure (CVE) ID: CVE-2005-1768 1014442 http://securitytracker.com/id?1014442 14205 http://www.securityfocus.com/bid/14205 15980 http://secunia.com/advisories/15980 17002 http://secunia.com/advisories/17002 18059 http://secunia.com/advisories/18059 19185 http://secunia.com/advisories/19185 19607 http://secunia.com/advisories/19607 20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) http://marc.info/?l=bugtraq&m=112110120216116&w=2 20060402-01-U ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U ADV-2005-1878 http://www.vupen.com/english/advisories/2005/1878 DSA-921 http://www.debian.org/security/2005/dsa-921 RHSA-2005:551 http://www.redhat.com/support/errata/RHSA-2005-551.html RHSA-2005:663 http://www.redhat.com/support/errata/RHSA-2005-663.html SUSE-SA:2005:044 http://www.novell.com/linux/security/advisories/2005_44_kernel.html http://www.suresec.org/advisories/adv4.pdf oval:org.mitre.oval:def:11117 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11117
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.